CyberattacksCyber attacks ten years on: from disruption to disinformation

By Tom Sear

Published 27 April 2017

Today – 27 April — marks the tenth anniversary of the world’s first major coordinated “cyberattack” on a nation’s internet infrastructure: Russian government hackers attacked the computer systems of the government of Estonia in retaliation for what Russia considered to be an insult to the sacrifices of the Red Army during the Second World War. This little-known event set the scene for the onrush of cyber espionage, fake news, and information wars we know today. A cybersecurity expert recently told the Senate Select Committee on Intelligence that to understand current Russian active measures and influence campaigns — that is, to understand cyber operations in the twenty-first century – we must first understand intelligence operations in the twentieth century. Understanding the history of cyber operations will be critical for developing strategies to combat them. Narrowly applying models from military history and tactics will offer only specific gains in an emerging ecosystem of “information age strategies.” If nations wish to defend themselves, they will need to understand culture as much as coding.

Today is the tenth anniversary of the world’s first major coordinated “cyberattack” on a nation’s internet infrastructure. This little-known event set the scene for the onrush of cyber espionage, fake news, and information wars we know today.

In 2007, operators took advantage of political unrest to unleash a series of cyber measures on Estonia, as a possible form of retribution for symbolically rejecting a Soviet version of history. It was a new, coordinated approach that had never been seen before.

Today, shaping contemporary views of historical events is a relatively common focus of coordinated digital activity, such as China’s use of social media to create war commemoration and Russia Today’s live-tweeting the Russian Revolution as its centenary approaches.

In 2017 and into the future, it will be essential to combine insights from the humanities, particularly from history, with analysis from information operations experts in order to maintain cybersecurity.

Estonia ground to a halt
A dispute over a past war triggered what might be called the first major “cyber attack.”

On 27 April 2007 the government of Estonia moved the “Soldier of Tallinn” – a bronze statue that commemorated the Soviet Army of the Second World War – from the center of the city to a military cemetery on Tallinn’s outskirts. The action followed an extensive debate over the interpretation of Estonia’s past. A “history war” concerning the role of the Soviet Union in Estonia during and after the Second World War had split Estonian society.

Several days of violent confrontation followed the statue’s removal. The Russian-speaking population rioted. The protests led to 1,300 arrests, 100 injuries, and one death. The disturbance became known as “Bronze Night.”

A more serious disruption followed, and the weapons were not Molotov cocktails, but thousands of computers. For almost three weeks, a series of massive cyber operations targeted Estonia.

The disruption – which peaked on 9 May when Moscow celebrates Victory Day – brought down banks, the media, police, government networks and emergency services. Bots, distributed denial-of-service (DDoS) and spam were marshalled with a sophistication not seen before. Their combined effects brought one of the most digital-reliant societies in the world to a grinding halt.