When the Estonian government was hit with major, sustained denial-of-service attacks this spring, the headlines screamed that it was the first incident of modern cyber warfare.
The attacks disrupted a dozen government Web sites and networks run by ISPs, financial institutions and media outlets for several weeks in April and May. A global botnet of compromised home computers was used to create and direct the packet flood attacks that reached a peak of 90Mbps. Hackers also defaced key government Web sites with anti-Estonian slogans.
Pro-Russian activists were behind the cyber attacks, which were motivated by the Estonian government's decision to move a Soviet World War II memorial. All in all, the hackers launched hundreds of individual cyberattacks against Estonian Web sites, ranging from less than one minute to 10 hours or more.
The Estonian attacks have left U.S. IT and network professionals wondering if they've entered a new era of cyber war and what they should be doing to prepare for politically motivated attacks.
Glen Baker, CIO of Outsource Partners (OPI), says he is "absolutely" concerned about the Estonia incident and the threat of politically motivated attacks against his company's network. The New York City firm does finance and accounting outsourcing for multinational companies, and it has the majority of its 1,500 employees in India and Bulgaria.
"We're in the process of hiring a security consulting firm to try to mitigate this threat," he says. "They will do analysis for us and build what a typical industry response should be."
Baker says OPI suffered Web defacements in 2001 and sees regular virus and spam attacks through incoming e-mail. He says he's more concerned about hactivism than he is about internal threats such as disgruntled employees.
"We have locked down facilities in India and Bulgaria. Users don't have many access rights or Internet access. They can't bring personal items on to our networks," Baker says. "But we do worry about external attacks. We can imagine political or anti-outsourcing attacks. Those are the ones we are trying to target and trying to mitigate."
Jose Nazario, senior security researcher with Arbor Networks, says CIOs in government and industry have been asking about the Estonian incident and whether it is evidence of a new online threat.
"As we move more critical infrastructure to the Internet and we depend on it more and more for communications, the threat [of cyber war] is real," Nazario says. "It could be as specific as shutting down a phone system or it could be like the Estonian attacks, which were hitting key government sites and mail servers. It could be both making a statement and disrupting an activity."
Security experts agree that despite the damage caused by the Estonian attacks, they were more hactivism than all-out cyber war. However, experts fear that we could be entering an era of more frequent politically motivated attacks and that commercial networks will be targeted.
Experts say that the success of the Estonian attacks and the publicity they received may encourage other disgruntled individuals or groups to launch copycat attacks. Companies with unpopular employment policies, business practices or those contributing to global climate change could be hit by similar attacks, they warn.
"There is potential for [politically motivated attacks] to be more frequent based on the attention brought to what happened in Estonia," says Michael Witt, deputy director of the U.S. Computer Emergency Readiness Team within the Department of Homeland Security.
"We're sort of in unchartered territory," Witt adds. "You don't know what is going to upset an individual or a group to see if later they will launch a cyber attack."