Baltic IT&T

ICT Events



ICT Market




Baltic IT&T 2011

ICT Calendar


Hosted by:

About journalSite Map
Home > Articles > E-society


On the Front Lines of an Invisible War

In April, Estonia bared its teeth against Russia in a way which had never been seen before. Over the course of a short period of time, Estonia chucked away the half-century of Soviet occupation which was part of its history. A bronze statue of a Red Army soldier was removed from the city centre of Tallinn and installed in a military cemetery, where it properly belonged. Russia was outraged. A ruthless war of propaganda was launched against Estonia all around the world. One aspect of the war involved a cyber-attack of a scope which was entirely unprecedented.

Urmas Vahe, editor, SL htuleht, Estonia

During the attack, the computer systems of at least 200 Estonian companies, both large and small, went off line for a shorter or longer period of time.  This was a shock for all of Europe, and the question is clear:  Is the Old World prepared for this kind of cyber-war.
The fact is that attacks via the Internet are an everyday reality in the world, says Hillar Aarelaid.  He is CEO of CERT Estonia (the Computer Emergency Response Team) and has been described as the father of cyber-protection in Estonia.  There is nothing unusual in all of this.  After all, the Internet is quite a vulnerable environment.  Anyone can express wishes or desires, no matter who good or evil they may be.  Anyone can make threats, seek to blackmail others, develop con schemes, create different ways of earning money, etc., all the while remaining comparatively anonymous.  If is incredible how easily some simple-minded people lose their money on the Internet to robbers.  Some culprits are caught and imprisoned, while others remain free.  There are also people who receive dozens of ads for the sale of Viagra each and every day.  Time and again people find gaps via which they can access other peoples computers.


It is no surprise that the initial round of attacks from Russia focused on key Estonian servers.  The first to collapse was the server of Estonias Reform Party, which was the one which organised the removal of the statue.  The homepages of the Estonian government and the countrys president were next to be hit.  Banks in Estonia were next that was still understandable, if inexcusable, but then something strange and inexplicable started to happen.  A Web site featuring the Ford Scorpio automobile was hit by a programme which presented insulting banners, one after another, to viewers.  Local governments were attacked.  Even rural primary schools didnt escape.
The only explanation seems to be the same as explanations concerning marauding in the streets after the statue was moved, says Aarelaid.  The craze was transferred online.  Everybody and everything was attacked indiscriminately.  It was the same as smashing shop windows during those infamous nights in April.  If you have a rock in your hand, it doesnt matter what you break, just as long as you can break something.  The same happened after the street riots.  If every Internet page accessed by Russian speakers was encouraging people to attack Estonia and offering detailed instructions on what exactly to do, then every Russian who feels that he or she despises the Estonian state will obey the instructions.  Thats exactly what happened with the schoolboy from Narva who destroyed the Web page of a primary school in Viljandi County.  That is also what happened in Moscow.  There were people who had the knowledge to break down very strong firewalls.  They didnt need any guidelines.


Estonia is considered to be one of the most online countries in the whole world.  The Internet in Estonia is just as normal as heat, electricity or other everyday products and services.  We dont notice its existence until its gone, until something happens to it which disturbs our daily routine.
People dont realise that there are many things that will halt without the Internet, says Estonias number-one IT man, Hillar Aarelaid.  We wont be able to pay for products at shops.  No bank transfers, no bill payments things that we do every day.  There would be no point to do any bookkeeping.  Our bosses wont have any business, and so they wont be able to pay our wages.  Shops will be totally confused.  The automated cash registers take one loaf of bread off the inventory sheet each time that one is bought.  The same is true for a carton of milk.  Inventory orders for the next day are based on these data.  If the system fails, we dont know whether the milk that we buy was packaged yesterday or last week.  We dont know that well have anything to buy at all.  Its not always necessary for these criminals to take down an entire bank, although that is a powerful attack.  It suffices to confuse a chain of convenience stores, and people start to think that the end of the world is near.  That wouldnt happen in a day, but it would surely happen in three weeks time.  Problems are even greater if a company has based its business entirely on an E-mail server.  In a sense, its a bit of a shame that our country has so much connectivity that we have destroyed our back-up systems.


People have a certain understand of what war is.  It is sensed in reality.  It occurs among people, technologies and states.  Wars involve ideas or strategies, and there are decisions as to the amount of force that is needed to attack a specific target.  None of this applies to the cyber-war, however.  Military theorists think that this may well be a future model for war shutting down nationally important servers and blocking access to energy sources.  Theres no more need for guns, tanks or cannon fodder.
First of all, the target of the attack in Estonias case remained obscure.  The attacks were arbitrary and almost random.  It is certainly comprehensible to knock out the banks for awhile, as was the attack against the ruling party and the government.  I can see why the attackers wanted to interfere in the work of mobile telephone operators.  But whats the point of attacking the homepage of the Estonian President, which is seldom accessed by ordinary people?  Why attack completely nonsensical targets such as automobile retailers? asks Aarelaid.
Neither does he understand the whole point of the process.  I can tell you that there was no aim other than to create confusion.  That is one of the chief characteristics of terrorism.  This was not really a cyber-war as much as it was cyber-rioting, or cyber-terrorism. In a country of Estonias size, the most vulnerable places are not army bases, power plants or chemical factories, though these, of course, are of key importance.  Estonia would have been much more disturbed if the attack had been against the emergency and rescue services, against the police.  Destroying or taking away simple things can hurt a country the most that is the bitter truth as seen by Hillar Aarelaid.


