Cyber attacks against Estonia (2007)

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Date 27 April until May 2007 (three to four weeks of malicious activities – the end is not sharply delineated).
Suspected actor Group of hackers from around the world.[1] Allegations have been circulating about the support by the Russian Federation to the attack, always denied by the Russian government.[2]
Target The attacks were directed to both the Estonian public and private sectors. Public institutions including the websites of the Prime Minister, the Parliament and almost all of the country’s government ministries have been targeted by the attack. Private sectors such as banks, telecommunications and three of the country’s six big news organizations and two of the major Estonian banks has been targeted.[3]
Target systems Estonian essential infrastructures, telecommunications, name servers, web sites, e-mail, DNS.
Method Waves of DDoS (distributed denial-of-service) attacks overloading Estonian servers. According to the Estonian Defence Minister, Jaak Aaviksoo, the attackers commanded nearly a million “zombie” computers creating a huge world-wide-network of bots in order to amplify the impact of the attack.[4] The DDoS overflew Estonian websites with massive requests of data, increasing traffic and overloading the servers to a standoff with ping flood scripts. The analysis of the DDoS attacks by Arbor’s Security Engineering & Response Team (ASERT), showed that the largest cyber attacks caused streams of 90 megabits of data a second, lasting up to 10 hours each. [5]
Purpose The cyber attack seemed to have followed a political row in retaliation to the relocation of a Soviet “Monument to the Liberators of Estonia” from the center of Tallinn to a military cemetery on the outskirt of the city.[6] Since the monument represents the USSR’s victory over Nazism, the relocation has been considered by Moscow an outrageous act and sparked riots in the streets of the capital city involving mostly Russian nationalists. Following the removal, the Russian foreign Minister Sergei Lavrov said Moscow would “take serious steps” even though he never specified what kind of measures.[7]
Result The attack caused email servers mainframes failures, DNS servers overloading, and damaging of routers. On 10 May, Hansabank, Estonia’s biggest bank, was forced to shut down its online service for more than an hour and blocked access to 300 suspect Internet addresses, causing a loss worth $1 million.[8] Due to the nature of the attacks, public and private entities defended themselves by blocking the access from sources that were outside the countries, resulting in the obscuration of their websites to the rest of the world.[9] Although disruptive, the DDoS attacks did not create any physical damage and have not risen to the level of actual cyberwarfare.[10]
Aftermath Following the three-weeks-wave of cyber attacks, Estonia launched an investigation to find the responsible with no success. Due to the nature of the attack, there has been no evidence connecting the Kremlin to the campaign.[11] What is certain is that the act was highly coordinated and could not be the work of a single hacker, but rather a well prepared group.[12] The Estonian government has not blamed the Russian authorities directly but its foreign ministry published a series of IP addresses, originating from Russia.[13]
Analysed in Scenario 05: State investigates and responds to cyber operations against private actors in its territory

Collected by: Samuele De Tomas Colatin

  1. J Davis, “Hackers Take Down the Most Wired Country in Europe”, (21 August 2014), Wired.
  2. Wire Reports, “Kremlin denies involvement in cyber attacks on Estonia”, (18 May 2007), The Baltic Times.
  3. I Traynor, “Russia accused of unleashing cyberwar to disable Estonia”, (17 May 2007), The Guardian.
  4. A Blomfield, “Russia accused over Estonian 'cyber-terrorism'”, (17 May 2007), The Telegraph.
  5. J Nazario, “Estonian DDoS Attacks – A summary to date”, (17 May 2007), Netscout.
  6. P Finn, “Statue's Removal Sparks Violent Protests in Estonia”, (28 April 2007), The Washington Post.
  7. N Adomaitis, “Estonian capital suffers second night of violence”, (27 April 2007), Reuters.
  8. M Landler, J Markoff, “Digital Fears Emerge After Data Siege in Estonia”, (29 May 2007), The New York Times.
  9. G Ahmad, “Politics on the Wire”, (12 June 2007), Symantec Official Blog.
  10. S Ranger, “What is cyberwar? Everything you need to know about the frightening future of digital conflict”, (7 September 2018), ZDNEt.
  11. A Blomfield, “Estonia calls for Nato cyber-terrorism strategy”, (18 May 2007), The Telegraph.
  12. R Coalson, “Behind the Estonia Cyberattacks”, (6 March 2006), Radio Free Europe Radio Liberty.
  13. BBC Report, “The Cyber Raiders Hitting Estonia”, (17 May 2007), BBC.