Estonia: Ground Zero for World's First Cyber War?

Authorities Believe the Country Was the Target of a Cyberattack

By TOMEK ROLSKI

May 17, 2007 —

The legacy of World War II continues to haunt Europe and may have just started a new confrontation -- this one befitting the digital age. Computers in the entire nation of Estonia have been virtually shutdown, and the Estonians blame Russia.

Estonia, a country of only a million and a half citizens situated in Europe's far north between Finland and Russia, has undergone nearly three weeks of cyberattack and the country is accusing Russia for being behind it.

Russia and Estonia have a long and complicated history. In 1940, when the Soviet Union occupied Estonia under the Ribbentropp-Molotov treaty, Nazi Germany and its then-ally the Soviet Union were expected to carve up this part of Europe between them. After the war, the Soviet Union reoccupied Estonia until the breakup of the Soviet Union in 1991.

On April 27 the Estonians decided to relocate a monument to Soviet soldiers from the center of the capital city of Tallinn. For Russians this was sacrilege. Russian children have been taught that Soviet troops went into Estonia as liberators. For Estonians, however, this was the removal of a symbol of over 50 years of Soviet oppression.

Years of Soviet occupation left a sizeable Russian-speaking minority in Estonia. The day the Soviet memorial was to be relocated to a military cemetery, many Russians came out in its defense. Riots left 160 people injured, one youth dead, and the city center pillaged.

All of a sudden, also on that day, many Estonians found out that they could not access their Internet or read their mail. For nearly three weeks the life of the country had been disrupted. The entire state administration was paralyzed, banks came to a standstill and companies had to freeze their operations.

It didn't take long for the problem to be diagnosed as a cyberattack by another country or a very well organized entity.

While no one at this stage will point blaming fingers at any one country, Estonians have little doubt that it's Russia taking revenge. Immediately after the incident with the monument, Russian politicians were calling for an economic blockade of Estonia. The Estonian embassy in Moscow was attacked and Russian police turned a blind eye to violent protesters.

This is the first known incident of an entire country being subjected to a cyberattack. Both NATO and the European Union see this as an attack on one of their member states, and NATO rushed in its IT specialists to solve and analyze the problem. Three hundred top Estonian IT specialists worked day and night with little sleep to study this unprecedented attack.

According to officials, the situation is now under control, with the last reported attack occurring on Wednesday, May 16. There are now millions of server logs and data to analyze to figure out what happened and how. Only then will there be a clear idea of where the attacks originated and who orchestrated them. The results are expected at the end of May.

Estonians treat this as a matter of national security and both the presidential administration and the Foreign Ministry are directing all calls to the Ministry of Defense.

However, one person at the presidential administration said that the attacks were originating not only from civilian servers but also from servers belonging to the Russian government.

And according to a statement in The Associated Press, Estonia's defense minister said there is a "possibility" of Russian government involvement in cyberattacks against Estonian Web sites.

Mihkel Tammet, head of IT at Estonia's Ministry of Defense and head of the emergency committee dealing with the cyberattack, said, "The first attacks came on the night of April 27." This is the same day as rioting broke out in Tallinn over the moving of the Soviet war monument. He said that numerous anti-Estonian propaganda sites and emails supplemented the attack.

According to Tammet, it was a well-organized action and he emphasized the fact that "There was a sudden spike in Russian propaganda on the Web." For example, hackers posted a fabricated apology by Prime Minister Andrus Ansip for the relocation of the Soviet monument on the Web site of the ruling Reform Party. Tammet told ABC News, "Russian language domains in Estonia were sending out and receiving instructions on how to conduct further disruption."

He would only speculate on where the attacks could have been orchestrated, but as a government official he would not directly blame anyone until his commission ended its thorough analysis of server logs. He said that there is still a lot of work to be done.

Tammet and NATO experts, who have just left Estonia, have no doubt that this was the first such cyberattack in history, which needs meticulous attention because of its unprecedented nature.

A NATO officer currently working with the Estonian emergency committee in Tallinn and who asked that he remain anonymous due to the sensitivity of the operation, told ABC News: "You cannot underestimate the signifcance of this attack, also in military terms. For the first time we are dealing with a real cyberattack with real consequences to a country and its people. We are here to study this and draw conclusions for all NATO member states and the organization as a military alliance. For now I don't care who carried this out. What I care about is that we find ways to protect ourselves in the future."

Lilia Shevtsova, an analyst with the Carnegie Endowment, told ABC News, "Theoretically it's quite possible that the Russian authorities are behind this. They certainly have the know-how to do this and it fits right into the anti-Estonian campaign unleashed recently."

She added, "If it's being done by the special services there is no way they could be doing this without the knowledge of the highest authorities. So, yes, it is theoretically possible, but it's only a possibility."

Shevtsova believes, however, that "it's also possible that it's an action organized by Russian hackers angry at the Estonians. They could have gotten together to organize such an attack."

The entire Estonian administration was paralyzed for a several days. Financial losses are difficult to estimate, but, since Estonia relies so much on computer technology, practically each of its 1.5 million citizens suffered some measurable loss.

According to Tammet, the country needed to carry out an emergency purchase of additional expensive equipment to help deal with the problem. There were still some serious attacks, particularly on banks, on Monday and Tuesday.

The Russian press is also reporting these attacks, but is often doing so in a somewhat sarcastic tone. Kommersant, a major nationwide newspaper, carries a headline, "Russia's Hackers Don't Lead Worldwide," in which it reports, "Residents of the U.S.A. are the most aggressive hackers in the world and in the second half of last year they launched one third of all attacks." According to Kommersant, China is second with 10 percent of all cyberattacks, followed by Germany with 7 percent. The paper also reports, "In Estonian economy IT plays the same role as gas and oil in the Russian economy."

Moskovskye Novosti, a local Moscow newspaper, points out that by 2008 NATO will have a fully operational cyber defense center and it will be located in Estonia.

One news Web site mockingly writes that a country proud of its achievements in IT, homeland of Skype and home country of many Microsoft engineers, cannot cope with some hackers and immediately calls on NATO for help.

Estonia has been a continual success story since the collapse of the Soviet Union in 1991. It is a member of the European Union and NATO and its annual growth has been soaring. Most impressively, however, Estonia has managed to become one of the most computerized societies in Europe. Its administration has limited paperwork to the minimum and nearly all its citizens go about their daily business online.

The capital city of Tallinn is nearly completely Wi-Fi covered. Tallinn cafes are full of men and women sipping coffee and working their laptops. Many don't have a need for offices -- they can get online anywhere.