In principle, it is possible to hack into any computer server, no matter how bullet-proof the firewall may be or how secret the facility is.  Even schoolchildren have visited the top-secret pages of the Pentagon, sometimes on purpose, sometimes by accident.  Aarelaid thinks that anything that humans have made can also be accessed by humans  But why?
The technologies of computing have developed so rapidly that it no longer makes economic sense to attack an object via wires and to break through complex firewalls.  It is much easier and cheaper to bribe someone who is close to the project, someone who inputs data.  Lets think about a hypothetical example, says Aarelaid.  If the Russians wanted to blow up an American missile base, there is the question of why.  Do the Russians want to demonstrate that missiles fly, or do they want to demonstrate to the world that the American defence system is weak?  It is easy to make missiles fly.  It is even easier to bribe the right American.
In the case of Estonias cyber-riot, Internet service providers themselves came under attack.  The usual sad result was that clients couldnt use the Internet to pay for various services.  This creates a whole series of questions, says Aarelaid.  Who was the target?  Was it the appliance of the service provider or the service provider itself?  Maybe it was the clients of the service provider.  Maybe it was the state, which is mostly connected to this specific Internet service provider.  Unfortunately, we do not have answers to these questions.


During the fuss over the bronze soldier, text appeared on a server that is very well known by Russians:  Lets attack Estonian servers.  For all we know, the text is still there.  Alongside the challenge, there were very detailed guidelines on what exactly to do.  The instructions were meant for grade-schoolers press this key, then write your evil text, then press this key, etc.  At one point, recalls Aarelaid, we saw how the very highly connected north-eastern parts of Estonia suddenly became very active.  Lots of attack were launched from the computers of Russian speaking schoolboys in Estonia.  They probably knew neither what they were doing nor where their attacks would end up.  There were legions of teenagers in Russia doing the same, on the basis of the whole scheme.
Aarelaid remembers two days of confusion at his office.  It was difficult to understand what was happening.  When the first attacks were made against government offices, it was clear that this was a political assault.  Then the Kanal 2 TV station and the daily newspaper Postimees were attacked, and this was also understandable the TV station was presenting the rioting in all of its glory, while the newspaper was collecting photographs of Bronze Night so as to help the police to catch the perpetrators.  Next, however, there were attacks against incomprehensible targets, and we were totally baffled.  Cyber-wars are always ongoing in the world, and cyber-divisions and cyber-attacks are well researched and defined.  What happened in Estonia did not correspond to any of the rules that have been established in the world.  We were looking at the Wild West a maniac with a gun was shooting everything that was in his way.  This was a revolt, it was a very basic riot, and that is exactly how it must be approached.
Almost immediately, there were claims in Estonia and in other countries that the worst attacks came directly from the Kremlin in Moscow.  My computer specialists and I never claimed that, says Aarelaid.  The point was that any citizen can post messages on the homepage of the president.  Few do so.  Suddenly, the presidents mailbox was so full that the server was unable to cope.  Such comments are easy to trace, and it is all but impossible to fake the sender.  The computer can be asked who the original sender was, even if the comment comes via several intermediaries.  This inquiry unambiguously referred to a computer at the Kremlin.  We do not know whether it was used by a janitor or by some young and irritated government official.


Generally speaking, admits Aarelaid, Bronze Night changed nothing.  Weve always known about problems with the Internet and computers.  These are important and sometimes vital issues.  Serious work has been done in recent years.  Decision makers who have no direct contact with these issues may be becoming more aware of what is involved.  We havent received sacks of cash to develop defence systems and resources, however.  Our technologies were already state-of-the-art.  We didnt start to change quintuple firewalls into decuple firewalls.  There would have to be an economic reason to do so.  If it were up to me, I wouldnt change a thing.  If someone wants to break into my system, that person will do it no matter what.  I am satisfied with our current levels.  The average individual did not notice any change in his or her life during the Bronze Night event.  Fortunately, the attacks took place on a holiday, which was followed by a weekend.  Computer use remained fairly light.  By the time people got back to work, everything was back online.  This is a good level of protection.  Its true that Europe has never seen such a scale of an attack, so many people taking part.  But so what?  The main thing is that Europe rushed to our aid.  I think that the problem was less serious as it was made out to be in the press.  It seems to me that it is more important to find out just what Russia hoped to achieve with this process.


After a brief summer holiday, the invisible battle began anew, and with new vigour.  Again the target has been Estonia, this time the targets are the countrys banks.  Experimental attacks, never seen before in the world, have been occurring.  Estonia has held the fort so far.  Co-operation with the Estonian police has become very tight, indeed.

Authors contacts: urmas.vahe(at), +372 614 4087

Rating - 10 (1 Votes)
My rating:
My comment:
Web site owners do not carry responsibility for materials submitted by commentators and reserve rights to delete ones violating legal regulations and breaching of the decencies. Thank you for understanding!


Top news
Instantly online - 17 golden rules to combat online risks and for safer surfing mobile social networks [3]
Experts Warn of ICT Labour Shortage and Loss of Competitive Edge in Europe by 2015
Lithuanian organisations has been active to participate in CIP ICT PSP third call

Question for readers
How secure you evaluate your information and data?
Highly secure
Quite secure, but some security improvements are needed
Security is insufficient
No security at all