Estonia's cyberattacks: Lessons learned, a year on

Summary:The concerted denial-of-service attempts against Estonia's critical national infrastructure have been a wake-up call for governments around the world

The idea that attacks on computer systems could provide an alternative method of spreading terror and disruption has been a concern for governments since IT systems began to proliferate.

But it wasn't until Estonia suffered a series of concerted attacks in April 2007 that theory became reality. The movement of the Bronze Soldier, a Soviet-era war memorial commemorating unknown Russian soldiers who died fighting the Nazis, from a square in the capital Tallinn to a military cemetery, has been traced as the main flashpoint for the attacks.

Protests and riots involving ethnic Russians living in the country were the immediate result, but what no-one foresaw was the subsequent series of attacks aimed at computer systems managing the country's critical national infrastructure.

Incursions into Estonian government systems began on 27 April, 2007, with denial-of-service attacks and the defacing of government websites. Between 30 April and 3 May, there was a "gathering of botnets like a gathering of armies", according to Mihkel Tammet, the director of ICT for the Estonian Ministry of Defence. These botnets were used to launch attacks against the routers of ISPs hosting Estonian government sites, and their DNS (domain name system) servers, in an attempt to disable email.

The main attack phase saw distributed denial-of-service (DDoS) attacks against the two main banks in Estonia, Hansabank and SEB Eesti Ühispank. According to Tammet, Estonia "is 97 percent dependent on internet banking". The attacks peaked on 10 and 15 May, when some bank terminals were also out of order and foreign money transfers knocked out. Government systems were also attacked on 15 May. Three weeks later, the attacks came to an abrupt end.

According to Heli Tiirmaa-Klaar of the policy-planning department for the Estonian Ministry of Defence, the attacks against Estonia owed at least some of their success to the fact they came out of the blue. "The Estonian case was very unexpected, against selected targets: this is something most countries are not prepared for — attacks against civilian, soft targets," says Tiirmaa-Klaar.

Global impact
The impact of the attacks against Estonia has not been restricted to the country's borders; the attacks have had ramifications for governments around the world, according to IT security experts. The biggest effect on foreign governments and businesses is to have "made them all jittery", according to security expert Dr Richard Clayton of the University of Cambridge.

The US certainly seems to have taken some of the lessons from Estonia to heart. Earlier this month US Homeland Security Secretary Michael Chertoff outlined US plans for a cyber "Manhattan Project" to echo the development of nuclear weapons during the Second World War, partly as a response to the attacks on Estonia.

Chertoff believes the US government needs to work with the private sector to improve the strength of its systems. "Estonian government websites that usually received 1,000 visits a day were inundated with 2,000 visits a second," he says. "This attack went beyond simple mischief. It represented an actual threat to the national security and the ability of the Estonian government to govern its country. We face in the 21st century a very difficult problem: a single individual, a small group of people and certainly a nation state can potentially exact the kind of damage or disruption that in years past only came when you dropped bombs or set off explosives."

Chertoff adds that the "thousands of entry points into federal civilian domains", plus the "uneven" way federal agencies protect their assets and the slow response to intrusions into US government networks means there are constraints as to how efficiently the US government could deal with a cyberattack.

As well as the possibility of attack on federal systems, US security experts are convinced that many private-sector businesses are being probed by foreign powers. Alan Paller, director of research for the Sans Institute, says companies...

Topics: Security


Tom is a technology reporter for, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.