2007 DDoS attacks against Estonia

Posted byMargaux Posted on27 March 2021 Comments0

In April and May 2007, Estonia became the target of the ‘world’s first cyber-attacks against a nation state’[1]. The cyber-attacks took place in response to the announcement of the Estonian Government on January 10, 2007, to relocate a Soviet-era war memorial statue, the Bronze Soldier. 

The Bronze Soldier, a Soviet-era war memorial statue

Unfortunately for Estonia, the state had been integrating the use of the Internet into public life, so it was particularly vulnerable to cyber-attacks. For instance, voting and filling of taxes were already available online. The Estonian parliament, had also enacted that access to the internet was a human right in February 2000. Because the use of internet was heavily embedded into public life in 2007, Estonia was considered a particularly well wired country even when compared to the European criteria[2].

The 2007 attacks are mainly composed of two waves. The attacks that took place right after the relocation of the statue used relatively simple methods compared to the more advanced attacks that started to come out on April 30. 

  • The first wave involved ping flood, which is a common Denial-of-Service (DoS) attack[3]. This type of attack consists of flooding the victim’s network with request packets, knowing that the network will respond with an equal number of reply packets[4]. Therefore, it creates a Denial-of-Service because users can no longer access the dysfunctional or even shut down network. 
  • The more advanced and sophisticated attacks that started to emerge on April 30 were Distributed Denial-of-Service (DDoS) attacks. Those kinds of attacks occurred when multiple computers are used to target one system at the same time[5]. This is achieved through the use of botnets, networks of hijacked computers and devices infected with bot malware and remotely controlled by a hacker[6].

In both waves, the largest part of malicious network traffic was a Russian-language origin and had indicators of political inspiration[7] but the attacks’ origin remained very unclear since they were apparently carried out independently by individuals using their own resources. Therefore, any state sponsor responsible for setting up the attacks was able to act under cover and oppose any accusations.


[7] NATO CCDCOE, ‘2007 cyberattacks on Estonia’ 


[6] Stephen Herzog, ‘Revisiting the Estonian Cyber Attacks: Digital threats and Multinational Responses’, Journal of Strategic Security (Summer 2011) 


[5]  Jose Nazario, ‘Estonian DDoS Attacks – A Summary to Date’ (17 May 2007), https://www.netscout.com/arbor-ddos, accessed March 16, 2021


[4] Denial of Service attacks: (DoS attacks): attack meant to shut down a machine or a network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic.

[3] Common Denial of Service attack in which the attacker takes down a victim’s computer by overwhelming it with request packets, also known as pings, to which the network will respond with an equal number of reply packets


[2] Joshua Davis, ‘Hackers take down the most wired country in Europe’, Wired (21 August 2007), https://www.wired.com/2007/08/ff-estonia/, accessed on March 15, 2021


[1] ‘On April 27, Estonia became the unprecedented victim of the world’s first cyber-attacks against a nation state’, Jeff Goldstein, ‘Estonia’s Cyber Attacks: Lessons Learned’ (Wikileaks Cable, 6 June 2007), https://wikileaks.org/plusd/cables/07TALLINN375_a.html, accessed March 15, 2021 

Category

Leave a Comment