Estonia blamed Russia for backing 2007 cyberattacks, says leaked cable
Told U.S. diplomats that it had enough circumstantial evidence to link Russia to first cyberwar campaign
Computerworld - Estonian officials told U.S. diplomats that they believed the Russian government was involved in the 2007 cyberattacks against their country, a leaked U.S. State Department cable published Monday said.
The attacks were the first sustained campaign that targeted a nation's information infrastructure, although others have occurred since, including one against the former Soviet republic of Georgia in 2008. Russian hackers were also blamed for the Georgian attacks.
Estonia's cyber problems began in April 2007, when distributed denial-of-service (DDoS) attacks crippled the site for Estonia's prime minister, struck the domains of the nation's two largest banks and targeted other, smaller sites as well.
The attacks started after Estonia announced it was relocating a Soviet-era war memorial, called the "Bronze Soldier," and peaked on May 9, Russia's Victory Day that marks the surrender of Germany in World War II. A week later, the attacks petered out.
In a cable dated June 4, 2007, from the U.S. embassy in Tallinn, Estonia's capital, American diplomats reported that Estonian sources first believed the attacks were more "cyber riot" than cyberwar, but later changed their minds.
"The [government of Estonia] believes it has enough circumstantial evidence to link Moscow with the attacks," the U.S. cable stated, citing a conversation between Estonia's president, Toomas Hendrik Ilves, and the U.S. ambassador at the time, S. Davis Phillips. "Moreover, as [name redacted] repeatedly asked us in conversations, 'Who benefits from these attacks?' He speculated that the probing nature of the attacks on specific government and strategic private sector targets through the use of anonymous proxies fit the modus operandi of the Putin regime testing a new 'weapon.'"
Vladimir Putin, now the prime minister of Russia, was its president in 2007.
Others, including security researchers, tagged the Estonian attacks as akin to online rioting. But Estonia wasn't buying that.
Another Estonian source told U.S. embassy personnel that a "small core of individuals" pre-planned and coordinated the attacks. Estonia said its monitoring of Russian-language hacker forums prior to opening attacks on April 27 indicated that the hackers had originally pegged May 9 as the strike date.
"When the [Ministry of Defense] announced its plans to move the Bronze Soldier on April 27, [the attackers] moved up their plans to try to link the attacks with the monument's removal," the source told U.S. diplomats. "You don't expect spontaneous, populist cyber attacks to have a pre-determined list of targets and precise dates and times for coordinated attacks," said the source, whose name was struck from the cable published by WikiLeaks. The DDoS attacks forced Swedish-owned Hansabank, one of Estonia's two largest banks, to spend at least [euro]10 million ($13.4 at the time) to defend itself, the cable reported. Hansabank and its main rival, SEB, brought more servers online and bought more bandwidth capacity to weather the attacks.
Estonian officials also told the U.S. that they had received no cooperation from Putin's government or the Russian Internet service providers that they suspected were used by attackers.
"[Name redacted] complained that cooperation with Russia's CERT was almost nonexistent," the embassy said. "The lack of responsiveness by the [government of Russia] and Russian CERT [computer emergency response team] personnel only diminished Russia's claims of innocence in the eyes of the Estonians."
The cable was one of the 1,200 that WikiLeaks has published in the last two weeks from its cache of more than 250,000 State Department messages.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- How to protect yourself against privileged user abuse
- Montana data breach exposes 1.3 million personal records
Read more about Government/Industries in Computerworld's Government/Industries Topic Center.
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- The Next Generation Employee Experience This white paper from IBM, showcases five organizations that are strategically integrating emerging social software and tools with their existing investments and seeing...
- Jyske Bank extends brand message to more than one million visitors a month IBM WebSphere Portal software helps bank offer a clearly differentiated digital experience
- It's not too late...Get Your Mobile Questions Answered Live! How can IT provide seamless and secure mobile communications and collaboration for all? Join this live Webcast as IDG asks an expert panel...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Government/Industries White Papers | Webcasts