How was one country shut down by an Internet attack?
In spring 2007, Estonia's banks and newspapers were shut down by an organized wide-scale cyber-attack using 'botnets. WIRED writer Josh Davis heads to the site of the attack to find out what happened, who did it, and what the heck a "botnet" is.
Russian Group's Claims Reopen Debate On Estonian Cyberattacks
Members of the Nashi youth group led anti-Estonian demonstrations in May 2007. Did they also lead the cyberattacks on the country?
March 30, 2009
By Chloe Arnold / Radio Free Europe
MOSCOW -- For nearly three weeks in the spring of 2007, Estonia was struck by a wave of sophisticated cyberattacks targeting the websites of the country's parliament, banks, newspapers, and government ministries.
At times little more than a nuisance, at their worst the attacks effectively paralyzed life in Estonia, which has one of the highest levels of Internet penetration in Eastern and Central Europe and prides itself on its "paper-free" economy.
The attacks were clearly aimed at destroying the Baltic country's "Internet backbone," says Peeter Marvet, a leading Estonian information-technology expert.
Marvet notes that the web server of one of Estonia's biggest banks was down for about a half-hour, and that in a country where "most day-to-day banking is done over the Internet," so much downtime "is a serious matter, especially considering that banks are among the best-protected [online] operations."
The Estonia cyberwar set the global community on alert, with NATO promising help in protecting its member state from a new and little-understood threat.
Estonian officials, who for weeks had been embroiled in a bitter diplomatic dispute with Moscow in the aftermath of the removal of a Soviet-era monument, were quick to blame the Kremlin for the attacks -- a claim the Russians denied.
The 2007 case, which remained unresolved, took a surprise turn this month when Sergei Markov, a State Duma deputy from the pro-Kremlin Unified Russia party, unexpectedly announced at a roundtable discussion on information warfare that it was his assistant who had carried out the attacks.
James Lewis, a technology and public-policy expert with the Center for Strategic and International Studies (CSIS) in Washington, was among those participating in the discussion. He describes Markov's unprovoked remark as "completely unbelievable" and says the claim left the room temporarily speechless.
Sergei Markov made the inital claim of responsibility at a conference on security.
"I think everyone chuckled in disbelief and the RIA Novosti reporter who was interviewing him asked him a couple of questions afterward that basically took the line of, 'You've got to be kidding, right?'" Lewis recalls. "So no, I don't think anyone took him too seriously."
Markov refused to identify his assistant at the time. Since then, however, his aide has stepped forward himself. He is Konstantin Goloskokov, an activist, or "commissar," with the pro-Kremlin youth group Nashi.
Goloskokov echoed Markov's original claim, saying he carried out the attacks on Estonia's Internet network. But the young Nashi activist tells RFE/RL he doesn't believe he did anything illegal. "First and foremost, I’d like to clarify that this wasn't an attack, it wasn't warfare," he says. "This was an act of civil disobedience."
Goloskokov says he came up with the idea at the height of a diplomatic row between Russia and Estonia.
A decision by the Estonian government to move from the center of Tallinn a World War II-era statue dedicated to Red Army troops drew recriminations from Moscow and sparked days of angry protests by Nashi activists outside the Estonian Embassy in Moscow.
Using a method known as a "distributed denial of service" (DDOS) attack, Goloskokov said he and a group of friends hacked into the Estonian Internet network, effectively paralyzing various parts of the system over the course of three weeks in April and May.
Backed By 'Higher Forces'?
Estonian experts have played down Goloskokov's claims, saying the attacks were too sophisticated to be the work of a single, mischievous group of hackers. Marvet says the early days of the attacks were largely amateur in nature, and could have been the work of so-called "hactivists." But at the peak of the crisis, the attacks were so sophisticated they could only have been the work of specialists.
Goloskokov's confession has prompted speculation his role may have been part of a broader cyberattack strategy that was likely ordered by Russian authorities. But Goloskokov insists he and his friends acted alone and that he did not receive orders or financial support from anyone.
"We used our own personal computers, our own personal channels for finding contacts. There were seven of us, although these seven people then got their own friends involved, including people in other countries, because they are all computer enthusiasts, and they have a wide social network," Goloskokov says. "I can't tell you exactly how many [people were involved] -- dozens, hundreds perhaps."
But some observers say it is unlikely that Goloskokov's scheme, if true, could have been carried out without at least tacit support from the Kremlin. Many point to the fact that Goloskokov has spoken freely about the incident, with no apparent fear of prosecution, as indicating the attack was backed by higher forces.
"Who's going to punish this Goloskokov, if what he did was to the authorities' liking?" asks Vladimir Pribylovsky, the president of the Panorama Information and Research Center think tank and founder of the anticompromat.ru website.
"I think that if he had been involved in this exploit, then someone must have given him the money to do it: either from the federal budget, or perhaps some businessman with patriotic tendencies -- maybe one who was given a hint that he ought to be showing such tendencies," he tells RFE/RL's Russian Service.
Yevgeny Volk, the director of the Moscow office of the Washington-based Heritage Foundation, says that even if Goloskokov didn't receive financial support from the authorities, they would have given him their tacit approval.
"The Nashi organization is part of the governmental establishment, and is strictly controlled by the governmental structures. The atmosphere of hatred, of xenophobia, created by Nashi was fertile soil for just such an action," Volk says. "I can hardly believe that any such action could have been organized and executed by a person on his own initiative and his own will."
Warning Of Things To Come
As concern about global cyberwarfare grows, many technology experts are pointing to the Estonia incident and others as evidence that states, if not directly involved in such attacks, have much to gain from them.
A recent report by a group of international cybersecurity experts claims that Russian intelligence agencies were probably involved in a DDOS scheme in Georgia that was similar in tactics and effect to the 2007 attacks in Estonia.
The 2008 Georgia cyberattacks overloaded and shut down servers in the South Caucasus -- including the official website of President Mikheil Saakashvili -- just weeks before the start of the Russia-Georgia war in South Ossetia.
The CSIS's Lewis, who says he is convinced Russia gave the "green light" to the Estonia attacks, credits the Kremlin with sparking a much-needed debate on cyberwarfare and Internet security.
"People are taking this seriously for the first time. One of the things that the Russians did, inadvertently, was trigger a wave of interest in various countries," Lewis notes.
"NATO's now putting a lot of effort into this. They're being helped by the Chinese, who have also engaged in a whole set of cyber-incidents," he adds. "Countries are worried in a way they've never been worried before."
The recent revelations about the Estonia cyberattack dispute come at a time when Moscow is seeking to remind onlookers that dwindling oil revenues and a flailing economy will not deter the Kremlin from seeking the upper hand in relations with its "near abroad."
Volk of the Heritage Foundation says Goloskokov's coming forward to claim responsibility for a two-year-old attack indicates that this quarrel is far from over.
"I believe that there are influential forces in Russia who want this conflict, this turmoil to continue, to give a new impetus," he says. "Because many people don't [want to see] any kind of rapprochement, any kind of normalization of relations between Russia and Estonia. They would like new provocations to aggravate these relations."
RFE/RL correspondents Ahto Lobjakas and Heather Maher contributed reporting to this piece from Prague and Washington