The Estonia Cyberwar
I was watching Live Free or Die Hard, the newest Die Hard movie, the other night. In it, an unnamed, unexplained group of French speaking Americans (apparently) engage in a cyberattack on Washington DC and the infrastructure of the North East. The details aren’t important, but there are a few items that are. First, cyberpower and cybersecurity like what I have been talking about over the course of this semester’s blog posts has made its way into popular culture. Second, it made me think of Estonia.
From an article on BBC, which had the most complete coverage of the attacks (far more than any American news source that I could find):
“A couple weeks ago when the whole thing started we had some problems in our online services and then our mail server was absolutely inundated with spam e-mails as well,” Estonian journalist Aet Suvari told the BBC. “In the past few weeks it has been quite difficult for some government officials to read their e-mails on the web, to get access to the banks.”There are a number of issues raised by the attacks, some of which I want to explore in my paper. In a article from August in Wired called “Hackers Take Down the Most Wired Country in Europe” , the author does a nice job pulling out some of them. For the sake of brevity, I will bullet them below.
The defense ministry says that the cyber attacks come from all over the world, but some have been hosted by Russian state servers.
Is a cyberattack an act of war? At the beginning of the Wired article , it briefly outlines the thought process of the Estonian Defense Minister in the early hours of the attacks. Considering the legal ramifications of the attack, the Defense Minister, Jaak Aaviksoo, almost invoked Article 5 of the NATO treaty, the collective security portion of the treaty. This would have declared Estonia in a state of war and obligated the other NATO countries to come to Estonia’s defense.
Tracing the source of an attack is critical both in stopping and/or countering the attack, and in determining its possible political ramifications. Related to the previous point, the authorities involved in the defense of Estonia’s networks had to determine where the attack was coming from (as it turns out, the botnets were largely in Egypt, Peru and Southeast Asia). In doing so, they linked some of the bots to computers in Russia. But since far many more were in other countries, including the US, there was no real way of determining the real source of the attack, only the avenues through which it was conducted. This is a serious problem for national authorities in a time of crisis, and is, to some extent, the equivalent of a cargo container nuke blowing up in port with no way of determining where it came from.
International and public/private sector cooperation is key to fending off a cyber attack and possibly countering it. The Estonian authorities ended up having to cooperate with dozens of foreign ISPs to shut down the IPs. They could only do so through some folks at NetNod, one of the 13 root DNS servers. The fact that some of the top cyber experts in that organization just so happened to be in or near Estonia at the time was extremely lucky for them. In the event of an attack on the US, there would need to be some kind of preparedness plan in place so that this kind of luck isn’t relied on.