While most people immediately remember the 9/11 attacks and its impact on the United States, other nation-changing events have not become part of the world’s collective memory. In particular, the attacks on Estonia in 2007 are unique and ground-breaking due to their cyber dimension and scale.
The chain of events leading up to these attacks started with what could seem a trivial dispute, but with great symbolic resonance. In fact, the object that triggered such a harsh response was the statue of the Bronze Soldier, which is a monument for the liberators of the Estonian capital. This statue has a dual cultural value, because the Russian-speaking Estonians view it as the Soviet Union’s triumph over Nazism, while ethnic Estonians consider it the symbol of Soviet oppression of their country. The controversy surrounding this monument sparked when the Estonian government decided to move its placement from the centre of the capital to a military cemetery outside the city. This caused great discontent among Russian-speaking groups, who started to protest on the night of April 26th, which eventually escalated into more violent riots.
The following day, Estonia was flooded by multiple cyber attacks targeting, most notably, its population. For instance, most of the attacks consisted of Distributed Denials of Service to public institutions, such as the Parliament’s website and newspapers. However, this was only the first wave of what would go on to be a three-week-long cyberattack, which culminated on May 9th hitting a peak of intensity. Through the use of ping floods, which sends a great number of messages quickly to a server, this second wave prevented citizens from making bank transactions online and withdrawing money from cash machines. The Estonian economy and government greatly suffered from this sustained cyberwar, trying to fight back through enhancing digital defences and setting up alternative internet sources, since the country was almost entirely disconnected from the internet.
The perpetrator of these attacks was almost automatically assumed to be from the Russian Federation, despite the lack of convincing evidence. The only indication of the origin of the perpetrator was the fact that the programming instructions of the attacks were in Russian, which is still not enough to prove that such an attack was sponsored by the Russian government. Nonetheless, due to the dispute which triggered the events, Russia tends to be implicitly considered responsible by some Estonian officials. The Estonian government was profoundly affected by this sequence of events, to the point where it now highlights the digitalisation of the country as the main national objective. This not only means strengthening its cybersecurity sector, but also in the development of digital technologies aimed at high-quality online education and online voting. Such improvements could increase the productivity of Estonia by compensating for its relatively small population, fostering cutting edge developments.
Regardless of those responsible, these attacks clearly raise the question of how to address cyber warfare on an international level. Despite the fact that more than a decade has passed since the Estonian events, regulation on the handling of cyberattacks is still very vague. In particular, should cyber attacks on a country be treated like any other military hostile action? While one could argue that cyber-attacks such as these typically don’t cause the same number of casualties as other military offences, in an era ever more intertwined with the digital world the lack of access to technology can be equally disastrous.
Photo by Stanislav Rabunski on Unsplash