Cyberattack: A Warning From Estonia
Some have called it the first war in cyberspace. Last month witnessed a massive and organized Internet attack against the small but technologically capable nation of Estonia. For three weeks, the nation’s computer systems were under constant assault. The offensive successfully shut down the government and much of its commerce for a period.
Some feared it was the first state-to-state cyber attack in history. It certainly represented a new and deadly phase of cyber warfare: an attack on an entire nation.
Realize: It could happen anywhere, including the United States.
The Estonia attack was remarkable for several reasons:
• It is the first concerted attack waged on an entire nation’s computer systems. At the height of Estonia’s weakness, ambulance and fire service was down. The attack affected the websites of the presidency, the parliament, almost all of the government ministries, political parties, news organizations and banks. An IT security company that analyzed the attacks said Estonia was barraged by enough data to amount to downloading all of Windows XP every six seconds. It is possible that more than 1 million computers were on the attacking side.
• The attacks were politically motivated. On April 27, Estonia relocated a statue known as the “Bronze Soldier” from the center of its capital, Tallinn, to a less prominently located military cemetery in the outskirts. To the Russians, the statue represents the sacrifice they made to repel Hitler; to some Estonians, it represents the occupation of Estonia by the Russians. On the day the statue was removed, violent protests by ethnic Russians killed one person and injured dozens. Some government officials in Moscow recommended cutting off diplomatic ties with Tallinn. Estonian Prime Minister Andrus Ansip said the removal of the statue was a “timely decision” that prevented Estonia from “slipping under Russia’s control.”
• While Russian nationalists were undoubtedly involved, the nature of the attack has made it impossible to positively identify the attacker. Many newspapers have stated openly that the Russian government was not behind it on the grounds that they cannot trace the action to the Kremlin (finally, the media have found a case where they embrace “innocent until proven guilty”). This only makes the attack that much more disturbing. If a cyber war can be waged so effectively that the primary attackers are untraceable, what does this say for the future of technological warfare? Isn’t it obvious that terrorists will embrace such a technique that has already proven successful? And what if hostile governments did decide to attack technological infrastructure? The Russian government is certainly capable of inflicting much greater damage on Estonia should it choose to. The main targets in this attack were politically symbolic, not areas that would destroy the quality of life for Estonians in general—and even with that, life was disrupted.
• The world is largely unprepared to respond to technological attack, so much so that nato currently does not identify this sort of action as a military action at all. When Estonia actually was under severe attack and requested help, nato could only send some of its top cyber-terrorism experts and an observer to monitor the attacks. Even with the potential for cyberattack now realized, preparation for responding to it is remarkably slow. Estonia’s top Internet guru believes that, in the wake of this attack, a new global cybersecurity treaty will be reached—by 2012!
When the U.S. military created the Arpanet, predecessor to today’s Internet, the idea was to create communications that could not be disrupted even if large portions of the network were destroyed by war or natural disaster. But now everyone uses the Internet, and the thing that made it so appealing—its broad-based structure—has become its greatest weakness. Disruption of the Internet can disrupt everyone’s way of life—including our communications and financial systems. And the military may be the most vulnerable of all.
In his May 2005 Trumpetpersonal, editor in chief Gerald Flurry warned about “America’s Achilles heel” being the vulnerability of our computer systems. “One of the main reasons we won World War ii was because the British broke German radio code,” he wrote. “We knew about most of their war plans in advance! Quite a gigantic advantage. Some experts think we would have lost the war without that knowledge.
“We could lose the next war before we even begin, if somebody breaks our military codes.”
Treating these types of threats with anything but the utmost seriousness could lead to the worst consequences imaginable. Computers won’t seek to protect themselves, you and your loved ones, or even your nation from exploitation. The attack on Estonia, while well coordinated, was not all that complicated—it doesn’t take a genius to come up with this form of attack, known as “Distributed Denial of Service” (ddos). When the time comes that the United States faces hostile technological action, it will likely be on a far greater scale, from a far better prepared foe.
Note this turning point these attacks represent; it won’t be the last time we see cyber warfare waged. For more information, read “America‘s Achilles Heel.”