MOSCOW - After Estonia relocated a Soviet war memorial out of downtown Tallinn last month, furious Russians rioted in the Estonian capital, tried to attack Estonia’s ambassador in Moscow, and hastily engineered de facto economic sanctions against the tiny Baltic nation.
But the salvo from the Russian side that has most worried Estonians is a carefully crafted, three-week cyber attack on Estonian government, bank and media Web sites that has wreaked havoc in a country heavily dependent on the Internet for everything from banking and voting to paying taxes.
The onslaught of “denial-of-service” attacks, many of which have originated from Russian computers, has raised questions about whether such attacks will become a tactic in future political conflicts.
Because Estonia is a NATO country, experts from the Western military alliance have been dispatched to Tallinn to help track down the source of the attacks. But NATO defense ministers have also put cyber-security on their agendas when they meet in Brussels next month.
Though statistics on cyber attacks against countries are hard to come by, Mihkel Tammet, information technology chief for the Estonian Defense Ministry, said he believes “this is the first time a sovereign country has been targeted by cyber attackers. We must find out who ... were the organizers.”
U.S. Deputy Secretary of State John Negroponte said the cyber attacks in Estonia should prompt countries to shore up defenses against hackers and cyber-terrorists. “We need to prepare ourselves, because this is likely only to become more of an issue in the future,” Negroponte told Britain’s Financial Times newspaper earlier this month.
Several Estonian leaders, including Prime Minister Andrus Ansip, believe they know who was behind the Estonia attacks. Ansip has accused the Russian government of spearheading the cyber campaign, pointing out that some of the attacks were traced to Russian government computers.
Hackers routinely use Internet-connected computers as a conduit for attacks without the owner’s knowledge. And up until now, Estonian officials have yet to provide any proof that the Russian government instigated the attacks.
The Russian Foreign Ministry would not comment on Estonia’s allegations, though other Russian officials have flatly denied any governmental involvement in the attacks.
Tammet said it remains unclear who orchestrated the attacks, but he contends that the Russian government “gave safe haven to attackers in Russia, and this is not acceptable.
“We asked Russian authorities to shut down Web sites urging the attacks, or at least block access to them,” Tammet said. “But we saw no action.”
The catalyst for the attacks was Estonia’s decision to relocate what Russians call the “Bronze Soldier,” a Soviet era monument to the Red Army soldiers who fought Nazi Germany. Despite vehement objections from Russian officials and pro-Kremlin youth groups, Estonia went ahead with plans to move the statue from its location in central Tallinn to a military cemetery near the city’s outskirts.
Russians considered the removal of the statue a grievous affront to the 10.6 million Soviet soldiers who fought and died during World War II. For Estonians, however, the monument stood as a reminder of Soviet occupation of their country from 1940 until the Soviet Union’s collapse in 1991.
Russian reaction to the statue’s removal was fierce and calculated. A pro-Kremlin youth group called Nashi (Ours) sent members to Tallinn to demonstrate. One Russian died in the riots and several hundred protesters were arrested. In Moscow, Nashi demonstrators charged at Estonia’s ambassador in Russia, Marina Kaljurand, during a news conference. Kaljurand’s bodyguards used pepper spray to fend off the attack.
The Russian government did not openly declare sanctions, but by early May it became clear that a series of measures amounted to an economic blockade.
Freight rail from Russia to Estonia dropped by half, a decrease Russian railway officials blamed on track and bridge repairs. Russia-to-Estonia passenger rail service was cut. Large trucks from Russia were banned from entering Estonia, Russian officials announced, because the bridge over the Narva River was deemed too dangerous.
While the riots and blockades did their damage, Estonian authorities were taken aback by the intensity and organization of the cyber attacks.
They believe at least a million computers were used to deliver denial-of-service attacks, which flood a Web server with so many queries that it becomes unusable. The attacks came in waves: the first after the statue’s removal in late April, the second on Russia’s May 9 Victory Day holiday commemorating the defeat of Nazi Germany and another attack the following day. “It went like a forest fire,” said Hillar Aarelaid, head of a government agency responsible for preventing hacker attacks.
Russian Web forums posted explicit instructions on how to overload Estonian Web sites. “Let Estonia know that Russia will never leave its compatriots in trouble,” urged one Russian site. “Take revenge at these Estonian government addresses.”
The attacks shut down the Web sites of Estonia’s two largest banks, preventing customers from accessing their accounts online, said Silver Vohu, a spokesman for Estonia’s Eesti Uhispank. Web sites of government ministries, newspapers, television channels and political parties also were hit. Estonia eventually minimized the damage by severely restricting access to government Web sites by non-Estonian computers.
Estonian authorities believe they will eventually find out who organized the attacks. Though with only eight computer specialists poring over 10,000 gigabytes of data, Tammet said the digging is expected to take several months.
“We’re all learning from these attacks,” Tammet said. “I think Estonia will find itself in books because of this. It’s a very important milestone for the EU community, and for the cyber defense community.”