2007 cyberattacks on Estonia

From Wikipedia, the free encyclopedia

Cyberattacks on Estonia (also known as the Estonian Cyberwar) refers to a series of cyber attacks that began April 27, 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about relocation of a Soviet-era memorial to fallen soldiers, as well as war graves in Tallinn.[1] Most of the attacks that had any influence on general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred.[2]

Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain. [3]

Estonian Foreign Minister Urmas Paet immediately accused the Kremlin of direct involvement in the cyberattacks[4]. On September 6, 2007 Estonia's defense minister admitted he had no evidence linking cyber attacks to Russian authorities. "Of course, at the moment, I cannot state for certain that the cyber attacks were managed by the Kremlin, or other Russian government agencies," Jaak Aaviksoo said in interview on Estonian's Kanal 2 TV channel. Aaviksoo compared the cyber attacks with the blockade of Estonia's Embassy in Moscow. "Again, it is not possible to say without doubt that orders (for the blockade) came from the Kremlin, or that, indeed, a wish was expressed for such a thing there," said Aaviksoo. Russia called accusations of its involvement "unfounded," and neither NATO nor European Commission experts were able to find any proof of official Russian government participation.[5] Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok believes that the attacks against Estonia had not violated any international agreements because such, simply do not exist. [6]

As of January 2008, one person has been charged and convicted.

Contents

[edit] Legalities

On May 2, 2007, a criminal investigation was opened into the attacks under a section of the Estonian Penal Code criminalising computer sabotage and interference with the working of a computer network, felonies punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on May 10, 2007, Estonian Public Prosecutor's Office made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty existing between Estonia and Russia. A Russian State Duma delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available.[7] On June 28, Russian Supreme Procurature refused assistance,[7] claiming that the proposed investigative processes are not covered by the applicable MLAT.[8] Piret Seeman, the Estonian Public Prosecutor's Office's PR officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT. [8]

On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the assault. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party.[2][9]

[edit] Opinions of experts

According to Linnar Viik, an Estonian Internet guru, particular mission-critical computers, for example the telephone exchanges, were targeted.[citation needed] Although the computer crackers behind the cyberwarfare have not been unveiled, some believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company. [3]

Also a well known Russian hacker Sp0Raw believes that the most efficient online attacks on Estonia could not have been carried out without a blessing of the Russian authorities and that the hackers apparently acted under "recommendations" from parties in higher positions. [10] [11] At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks [12] "empty words, not supported by technical data". [11]

Mike Witt, deputy director of the United States Computer Emergency Readiness Team believes that the attacks were DDoS attacks. The attackers used botnets - global networks of compromised computers, often owned by careless individuals. Some of these could be located in the United States. The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale, Witt said. He thinks that the United States would be able to defend itself easily against attacks on a similar scale. [13]

Professor James Hendler, former chief scientist at The Pentagon's Defense Advanced Research Projects Agency characterised the attacks as "more like a cyber riot than a military attack."[13]

"We don't have directly visible info about sources so we can't confirm or deny that the attacks are coming from the Russian government," Jose Nazario, software and security engineer at Arbor Networks, told internetnews.com. [14] Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in attack.

Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid, chief security officer for Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue". [15]

[edit] Claiming responsibility for the attacks

The Commissar of the Nashi pro-Kremlin youth movement in Moldova and Transnistria, Konstantin Goloskokov (Goloskov in some sources [16]), admitted organizing cyberattacks against Estonian government sites. [10] Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh. [11]

Like most countries, Estonia does not recognise Transnistria, a secessionist region of Moldova. As an unrecognised nation, Transnistria does not belong to Interpol[17]. Accordingly, no Mutual Legal Assistance Treaty applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic.

[edit] Influence on international military doctrines

The attacks triggered a number of military organisations around the world to reconsider the importance of network security to modern military doctrine. On June 14, 2007, defence ministers of NATO members held a meeting in Brussels, issuing a joint communiqué promising immediate action. First public results are estimated to arrive by autumn 2007.[18]

On June 25, 2007, Estonian president Toomas Hendrik Ilves met with the president of USA, George W. Bush.[19] Among the topics discussed were the attacks on Estonian infrastructure. [20] As to the placement of a newly planned NATO Cooperative Cyber Defence Centre of Excellence (CCD COE), Bush proclaimed the policy of USA as supporting Estonia as this centre's location.[21]

[edit] References

  1. ^ The Guardian May 17, 2007: Russia accused of unleashing cyberwar to disable Estonia by Ian Traynor
  2. ^ a b "Estonia fines man for 'cyber war'", BBC, 2008-01-25. Retrieved on 2008-02-23. 
  3. ^ a b The Economist May 24, 2007: Cyberwarfare is becoming scarier
  4. ^ Estonia accuses Russia of 'cyberattack'
  5. ^ Estonia has no evidence of Kremlin involvement in cyber attacks
  6. ^ Руководитель российского Центра военного прогнозирования полковник Анатолий Цыганок считает, что кибератаки против Эстонии не нарушали никаких международных договоренностей, потому что таковых просто нет. "Эти атаки были вполне успешными, и сегодня альянсу нечего противопоставить российским виртуальным атакам, - заявил Цыганок в интервью «Газете». - В принципе потери вооружений НАТО могут быть огромными, если в результате таких атак вывести из строя компьютерное военное управление».
  7. ^ a b Postimees July 6, 2007: Venemaa jätab Eesti küberrünnakute uurimisel õigusabita
  8. ^ a b Eesti Päevaleht July 6, 2007: Venemaa keeldus koostööst küberrünnakute uurimisel
  9. ^ Leyden, John (2008-01-24), “Estonia fines man for DDoS attacks”, The Register, <http://www.theregister.co.uk/2008/01/24/estonian_ddos_fine>. Retrieved on 22 February 2008 
  10. ^ a b Swiss Baltic Chamber of Commerce in Lithuania/Baltic News Service June 2, 2007: Commissar of Nashi says he waged cyber attack on Estonian government sites
  11. ^ a b c (Russian) Электронная бомба. Кто стоит за кибервойной России с Эстонией
  12. ^ Times Online: Urmas Paet, the Estonian Foreign Minister, accused the Kremlin of direct involvement
  13. ^ a b United Press International: Analysis: Who cyber smacked Estonia?
  14. ^ Internetnews.com: Estonia Under Russian Cyber Attack?
  15. ^ Experts doubt Russian government launched DDoS attacks, by Bill Brenner, 18 May 2007. SearchSecurity.com
  16. ^ Monument dispute with Estonia gets dirty
  17. ^ Tiraspol Times June 9, 2007: Ministry of Internal Affairs lists PMR's 10 most wanted
  18. ^ Eesti Päevaleht June 15, 2007: NATO andis rohelise tule Eesti küberkaitse kavale by Ahto Lobjakas
  19. ^ White House May 4, 2007: President Bush to Welcome President Toomas Ilves of Estonia
  20. ^ Yahoo/AFP June 25, 2007: Bush, Ilves eye tougher tack on cybercrime
  21. ^ Eesti Päevaleht June 28, 2007: USA toetab Eesti küberkaitsekeskust by Krister Paris

[edit] External links

Languages