e-Stonia Under Attack
An old-fashioned diplomatic dispute plays out in cyberspace.
By Anne Applebaum
Posted Tuesday, May 22, 2007, at 6:53 AM ET

And now for a quick quiz: A European country—a member in good standing of NATO and the European Union—has recently suffered multiple hostile attacks on its institutions. Can you a) name the country; b) describe the attacks; and c) explain what NATO is doing about it?

If you can't, don't worry: NATO itself doesn't quite know what it is doing about it, despite the alliance's treaty, which declares an armed attack on one of its members "an attack against them all." For the country is Estonia—a very small, very new member of NATO—the attacks are taking place in cyberspace, and while the perpetrators aren't exactly unknown, their existence can't be proved, either.

Which creates a dilemma—several, in fact: Is this an "armed attack"? Is the NATO alliance obliged to respond? And if so, how? None of these questions have clear answers: Welcome to the 21st century. And if you thought that terrorists headquartered in ungovernable bits of the undeveloped world were our worst problem, think again.

To add an extra layer of complication to this story, it's important to explain that its origins lie not in the high-tech cyberfuture but in a Cold War-era argument over the past. Several weeks ago, the Estonian government decided to move a bronze statue of a Soviet soldier from its place in the center of Tallinn, the capital, to a cemetery outside town, together with the remains of the Soviet soldiers who had been buried beneath it. That might not sound like a casus belli, but to the Russian minority in Estonia, most of whose families arrived in the country after the Red Army drove the Germans out in 1945, that statue had become a rallying point as well as a justification of their right to remain in Estonia. To the Estonians, one in 10 of whom was deported to Siberia after 1945, the statue had become a symbol of half a century's worth of Soviet occupation and oppression. A riot ensued; a Russian protester was killed; hooligans attacked the Estonian ambassador in Moscow; and, a few days later, Estonian government, bank, and newspaper Web sites began to go down one by one.

Elsewhere, this might not have mattered quite so much. A defense information specialist from another newish NATO member state told me, somewhat ruefully, that his country wouldn't be vulnerable to a cyberattack because so little of its infrastructure is sophisticated enough to use the Internet. But Estonia—"e-Stonia" to its fans—practices forms of e-government advanced even by Western European standards. Estonians pay taxes online, vote online, bank online. Their national ID cards contain electronic chips. When the country's Cabinet meets, everyone brings their laptop. When denial-of-service attacks start taking down Estonian Web sites, it matters.

Of course, as is the way of these things, their precise origin cannot be determined: Unlike classic terrorism, the essence of modern cyberwarfare is its anonymity. Though some of the attacks did appear to come from PCs belonging to the Russian presidential administration, others came from as far afield as Brazil and Vietnam. As a result, even the Estonian government's experts have backed away from directly accusing the Russian government. After all, angry hackers can organize a "botnet"—a group of computers that have been remotely hacked and forced, unwittingly, to send out spam or viruses—anywhere. Indeed, "patriotic" Chinese hackers have made a specialty out of this sort of thing, launching cyberattacks at moments of high tension against both Japanese and U.S. government Web sites, using computers based all over the world.

Both the anonymity and the novelty may turn out to be part of the appeal, particularly if, as some in NATO now believe, the attacks are Russian "tests," both of the West's preparedness for cyberwarfare in general and of NATO's commitment to its newest, weakest members in particular. Some believe the Russian government is now playing with different tactics, trying to see which forms of harassment work best: the verbal attacks on Estonia, the Russian oil pipeline to Lithuania that mysteriously turns out to need repairs, or the embargos on Polish meat products and Georgian wine.

If that is the case, then surely the lesson of the last three weeks is that cyberwarfare has a lot going for it: It creates no uproar, results in no ***-for-tat economic sanctions, doesn't seem like a "real" form of warfare, and doesn't get anyone worried about Europe's long-term energy needs. NATO did, in the end, quietly send a few specialists to Estonia, as (even more quietly) did the Pentagon. A few Europeans complained a bit at a summit over the weekend, too. But there the affair will end—until the attacked Estonian government in cyberspace comes back online, better armed for the next battle.

Originally posted by Pekka
They can show the addresses going back to govt computers.

They don't need secret service permission to know that.

I can introduce you to ISP's terms of use and defending their network as well as bunch of other stuff that means you need no permission from authorities to make things happen and have confirmation on the attackers.

It might be that Estonian officials have no real evidence and that they're just saying this.

BUt if you really believe wha tyou just said, you are a) an idiot b) don't know **** about computer security and c) should just about now kill yourself.

Originally posted by Serb
Plain BS.
They could track an IP address, but without assistance of the Russian secret services,

Originally posted by DinoDoc
Which of course will be forthcoming since Russia has been so cooperative in other investigations.

Originally posted by lord of the mark
of course it will be forthcoming.

Just as they will extradite the guy who is accused by UK of killing Litvinenko.

Originally posted by Pekka
"No I just got out of work and fairly tired. You can drink in the movie theater? Crazy

Originally posted by Pekka
Depends what do you mean by hacking. Tracing isn't exactly inventing the satellite.

zAhh! To force, but ISP's may also cooperate. Also depending on ISPs terms of use, which they always state, most ISPs (if they aren't dumb, which I'm sure Russian ISPs aren't), in case of an abuse, ISP has the right to defend itself.

In situations like these, ISPs do often submit, depending on teh nature of the attack of course. That is, the attack is taking place in or through their network, so it is abusing the ISP, and the ISP can defend itself by their statements in terms of use, thus they don't even need to contact authorities to track down folks. Just few examples.

True and not true. If I said building, I was supposed to say IP. And namespaces are pretty much known, so if you've got an IP that you can recognize, well... game over. And yes, you can most likely pinpoint it to a building as well.

These cables and things aren't exactly unmarked.

So yes, most likely the ISP knows the physical address as well.

Might be. Or not.

No I just got out of work and fairly tired. You can drink in the movie theater? Crazy

Originally posted by Serb

That's why I bought tickets for the May 24 premiere of the new Pirates of the Carribean (normally she protests when I drink beer, but movie theater is an exception).

Originally posted by lord of the mark


Here in G-d's country, we have "cinema n' suds" houses that play movies on second run (after theyve been through the first release theaters) that serve beer.

Originally posted by lord of the mark


She only wants you to drink vodka?