It's no surprise that US and UK computers are the target of numerous cyberattacks. But Estonia? Who would have figured? Yet, The Washington Post reports, the heavily wired Baltic country "has been subject in recent weeks to massive and coordinated cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers and news organizations."
Who's doing it? Estonian computer security specialists say the attacks originate in Russia, which is angry over Estonia's recent relocation of a Soviet war memorial. Russian officials deny it.
"There are strong indications of Russian state involvement," said Silver Meikar, a member of Parliament in the governing coalition who follows information technology issues in Estonia. "I can say that based on a wide range of conversations with people in the security agencies."
The attacks on Estonia may be one of the few real-world case studies of how massive cyberattacks could be used to disable a country.
"These attacks were massive, well targeted and well organized," Jaak Aaviksoo, Estonia's minister of defense, said in an interview. They can't be viewed, he said, "as the spontaneous response of public discontent worldwide with the actions of the Estonian authorities" concerning the memorial. "Rather, we have to speak of organized attacks on basic modern infrastructures."
The attacks began on April 27, a Friday, within hours of the war memorial's relocation. Estonian officials say that instructions were posted on Russian-language Internet forums on how to launch distributed denial of service attacks on government computers.
The Web sites of the Estonian president, the prime minister, Parliament and government ministries were quickly swamped with traffic, shutting them down. Hackers defaced other sites, putting, for instance, a Hitler mustache on the picture of Prime Minister Andrus Ansip on his political party's Web site.
The assault continued through the weekend. "It was like an Internet riot," said Hillar Aarelaid, a lead specialist on Estonia's Computer Emergency Response Team, which headed the government's defense.
After Estonia blocked all .ru domains, a botnet attack was launched. When bots were turned loose on Estonia, roughly 1 million unwitting computers worldwide were employed. Officials said they traced bots to countries as dissimilar as the United States, China, Vietnam, Egypt and Peru, the Post says.
By May 1, Estonian ISPs were under sustained attack. Customers were disconnected for 20 seconds for a network reboot.
On May 9, the day Russia celebrates victory in World War II, a new wave of attacks began at midnight Moscow time.
"It was the Big Bang," Aarelaid said. By his account, 4 million packets of data per second, every second for 24 hours, bombarded a host of targets that day. "Everyone from 10-year-old boys to very experienced professionals was attacking," he said. "It was like a forest fire. It kept spreading."
By May 10, bots were probing for weaknesses in Estonian banks. They forced Estonia's largest bank to shut down online services for all customers for an hour and a half. Online banking remains closed to all customers outside the Baltic States and Scandinavia, according to Jaan Priisalu, head of the IT risk management group at Hansabank, a major Baltic bank.
Linnar Viik, a government IT consultant, said: "This is something that will be very deeply analyzed, because it's a new level of risk. In the 21st century, the understanding of a state is no longer only its territory and its airspace, but it's also its electronic infrastructure."
"This is not some virtual world," Viik added. "This is part of our independence. And these attacks were an attempt to take one country back to the cave, back to the Stone Age."