This past May, the country of Estonia was hit hard by what its authorities called a “virtual war.” This war took the form of an attack on the country’s computer infrastructure.
Many governmental and commercial sites were hit. The attacks on the country’s commerce seemed to focus on the country’s media — television stations and newspapers. Additionally, other commercial sites were hit, such as banking institutions.
A governmental spokesperson was quoted as saying, “If you have a missile attack against, let’s say, an airport, it is an act of war. If the same result is caused by computers, then how else do you describe that kind of attack?”
Listen to Ted di Stefano (6:58 minutes)
Estonia and E-Commerce
Estonia is probably one of the most computer literate countries in the world. In fact, many Estonians like to call their country “E-stonia” because it’s so focused on e-commerce and the Internet. Internet cafes abound throughout the country. Many Estonians are very proud of the fact that their government is as near to being paperless as possible.
This heavy reliance on computers is, for the most part, great. However, if some person or country decided to launch a cyberattack on another country, its likely target would be a heavy user of computers and technology. This is exactly what happened in Estonia.
The Estonian officials have accused Russia of launching these attacks. Russia denies that accusation. NATO has become involved in this controversy because Estonia is one of its members, having taken membership some time in 2004.
What seems to have prompted this attack is a dispute between Estonia and Russia about the removal in Estonia of a war memorial that honored the former Soviet Union’s World War II involvement with the country. The removal of this monument has become a major controversy between the two countries.
Launching a Cyberattack
When such a cyberattack is launched, Web sites become inundated and virtually non-functional. The servers that service the Web sites are overwhelmed and then shut down.
When you realize that considerable commerce throughout the world is dependent on the Internet and the servers that keep it going, it’s no wonder that a cyberattack can bring a country to its knees.
Government services have to shut down; commerce is crippled because banks cannot properly function if the entire banking system is hit; the press and other media outlets can become hobbled; and even education can grind to a halt.
A botnet is a software robot that can run autonomously. Wikipedia, as part of its definition of a botnet, says, “the word is generally used to refer to a collection of compromised computers (called zombie computers) running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure.”
The culprit behind this phenomenon is curiously and aptly referred to as the bot herder or bot originator. What this person essentially does is “kidnap” computers and put them into a herd that does the person’s bidding.
Once a computer is “kidnapped” it is referred to as a “zombie,” meaning, of course, that it will follow the directions of the bot herder.
Bot herders always have an agenda of their own, invariably nefarious. They take control of people’s computers and run programs on them that can damage Web sites.
Usually, specific Web sites are targeted. In the case of the so-called Estonian cyberwar or attack, that country was likely targeted because of what was regarded as an anti-Soviet stance by Estonia’s taking down a World War II monument.
Because we unfortunately live in a world where terrorism has virtually become an everyday term, governments have to be increasing aware of the risks to their national security by other governments or groups that are at odds with their policies.
The head of Estonia’s Computer Emergency Response Team, Hillar Aarelaid, attributed the attack on his country’s computers to botnets. The challenge to a country’s computer security team is to accurately determine the real culprit behind the cyberattack.
Since the computers wreaking havoc on a country’s Internet system are invariably “hijacked” or “kidnapped,” the difficulty of tracing the real culprits behind an attack increases exponentially.
Computer experts from around the world are examining the Estonia cyberattack in order to glean from it some lessons that will help them protect their own countries from such an attack. These experts, in my opinion, will be hard put to get at the real source of Estonia’s cyberattack. All indications, however, do seem to point to Russia.
Maybe we can all learn and benefit from this virtual war and our nation’s computer security will only be enhanced by these lessons.
Theodore F. di Stefano is a founder and managing partner at Capital Source Partners, which provides a wide range of investment banking services to the small and medium-sized business. He is also a frequent speaker to business groups on financial and corporate governance matters. He can be contacted at [email protected].