The Estonia cyberwar: One year later
One security researcher offers his take on the DDoS attacks that crippled Estonia in May of 2007.
One year ago, the Estonian government moved a war memorial honoring Russian-Estonians who died fighting the Nazis, a move that may have triggered what some believe is the first instance of a sustained, international cyberwar.
Now, Gadi Evron, a former Israeli Government CERT manager who was in Estonia at the time of the attacks, has revisited the events with an article in the Georgetown Journal of International Affairs and reprinted here online (PDF).
Evron said what could be described as a "flash mob" created the disturbances in the Estonian Internet during May 2007. "Not only did the cyber riot start almost simultaneously with the actual riots, fresh posts in the Russian-language blogosphere continuously appeared with new targets and instructions. These details suggest that the cyberattackers reacted to Estonian defenses," he wrote.
On the subject of who was orchestrating the events, Evron doesn't blame Russia, but he doesn't shy away from mentioning the country either. He writes: "Once bloggers started reporting their small-scale attacks, more experienced players became involved. Before long, botnets were being used. The involvement of the Russian government in the affair cannot be confirmed. What raised speculation, however, is the failure--or unwillingness--of the Russian authorities to stop the cyber riot against Estonia for over three weeks after the initial attack."
The events in Estonia began on April 27, 2007, when Estonian officials relocated the Bronze Soldier, a Soviet-era war memorial, to a park outside the nation's capital. The decision provoked rioting by ethnic Russians, who took to the streets of the capital, Tallinn, in protest. The pro-Russia protesters blockaded the Estonian Embassy in Moscow. And in a rather unique way, a few even took their ire to the Internet.
Evron previously recounted his experience at last summer's Black Hat security conference in Las Vegas.
Not everyone is buying Evron's account. Viktor Larionov, posting on Bugtraq from Tallinn, Estonia, takes issue with Evron's story, not just the political but the technical side of it, calling it one big bluff. "In general," Larionov writes, "a lot of IT experts around here are concerned that no 'cyberwar' has never happened (and) maybe 10 to 20 DDoS attacks which took place" simply caught some sleeping admins off-duty. He adds, "Tell me, how many attacks or...attack attempts does your corporate network suffer during the day?"