- The Washington Times - Friday, June 1, 2007

Estonia fell prey last month to what is being called the first cyberwar. Beginning at the end of April, the small Baltic state faced an unprecedented cyberattack that immobilized much of the country’s digital infrastructure, closing government and financial Web sites, e-mail servers and other Internet services. The worst appears to be over, but officials have much to learn from this very real example of cyberwarfare.

The attacks Estonia faced are called “distributed denial-of-service,” or DDOS, and are carried out by overwhelming specific Web sites with more requests for information than the network is designed to accommodate. To do this, hackers use a network of computers that have been infected by software programs known as “bots,” which allow the computer to be hijacked and used as a part of the attack. These “botnets” can be very large; the attack against Estonia involved as many as 1 million computers, some in the United States. DDOS attacks are troubling because they are difficult to guard against, particularly on the scale of last month’s assault.

Cyberwarfare is also difficult to combat because the perpetrators are hard to locate and identify. Estonian officials were quick to implicate the Russian government — tempers were already simmering over Estonia’s decision to relocate a Soviet-era war memorial from the center of Tallinn, the capital, to a military cemetery — and some experts say that the scale and coordination of the cyber attacks are beyond what even organized hackers could pull off. Instructions to hackers were posted on a number of Russian Web sites and chat rooms. Considering Russia’s insistence on maintaining influence in the post-Soviet sphere, and Moscow’s willingness to use its energy resources as a tool of political coercion, such a scenario is not hard to believe. Conclusive evidence, however, is still absent. “We see signs of Russian nationalism at work here, but no Russian government connection,” wrote Jose Nazario, a security expert with Arbor Networks, an Internet security firm.

Whether this was an incident of state-sponsored cyberwarfare or of coordinated cyberterrorism, it is a serious reminder to the United States no less than Estonia and the rest of Europe of the seriousness of information warfare. The barrage against Estonia did more than overload government, media and financial Web sites. “Particular ‘ports’ of particular mission-critical computers in, for example, the telephone exchanges were targeted,” a leading Estonian Internet expert told the Economist. As a result, emergency phone numbers were shut down for over an hour, the magazine reported.

Internet security experts from NATO, the European Union and the United States arrived in Estonia to advise and observe the country’s response. The tech-savvy country could have done worse, but the disruption of services was costly and potentially dangerous. Attacks like these are likely to become more frequent in the future, and some senior U.S. officials are rightly concerned. While the United States needs to address its own preparation and possible response to such an attack, NATO should weigh taking a greater role in collective cyber-security.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide