Europe’s (virtual) soft underbelly
27.09.2007 | Tunne Kelam | English news
MEPs discuss security and technology
Tunne Kelam
Estonia is a country with an electronic identity. Practically every possible service has also an alternative in the virtual world. Some 97% of bank transactions are carried out on-line. What happens when this virtual world is suddenly nearly paralysed?
Estonians experienced this in April and May, when their country became the target of a large scale cyber attack.
There seems to be a clear political connection between the riots of 26-27 April in Tallinn organised by Russian extremist youth groups (several of whom had entered the country from Russia) and the start of the on-line attacks that has been called the first cyber war.
The riots started in the night of 26 April. The next day, the first websites calling for the launching of attacks against Estonia appeared. Massive cyber attacks against many key government websites and several information and media infrastructures were carried out, some of which had to shut down temporarily. During these attacks, the volume of cyber traffic from outside Estonia targeting government institutions and Estonian news portals exceeded the normal rate by several hundred times. In addition, the website of Prime Minister Andrus Ansip's Reform Party was defaced.
Companies, banks and even schools were also targeted and the websites of some other political parties were defaced - for instance, fake apologies for the actions of Estonian police and vulgar political slogans in the Russian language were added. The usual method was to congest the target server's network with meaningless data from a single point of origin. Attackers used large networks of remotely controlled malware-infected computers to amplify the impact. Many Estonian news portals went off-line for a period of time, especially during the initial phase of the attacks. The comment sections of these portals were heavily bombarded by spam networks.
On 10 May, a massive attack targeted Hansapank - the biggest Estonian bank. The bank suffered a temporary loss of on-line services. In addition, Hansapank services became partially unavailable outside Estonia. On 15 May there were similar attacks conducted against SEB Eesti Ühispank - the second biggest bank. Blocking of bank websites proved to be the most effective way to hamper the everyday routine of tens of thousands of people.
Discussion is continuing on identifying the perpetrators. However, all the evidence points to well-co-ordinated, well-equipped and politically motivated activities based on impressive organisational capacities. The stage was set during the last days of April by multiple calls on Russian websites and by the massive sending of emails, most with Russian addresses, to carry out cyber attacks in Estonia. An emotional debate was conducted about how to fund the renting of servers and botnets. At the beginning of May, detailed instructions, timetables and orders to conduct the attacks were disseminated. This led to an avalanche of attacks from all over the world. During the following days the attacks became more and more organised and co-ordinated. On some peak days, it was estimated that up to one million computers had been involved.
The whole period of cyber attacks was accompanied by dramatic political and economic moves from the Russian side. The Duma delegation which came to Estonia at the beginning of May on a fact-finding mission issued an unprecedented call for the resignation of the Estonian government (which had been in office for only a few weeks following the March parliamentary elections). Indirect economic sanctions included the closure to "heavy vehicles" of the vital border bridge over the Narva River and the disruption of rail transit traffic by the sudden onset of "railway repairs". Calls via the internet to mobilise Russian-speaking young men in Estonia and elsewhere to take up arms and fight for "justice" can be seen as direct incitement to terrorist attacks. Fortunately these calls failed to find followers.
One can conclude that Estonia became a test case for future technological warfare. Considering the scale of the cyber attacks and the way they were organised, new phrases - "cyber-terrorism" and "cyber warfare" - were coined. It was important and positive that both Nato and EU institutions immediately recognised the significance and future risks of cyber attack. Unfortunately they still lack proper defences against this kind of attack. In cyberspace, international terrorism, organised crime and state-sponsored activities all easily overlap. Therefore, the challenge illustrated by the example of Estonia serves as an urgent wake-up call for a comprehensive and co-ordinated international approach to this question.
----------
Estonian centre-right MEP Tunne Kelam is a member of Parliament's subcommittee on security and defence.
© Copyright 2007 The Economist Newspaper Limited. All rights reserved.
Source: European Voice
