This is one of the Case Studies from the report "Hybrid Threats. A Strategic Communications Perspective".

You can access the full report here.

Executive Summary

In April and May 2007, Estonia became the target of a coordinated cyber attack. Over a three-week period, government and parliamentary portals, ministries, news outlets, internet service providers, major banks, and small businesses were all targeted, predominantly by a Distributed Denial of Service (DDoS). The cyber attack coincided with the Estonian government’s decision to relocate the ‘Bronze Soldier Memorial’ in Tallinn, which led to significant civil disturbance in both Estonia and Russia.

The vast majority of malicious network traffic was of Russian-language origin and had indications of political motivation. The Russian government denied any involvement; however, the cyber attacks were accompanied by hostile political rhetoric by Russian officials, unfriendly economic measures, and refusal to cooperate with the Estonian investigation in the aftermath of the attacks, all of which likely encouraged the perpetrators.

The attacks caused some disruption and economic cost to Estonia. Perhaps more importantly, though, they exposed Estonia’s vulnerabilities, and demonstrated the potential of cyber attacks to cause far more lasting damage if intended. However, the incident also demonstrated Estonia’s capabilities and resilience in countering the cyber attacks. Ultimately, the shock caused by the cyber attack led to a significant strengthening of cyber defence capabilities, institutions and legislation in Estonia, the European Union, and NATO.

Key Points

  • Ambiguity was a key feature of this cyber attack. As the attacks were apparently carried out independently by individuals using their own resources, any state sponsor responsible for orchestrating the attack was able to disguise and deny themselves as the source. This underscores the requirement for governments to achieve political consensus on attribution in a timely manner based on the available evidence and be able to communicate this in a clear and understandable way to the general public.
  • In addition to the physical effect on infrastructure, cyber attacks have a significant psychological dimension. In this case, attackers could have inflicted significantly more damage within the cyber domain if desired, but it was highly likely that a key objective was to test and demonstrate cyber capabilities, as well as to sow confusion and uncertainty.
  • In this case, as well as in similar cyber attacks on Lithuania (June 2008), Georgia (July/August 2008), and Kyrgyzstan (January 2009), cyber activity was integrated and synchronised with a wide spectrum of other measures, such as economic or diplomatic pressure, with the result of increasing strategic effects.