2007 cyberattacks on Estonia

The Estonian government was quick to blame the Kremlin, accusing it of being directly involved in the attacks. However, later, Jaak Aaviksoo, admitted that he had no evidence linking the cyber-attacks to the Kremlin. "Of course, at the moment, I cannot state for certain that the cyber-attacks were managed by the Kremlin, or other Russian government agencies," he said in an interview on Estonia's Kanal 2 TV channel, "Again, it is not possible to say without doubt that orders came from the Kremlin, or that, indeed, a wish was expressed for such a thing there." Russia called the accusations of its involvement "unfounded", and neither NATO nor European Commission experts were able to find any proof of official Russian government participation. Since the attack, Estonia has advocated for increased cybersecurity protection and response protocol. == NATO's response ==

In response to such attacks, NATO conducted an internal assessment of their cyber security and infrastructure defenses. The assessment resulted in a report issued to the allied defense ministers in October 2007. It further developed into the creation of a cyber defense policy and the creation of the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) in May 2008. Due to the attacks, the Tallinn Manual on the International Law Applicable to Cyber Warfare was also developed. This report outlined international laws which are considered applicable to the cyber realm. The manual includes a total of ninety-five "black-letter rules" addressing cyber conflicts. The Tallinn Manual has worked to provide a global norm in cyber space by applying existing international law to cyber warfare. The manual suggests that states do not have sovereignty over the Internet, but that they do have sovereignty over components of the Internet in their territory. == Legalities ==

On 2 May 2007, a criminal investigation was opened into the attacks under a section of the Estonian Penal Code criminalising computer sabotage and interference with the working of a computer network, felonies punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on 10 May 2007, Estonian Public Prosecutor's Office made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty (MLAT) existing between Estonia and Russia. A Russian State Duma delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available. claiming that the proposed investigative processes are not covered by the applicable MLAT. Piret Seeman, the Estonian Public Prosecutor's Office's PR officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT. As of 13 December 2008, Russian authorities have been consistently denying Estonian law enforcement any investigative cooperation, thus effectively eliminating chances that those of the perpetrators that fall within Russian jurisdiction will be brought to trial. ==Opinions of experts==

Critical systems whose network addresses would not be generally known were targeted, including those serving telephony and financial transaction processing. Although not all of the computer crackers behind the cyberwarfare have been unveiled, some experts believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company. At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks "empty words, not supported by technical data". Professor James Hendler, former chief scientist at The Pentagon's Defense Advanced Research Projects Agency (DARPA) characterised the attacks as "more like a cyber riot than a military attack." Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in the attack. Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid, manager of Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue". "Today security analysts widely believe that the attacks were condoned by the Kremlin, if not actively coordinated by its leaders." Andy Greenberg, author of the WIRED Guide to Cyberwar 23 August 2019. He noted that the next year, 2008, similar attacks on Georgia were accompanied by a Russian physical invasion. wired.com. Clarke and Knake report that upon the Estonian authorities informing Russian officials they had traced systems controlling the attack to Russia, there was some indication in response that incensed patriotic Russians might have acted on their own. Priisalu discussed the attack's impact on the Estonian financial system, while Woodcock described the methods the Estonian CERT used to coordinate defensive actions with network operators and their counterparts in neighboring countries, and Vseviov talked about the broader societal implications of the attack, and NATO's Article 5 obligations. == Claiming responsibility for the attacks ==

A Commissar of the Nashi pro-Kremlin youth movement in Moldova and Transnistria, Konstantin Goloskokov (Goloskov in some sources), admitted organizing cyberattacks against Estonian government sites. Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh. Accordingly, no Mutual Legal Assistance Treaty applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic. Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok confirmed Russia's ability to conduct such an attack when he stated: ''"These attacks have been quite successful, and today the alliance had nothing to oppose Russia's virtual attacks"'', additionally noting that these attacks did not violate any international agreement. == Influence on international military doctrines ==

The attacks triggered a number of military organizations around the world to reconsider the importance of network security to modern military doctrine. On 14 June 2007, defence ministers of NATO members held a meeting in Brussels, issuing a joint communiqué promising action by the autumn of 2007. NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) was established in Tallinn on 14 May 2008. On 25 June 2007, Estonian president Toomas Hendrik Ilves met with US president George W. Bush. Among the topics discussed were the attacks on Estonian infrastructure. The events have been reflected in a NATO Department of Public Diplomacy short movie War in Cyberspace. ==See also==