Who was behind the Estonia cyber attacks?

In May 2007, Estonia became the world’s first victim of a coordinated cyber-attack against a nation state, following a dispute with Russia over the relocation of a Soviet-era war memorial. While the Russian government’s involvement in the attacks could never be proved, the Estonian government told the U.S. they believed the Kremlin’s hands were all ...

By , a former associate editor at Foreign Policy.

In May 2007, Estonia became the world's first victim of a coordinated cyber-attack against a nation state, following a dispute with Russia over the relocation of a Soviet-era war memorial. While the Russian government's involvement in the attacks could never be proved, the Estonian government told the U.S. they believed the Kremlin's hands were all over it, according to a cable from June 6, 2007:

9. (S) The GOE believes it has enough circumstantial evidence to link Moscow with the attacks. As President Ilves told the Ambassador, renting the large number of bots used in these attacks is an expensive business. Moreover, as XXXXXXXXXXXX repeatedly asked us in conversations, "Who benefits from these attacks?" He speculated that the probing nature of the attacks on specific government and strategic private sector targets through the use of anonymous proxies fit the modus operandi of the Putin regime testing a new "weapon." XXXXXXXXXXXXX told us that the GOE now feels that their original assessment of a "cyber riot" may have been incorrect. "Looking at the patterns of the attacks, it is clear that there was a small, core of individuals who intended to launch their attack on May 9," XXXXXXXXXXXX explained, "but when the MOD announced its plans to move the Bronze Soldier on April 27, they moved up their plans to try to link the attacks with the monument's removal." Estonian analysis of these later sophisticated attacks and organization through Russian-language internet forums has led them to believe that the key individuals tried to disguise their initial attacks as a cyber riot. "You don't expect spontaneous, populist cyber attacks to have a pre-determined list of targets and precise dates and times for coordinated attacks," said XXXXXXXXXXX.

[...]

In May 2007, Estonia became the world’s first victim of a coordinated cyber-attack against a nation state, following a dispute with Russia over the relocation of a Soviet-era war memorial. While the Russian government’s involvement in the attacks could never be proved, the Estonian government told the U.S. they believed the Kremlin’s hands were all over it, according to a cable from June 6, 2007:

9. (S) The GOE believes it has enough circumstantial evidence to link Moscow with the attacks. As President Ilves told the Ambassador, renting the large number of bots used in these attacks is an expensive business. Moreover, as XXXXXXXXXXXX repeatedly asked us in conversations, "Who benefits from these attacks?" He speculated that the probing nature of the attacks on specific government and strategic private sector targets through the use of anonymous proxies fit the modus operandi of the Putin regime testing a new "weapon." XXXXXXXXXXXXX told us that the GOE now feels that their original assessment of a "cyber riot" may have been incorrect. "Looking at the patterns of the attacks, it is clear that there was a small, core of individuals who intended to launch their attack on May 9," XXXXXXXXXXXX explained, "but when the MOD announced its plans to move the Bronze Soldier on April 27, they moved up their plans to try to link the attacks with the monument’s removal." Estonian analysis of these later sophisticated attacks and organization through Russian-language internet forums has led them to believe that the key individuals tried to disguise their initial attacks as a cyber riot. "You don’t expect spontaneous, populist cyber attacks to have a pre-determined list of targets and precise dates and times for coordinated attacks," said XXXXXXXXXXX.

[…]

11. (S) On May 29, Konstantin Koloskokov, Commissar of the pro-Kremlin youth group Nashi in Transnistria, claimed responsibility for some of the early cyber attacks. While not discounting the possibility of his involvement, XXXXXXXXXXXX noted that some of the attacks were extremely sophisticated; beyond the technical abilities of an amateur. To illustrate the point, XXXXXXXXXXXX and XXXXXXXXXXXX described an attack that used a mysterious data packet to crash a GOE and Elion router so quickly that the Estonians are still uncertain how it was done. XXXXXXXXXXXX described in detail a number of additional attacks using different tools and techniques and targets to argue that an organized group with deep financial backing was the likeliest culprit. "Koloskokov is window dressing," said XXXXXXXXXXXX, "a convenient set-up by the real perpetrators." 

Joshua Keating was an associate editor at Foreign Policy. Twitter: @joshuakeating

More from Foreign Policy

Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.
Russian President Vladimir Putin chairs a commission on military-technical cooperation with foreign states in 2017.

What’s the Harm in Talking to Russia? A Lot, Actually.

Diplomacy is neither intrinsically moral nor always strategically wise.

Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.
Officers with the Security Service of Ukraine (SBU) wait outside an apartment in Kharkiv oblast, Ukraine.

Ukraine Has a Secret Resistance Operating Behind Russian Lines

Modern-day Ukrainian partisans are quietly working to undermine the occupation.

German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.
German Chancellor Olaf Scholz and French President Emmanuel Macron wave as they visit the landmark Brandenburg Gate illuminated in the colors of the Ukrainian flag in Berlin on May 9, 2022.

The Franco-German Motor Is on Fire

The war in Ukraine has turned Europe’s most powerful countries against each other like hardly ever before.

U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.
U.S. President Joe Biden holds a semiconductor during his remarks before signing an executive order on the economy in the State Dining Room of the White House in Washington, D.C.

How the U.S.-Chinese Technology War Is Changing the World

Washington’s crackdown on technology access is creating a new kind of global conflict.