ANDREJ ILIEV, FERDINAND ODZAKOV:  HISTORICAL AND LEGAL ASPECTS OF CYBER ATTACKS ON CRITICAL INFRASTRUCTURE

            The third and last historical period of cyber warfare begins after the 9/11 terrorist attacks on
            the United States in 2001. The first significant cyber-attack in this third period was in Estonia
            in 2007. Estonia, a small country with a population of just over 1.3 million, had a boom in
            the use of internet technology in a very short period of time. Similarly to many advanced
            countries in the implementation of internet technology, the Estonian government made the
            whole of Estonia a virtual  domain in November 2005.  Meetings at the highest  national
            level, and other business meetings were conducted online, through the virtual domain, as
            well as documents signed with electronic signatures and Estonian citizens were able to vote
            electronically through their computers.

                              rd
            Estonia was ranked 23  in readiness and implementation of advanced information technology.
            Over 60% of the population had electronic bank accounts, while 95% of bank transactions were
            made electronically. All of this was tempting to the interests of numerous hackers wanting to
            test the Estonian cyber defences (Farivar, 2007). On 27 April 2007, the Estonian government
            relocated a monument to the victims of the Soviet Armed Forces’ liberation of Estonia from
            the fascist regime during World War II. This simple act of moving the monument from the
            centre of Estonian capital, Tallinn, outside the city, sparked in protests and clashes between
            Estonians and Russians. The protests were followed, by numerous cyber-attacks from Russian
            hackers targeting the operating systems of national and private firms and enterprises. During
            the cyber attacks the Estonian government’s website, had a normal flow of 1000 emails per
            day and spam messages of 2,000 per second. The government network was designed to handle
            2 million megabits per second and the servers were flooded with nearly 200 million megabits
            per second during the cyber attacks. The longest attack lasted over 10 hours and generated
            over 90 million megabytes of data per second. Because of this, the websites of the Ministry
            of Foreign Affairs and Justice were shut down until the cyber attacks on websites could be
            neutralized and normal service restored. The banks in Estonia were closed, which in addition
            to the national financial losses, was also felt in international banking (Wilson, 2008).

            On 15 May 2007, Russian hackers succeeded in disabling Estonia’s national telecommunica-
            tions information system, E-112, although while the Estonian authorities officially acknowl-
            edged this, Russian authorities refused to admit it (Eneken, et al., 2010: pp 15-34). USA and
            NATO sent teams of computer security experts to help the Estonian authorities cope with the
            massive wave of attacks on operating systems that paralyzed the country’s government web-
            sites, banking industry and media. What was of particular interest to computer security experts
            at the time, was that although the cyberattacks only lasted for several weeks, their intensity was
            really high. The coordinated and quickly activities of NATO allies stabilized the cyber security
            in Estonia. However, the websites of the national authorities, the State Office and the Federal
            National Election Committee were also targeted by cyber attacks during May 2007.

            The British Security Service, the office of the French Prime Minister, and the office of the
            German Chancellor, Angela Merkel, have all complained to China about cyberattacks on their
            government networks. Merkel has even raised the issue with the Chinese president. So far, no
            official source in China has acknowledged involvement in these cyber attacks.

            Expert estimates showed that would take several years for the development of classified infor-
            mation equipment and a type of cyber-worm that would be more sophisticated than commer-
            cial software, but the estimates were that cyber attacks on operating systems would be suc-
            cessful. Those who carried out the cyberattacks on nuclear power plants must have had access
            to highly restricted and classified information systems and equipment (Lewis, 2009: pp.9-11).

                                                                                    155