Window on Eurasia: NATO Now Defending Estonia against Russian Hackers

Paul Goble

Vienna, May 18 – Responding to appeals from Tallinn, NATO officials in Brussels announced yesterday that the alliance will set up a cyberspace defense center in Estonia, a member of the alliance, to help that Baltic country defend its key electronic infrastructure against attacks by Russian hackers.
Since April, after Tallinn’s decision to shift a Soviet war memorial, Russian hackers have launched denial of service attacks against the websites of Estonian officials, political parties, newspapers, and banks (http://lenta.ru/articles/2007/05/17/hack/ and http://www.strana.ru/stories/07/04/23/3740/313199l.html).
Given the centrality of the Internet in Estonian life – it is one of the most online countries in the world and the place where the now universally used Internet café sign was created – these attacks disrupted that country’s everyday life and exacerbated the conflict between Estonians and Russians over the “Bronze soldier” monument.
Not surprisingly, given the suddenness and scope of the attacks, Estonian officials, and many of them, including Foreign Minister Urmas Paet, blamed the Russian authorities for organizing what some in the Estonian and Russian media have called “an undeclared war” against Estonia.
Not surprisingly, the Kremlin and the Russian foreign ministry categorically denied any official involvement in this cyber action, with officials of the Office of the Russian President even suggesting that Baltic hackers had recently launched “an unprecedented attack” of their own on the website of Vladimir Putin.
And Lenta.ru’s Igor Belkin suggested in his report that Estonian officials could be making such charges only if they were unfamiliar with life in the Russian Internet. “It is doubtful,” he said, that the Kremlin would have been able to organize in such a short time ‘a military detachment of hackers” and to direct it against Estonian sites.
It is of course entirely possible that this action against Internet sites in Estonia was the work of Russia’s legions of individual hackers – Ru.net blogs were full of suggestions about Estonian URL’s that could be attacked – but there may be more to the Estonian charges that either Moscow or others acknowledge.
In the 1980s, the KGB organized a special computer “hacker school” near Chelyabinsk so that the Soviet secret service would be able to take out of commission any site that the government did not like. That school apparently continues to operate, and officers in Administration K of Russia’s FSB have made use of its graduates.
Given the difficulties inherent in tracking down precisely who is responsible for what goes on the web – those capable of hacking are generally able to cover their tracks – it may be that no one will ever know for sure whether this attack was organized by Moscow or conducted spontaneously by individual Russians.
But this broadscale attack, and NATO’s rapid response to the Estonian request suggests that not only Tallinn but all the governments in Eastern Europe will now be asking some very serious questions about what their national security consists of in the new electronic world and what role alliances like NATO can play.
Among these questions, three stand out: First, while no one doubts that NATO has the forces to block any conventional attack on these states, is the Western alliance in a position to defend these countries from unconventional attacks such as the hacking of key information infrastructure?
Second, as serious as these Russian attacks were – their economic consequences will certainly be reflected in second quarter statistics – they were brief because both sides began to tone down the rhetoric in the last week or ten days. But, many will certainly ask, what would happen if such attacks were to continue for any length of time?
And third, given the possible impact of such attacks, East Europeans may enquire, what if anything can they do to protect themselves against them, lest they find themselves subject to hacking as a tool of unconventional influence and thus be forced to back away from any decision officials in the Russian capital might not like?
The answers to these are neither obvious nor easy, but precisely what NATO officials will be doing to provide Tallinn with a new form of defense against this new kind of attack is something leaders across the entire region -- and beyond -- will certainly be following closely.