The distributed denial of service (DDoS) attacks on Estonia in 2007 have gone down in history as one of the largest coordinated cyberattacks. By the end of the waves of DDoS attacks, which lasted for several days, many Estonian banks, news agencies, and government websites had been hacked and defaced. Commerce slowed almost to a standstill for several hours as financial institutions found their servers overwhelmed by requests generated by the botnets behind the attacks. Five years later, the origin and motivation behind the cyberattacks is yet unclear. In hindsight, the Estonian cyberattacks appear to be a turning point in the development of cyberweaponry—and in the progression of cyberwarfare itself.
The incident that sparked the Estonian cyberattacks would otherwise have gone unremarked upon—a brief footnote, if anything at all in the annals of history. The Estonian government was considering the relocation of a Soviet World War II memorial known as the Bronze Soldier of Tallinn from its original place to the Tallinn Military Cemetery. The decision proved to be a flashpoint for Estonian citizens, with tensions running high between ethnic Estonians and Russian-speaking immigrants to Estonia in the aftermath of World War II. In addition, Russian-Estonian relations became strained as protests and counterprotests regarding the decision became more numerous.
The architecture of the attacks was not especially sophisticated—distributed denial of service attacks follow generally the same lines. In the case of the Estonian cyberattacks, the majority of DDoS attacks were ping floods, in which hackers with access to a botnet use computers in the botnet to “ping” a site’s servers. In normal interactions, pinging a server allows a computer to determine if a host on a particular network is reachable. A device sends Internet Control Message Protocol (ICMP) echo request packets to the server and waits for the server to reply with its own packets. Pinging can turn a routine process into a relatively simple, yet effective cyberattack by flooding a server with echo request packets without waiting for replies. As the volume of packets overwhelms the site’s ability to reply, loading time for pages slows dramatically, sometimes taking the entire site offline.
In Estonia, the targets of the DDoS attacks were both government agencies and private Estonian companies. In order to maintain some functionality, the government resorted to blocking requests from IP addresses outside of Estonia for several days. Many financial institutions and news agencies coped with offline servers for several hours until the attacks ceased. In terms of economic damage, the 2007 cyberattacks had only a minimal impact on the Estonian economy, but were thought by some to be a clear attempt at intimidating Estonia or retaliating for the statue’s relocation. Without clear attribution, the political implications of the attacks remained unclear.
In the days following the attacks, Estonian officials attempted to identify their source, to little avail. Some evidence suggested that the attacks were Russian in origin (an assertion later shown to be correct), but it was unclear whether the Russian government had played a role in the skirmish—a rather sinister possibility—or if the attacks were simply the work of patriotic Russian hackers. It wasn’t until almost two years later that Sergei Markov, a deputy of the Russian State Duma, identified the perpetrators of the attacks as members of the Nashi youth group, a state-affiliated organization. Members of Nashi claim that the attacks were carried out without the assistance of either Nashi or the state, although the validity of those claims is difficult to verify.
The importance of these cyberattacks lies not in their size or scope, but rather in the precedent they created for future cyber conflicts. “[The use of cyberattacks] is a political tool…It has become a proven political weapon as a way of intimidating your enemy – silencing them, and potentially controlling their infrastructure. Striking an enemy’s ability to communicate with the outside world is a very valuable use of a weapon at the early stages of war,” Jose Nazario, a security researcher at Arbor Networks told SC Magazine.
While previous cyberattacks focused on compromising the networks of government agencies and government contractors, the Estonia attacks made clear that cyberwarfare can strike civilian targets with equal, if not greater, ease that it can political ones. Whether or not cyberweaponry will bring us closer to the prospect of total war remains to be seen, but it is clear that the impact of such a conflict would extend far beyond the traditional boundaries of combatants into the sphere of civilian life.