Estonia blamed Russia for backing 2007 cyberattacks, says leaked cable
Told U.S. diplomats that it had enough circumstantial evidence to link Russia to first cyberwar campaign
Computerworld - Estonian officials told U.S. diplomats that they believed the Russian government was involved in the 2007 cyberattacks against their country, a leaked U.S. State Department cable published Monday said.
The attacks were the first sustained campaign that targeted a nation's information infrastructure, although others have occurred since, including one against the former Soviet republic of Georgia in 2008. Russian hackers were also blamed for the Georgian attacks.
Estonia's cyber problems began in April 2007, when distributed denial-of-service (DDoS) attacks crippled the site for Estonia's prime minister, struck the domains of the nation's two largest banks and targeted other, smaller sites as well.
The attacks started after Estonia announced it was relocating a Soviet-era war memorial, called the "Bronze Soldier," and peaked on May 9, Russia's Victory Day that marks the surrender of Germany in World War II. A week later, the attacks petered out.
In a cable dated June 4, 2007, from the U.S. embassy in Tallinn, Estonia's capital, American diplomats reported that Estonian sources first believed the attacks were more "cyber riot" than cyberwar, but later changed their minds.
"The [government of Estonia] believes it has enough circumstantial evidence to link Moscow with the attacks," the U.S. cable stated, citing a conversation between Estonia's president, Toomas Hendrik Ilves, and the U.S. ambassador at the time, S. Davis Phillips. "Moreover, as [name redacted] repeatedly asked us in conversations, 'Who benefits from these attacks?' He speculated that the probing nature of the attacks on specific government and strategic private sector targets through the use of anonymous proxies fit the modus operandi of the Putin regime testing a new 'weapon.'"
Vladimir Putin, now the prime minister of Russia, was its president in 2007.
Others, including security researchers, tagged the Estonian attacks as akin to online rioting. But Estonia wasn't buying that.
Another Estonian source told U.S. embassy personnel that a "small core of individuals" pre-planned and coordinated the attacks. Estonia said its monitoring of Russian-language hacker forums prior to opening attacks on April 27 indicated that the hackers had originally pegged May 9 as the strike date.
"When the [Ministry of Defense] announced its plans to move the Bronze Soldier on April 27, [the attackers] moved up their plans to try to link the attacks with the monument's removal," the source told U.S. diplomats. "You don't expect spontaneous, populist cyber attacks to have a pre-determined list of targets and precise dates and times for coordinated attacks," said the source, whose name was struck from the cable published by WikiLeaks. The DDoS attacks forced Swedish-owned Hansabank, one of Estonia's two largest banks, to spend at least [euro]10 million ($13.4 at the time) to defend itself, the cable reported. Hansabank and its main rival, SEB, brought more servers online and bought more bandwidth capacity to weather the attacks.
Estonian officials also told the U.S. that they had received no cooperation from Putin's government or the Russian Internet service providers that they suspected were used by attackers.
"[Name redacted] complained that cooperation with Russia's CERT was almost nonexistent," the embassy said. "The lack of responsiveness by the [government of Russia] and Russian CERT [computer emergency response team] personnel only diminished Russia's claims of innocence in the eyes of the Estonians."
The cable was one of the 1,200 that WikiLeaks has published in the last two weeks from its cache of more than 250,000 State Department messages.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- US agencies to release cyberthreat info faster to healthcare industry
- UPS now the third company in a week to disclose data breach
- Healthcare organizations still too lax on security
- Why would Chinese hackers want US hospital patient data?
- About 4.5M face risk of ID theft after hospital network hacked
- Supervalu breach shows why move to smartcards is long overdue
- Grocery stores in multiple states hit by data breach
- Update: Payment cards with chips aren't perfect, so encrypt everything, experts say
- U.S. agencies halt background checks by contractor after cyberattack
- Five unanswered questions about massive Russian hacker database
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- Finance - Interactive eGuide In this e-Guide, Computerworld, IDG News Service and IT World examine software-defined data centers, customer experience tools, and security issues that are top...
- API Playbook: Drive API Adoption Through Developer Engagement Learn the best practices of how to engage developers, whether your goal is to attract external developers to your public APIs or improve...
- Leverage the Power of APIs to Turbocharge Your Mobile Strategy: 7 Steps to a Successful API Program In this guide, Intel® Services-which offers industry-leading API management solutions for over 150 top enterprises, including Best Buy, Netflix, Expedia, ESPN, and The...
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- API Management: The Key to Improving the Consumer Travel Experience Join PhoCusWright's Senior Technology Analyst, Norm Rose, as he shares his insights on how travel suppliers and intermediaries can improve industry data flow...
- Tips to Simplify Database Administration and Development Make your job easier while getting the most from the leading productivity tool for database professionals. Learn tips from Dell Software's Oracle® ACE,... All Government/Industries White Papers | Webcasts