Page 155 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 155
ANDREJ ILIEV, FERDINAND ODZAKOV: HISTORICAL AND LEGAL ASPECTS OF CYBER ATTACKS ON CRITICAL INFRASTRUCTURE
The third and last historical period of cyber warfare begins after the 9/11 terrorist attacks on
the United States in 2001. The first significant cyber-attack in this third period was in Estonia
in 2007. Estonia, a small country with a population of just over 1.3 million, had a boom in
the use of internet technology in a very short period of time. Similarly to many advanced
countries in the implementation of internet technology, the Estonian government made the
whole of Estonia a virtual domain in November 2005. Meetings at the highest national
level, and other business meetings were conducted online, through the virtual domain, as
well as documents signed with electronic signatures and Estonian citizens were able to vote
electronically through their computers.
rd
Estonia was ranked 23 in readiness and implementation of advanced information technology.
Over 60% of the population had electronic bank accounts, while 95% of bank transactions were
made electronically. All of this was tempting to the interests of numerous hackers wanting to
test the Estonian cyber defences (Farivar, 2007). On 27 April 2007, the Estonian government
relocated a monument to the victims of the Soviet Armed Forces’ liberation of Estonia from
the fascist regime during World War II. This simple act of moving the monument from the
centre of Estonian capital, Tallinn, outside the city, sparked in protests and clashes between
Estonians and Russians. The protests were followed, by numerous cyber-attacks from Russian
hackers targeting the operating systems of national and private firms and enterprises. During
the cyber attacks the Estonian government’s website, had a normal flow of 1000 emails per
day and spam messages of 2,000 per second. The government network was designed to handle
2 million megabits per second and the servers were flooded with nearly 200 million megabits
per second during the cyber attacks. The longest attack lasted over 10 hours and generated
over 90 million megabytes of data per second. Because of this, the websites of the Ministry
of Foreign Affairs and Justice were shut down until the cyber attacks on websites could be
neutralized and normal service restored. The banks in Estonia were closed, which in addition
to the national financial losses, was also felt in international banking (Wilson, 2008).
On 15 May 2007, Russian hackers succeeded in disabling Estonia’s national telecommunica-
tions information system, E-112, although while the Estonian authorities officially acknowl-
edged this, Russian authorities refused to admit it (Eneken, et al., 2010: pp 15-34). USA and
NATO sent teams of computer security experts to help the Estonian authorities cope with the
massive wave of attacks on operating systems that paralyzed the country’s government web-
sites, banking industry and media. What was of particular interest to computer security experts
at the time, was that although the cyberattacks only lasted for several weeks, their intensity was
really high. The coordinated and quickly activities of NATO allies stabilized the cyber security
in Estonia. However, the websites of the national authorities, the State Office and the Federal
National Election Committee were also targeted by cyber attacks during May 2007.
The British Security Service, the office of the French Prime Minister, and the office of the
German Chancellor, Angela Merkel, have all complained to China about cyberattacks on their
government networks. Merkel has even raised the issue with the Chinese president. So far, no
official source in China has acknowledged involvement in these cyber attacks.
Expert estimates showed that would take several years for the development of classified infor-
mation equipment and a type of cyber-worm that would be more sophisticated than commer-
cial software, but the estimates were that cyber attacks on operating systems would be suc-
cessful. Those who carried out the cyberattacks on nuclear power plants must have had access
to highly restricted and classified information systems and equipment (Lewis, 2009: pp.9-11).
155