Cyber Warfare Case Study: Estonia

Jill Wiebke
April 5, 2012
• Cyber warfare “is a combination of computer
network attack and defense and special technical
operations” (IEEE)
• 8 Principles:
Lack of physical limitations
Kinetic effects
Mutability & inconsistency
Identity & privileges
Dual use
Infrastructure control
Information as
operational environment
• Malicious cyber activity: crime, espionage,
terrorism, attacks, warfare
• Classifications are made by intentions of
perpetrator and effect of the act
• Definition of cyber attack is inconsistent
Baltic territory
Capital: Tallinn
Independence in 1918
Forced into the USSR in 1940
Regained freedom in 1991,
Russian troops left in 1994
• Joined UN in 2001, and NATO
and EU in 2004
• Known as an “e-society,”
paperless government,
electronic voting, etc.
• Who: That’s the real question, isn’t it?
• What: Distributed denial of service (DDoS) attacks on
government, banks, corporate websites; website
• When: April 27, 2009 – May 18, 2007
• Where: Estonia
• Why: Another good question…
• How: Well-known attack types, but “unparalleled in
size;” hundreds of thousands of attack computers
• April 27: Estonian government websites shut down from
traffic, defaced
• April 30: Estonia began blocking Web addresses ending in
Increased attack sophistication; targets now included media
websites attacked by botnets
• 1 million computers were unwittingly employed to deploy
botnets in US, China, Vietnam, Egypt, Peru
• May 1: Estonian ISPs under attack
• May 9: Russian victory in WWII – new wave of attacks at
Russian midnight
• May 10: Banks are attacked
• Estonia had just decided to relocate a Soviet WWII memorial
• Large, well-organized, well-targeted attacks – not spontaneous
– began hours after the memorial was relocated
• Malicious traffic indicated political motivation and Russian
language background
• Instructions for attacking websites were posted in Russian
language forums including when, what, and how to attack
• Did not accuse Russian government (not enough evidence), but
attacks are believed to have originated in Moscow
• IP addresses of attackers belong to Russian presidential
• Russian officials denied any involvement; IPs could have been
• One person has been convicted – student in Estonia
organized a DDoS attack on the website of an
Estonian political party
• NATO enhanced its “cyber-war capabilities”
• Created a “cyber defense research center in
Tallinn in 2008”
• Cyber Command – Full Operating Capability on
Oct 31, 2010
• Georgia
• DDOS attacks coincided with Russian invasion in August 2008
• Stuxnet
• Worm that targets industrial control systems
• Infected Iranian nuclear facilities
• Titan Rain
• Suspected Chinese attacks on the US since 2003
• “Nearly disrupted power on the West Coast”
• Security breaches at defense contracting companies
• Attribution
• Nation-state actors
• Non-state actors
• “Hired guns”
• Trails end at an ISP
• New territory – no rules/standards
• Legal territory issues
• International laws do not exist yet
• Crime of Aggression definition
• Impacts
• The US heavily relies on cyber networks, so a
cyber attack could be highly detrimental
• Physical impacts
Disable water purification systems
Turn of electricity
Misrouting planes/trains
Opening dams
Melting nuclear reactors
• Communication network impacts
• Stock market manipulations
• Wireless Internet access outages
• Cyber attacks are increasing in threats, frequency,
and intensity
• Targets range from government entities, banks,
corporations, to private businesses
• We are the “cyber warriors” and “network ninjas”
that will be dealing with the effects of cyber