Russian Hackings Shouldn’t Be Seen as a Novelty: the Case of Estonia’s “Cyber War I”

Russian Hackings Shouldn’t Be Seen as a Novelty: the Case of Estonia’s “Cyber War I”

[caption id="attachment_55252946" align="aligncenter" width="4057"]Faceless Computer Hacker (Getty) Faceless Computer Hacker (Getty)[/caption]

by Maia Otarashvili


In January 2017, the US Office of the Director of National Intelligence (which is a coalition of 17 agencies and organizations including the CIA, FBI and the NSA), released a report that explained the Russian campaign to influence the US presidential election. According to the report, American intelligence agencies believe that Russian President Vladimir Putin did, in fact, order efforts to influence the 2016 US presidential election.

“Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian government developed a clear preference for President-elect Trump. . . . Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations – such as cyber activity – with overt efforts by Russian government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls.’”

This news shocked many Americans. Of particular concern is the fact that Russian hackers leaked confidential information belonging to Hillary Clinton and the Democratic Party to WikiLeaks. The United States hasn’t been a target of such scandalous Russian meddling before. But this type of behavior from Russia shouldn’t come as a surprise. After all, the Russian government has already tried and tested cyber-warfare quite successfully.

The 2007 Cyber-Attacks on Estonia: “Cyber War I”





Nine years before the 2016 US presidential race, Russia was involved in another major scandal, involving Estonia. Estonia, a small European state previously a part of the USSR and now member of both the EU and NATO, is a champion of e-governance. Under the framework of “e-Estonia,” the country has morphed itself into an “e-society,” meaning all government business and banking are paperless. Even voting is done online. This country of only 1.3 million was the first ever to make internet access a human right. In 2016, 99.6% of banking transactions were done with e-banking services, and 96% of people declared their income electronically.

But Estonia’s aspirations to revolutionize e-governance also exposed the country to unprecedented vulnerabilities. In 2007, as a part of its attempt to eschew its Soviet legacies, the government decided to relocate a Soviet war memorial away from Tallinn city center. Russian outrage and threats of sanctions followed the move. Hooligans attacked the Estonian ambassador in Moscow, and soon the websites of Estonian government agencies, newspapers, and banks began to go down. The cyber-attacks lasted three weeks and came in waves which practically paralyzed Estonia. The hackers sent large amounts of information to the targeted websites simultaneously, causing them to overload and freeze. It was reported that the hackers infected up to a quarter of the world’s computers (turning them into “zombie computers”), and they used software robots to flood Estonian websites with bogus information on a Distributed Denial of Service (DDoS) attack (an attack that is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources). Additionally, the hackers were joined by ordinary people who obtained instructions from Russian websites on how to carry out a DDoS attack. Some sites were set up to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting “evil.” These attacks were coupled with disinformation, as other hacked sites spread false news that the Estonian government had asked Russia for forgiveness, promising to return the statue to its original place.

The Estonian government likened this three-week-long cyber-attack to terrorist activities. These attacks were seen as the first cases of “cyberwar,” a term, which along with “cyber-terrorism,” was a novelty back in 2007. While Estonian officials were able to trace some of the initial hacker IP addresses to the Russian government and presidential administration, they had difficulty proving that the Russian government carried out the attacks. Yet Estonia made a formal request to NATO to invoke Article 5, which obligates NATO to retaliate for attacks on any of its member states. The incident revealed important vulnerabilities of the international rules-based order. It turned out that the rules weren’t designed to handle 21st century challenges, such as cyber warfare. The anonymity of this type of cyber-terrorism proved convenient for Russian officials, who denied involvement.

Back in 2007, Anne Applebaum wrote that “the attacks [were] Russian ‘tests’ of the West’s preparedness for cyber-warfare in general and of NATO’s commitment to its newest, weakest members in particular.” At that time, the West failed the test, as in the end, Russia managed to get out of trouble unscathed. The applicability of NATO’s Articles IV and V were too unclear for this type of situation that no retaliation was possible.

Nonetheless, the international community did learn a few lessons from Estonia’s “Cyber War I.” At its Bucharest Summit in 2008, NATO created a Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia. It also created a new Cyber Defense Management Authority in Brussels. Over the following years, NATO’s work towards improving the cyber security of its member states was deeply shaped by Estonia’s experience. This has enabled Estonia to continue the digitalization of its government and society without further disruptions. The country is currently one of the leading NATO member states in e-governance and cyber security.



“Cyber War II?”





In view of continued Russian cyber-threats, Applebaum’s 2007 warning still resonates today: “[B]ut there the affair will end – until whoever forced the Estonian government out of cyberspace comes back online, better armed for the next battle.”

Russia has, indeed, come better armed and prepared this time. Its earlier “cyber war” formula has now turned into a more sophisticated “hybrid war” approach to exerting influence in the West. The first widely publicized Russian involvement came in the form of Brexit. Here, Russian propaganda, which began as early as 2015, was directed towards inciting hatred of immigrants and fear of terrorism— sentiments, which in the end, played a deciding role in the “leave” vote.

In a recent article, Clint Watts and Andrew Weisburd documented the steps Russia had to take to rig the US presidential elections without directly falsifying the votes.

“In the U.S., Russia’s blending of semi-overt and covert social media accounts use common hashtags and phrases to create what appear to be conservative Trump supporters or alt-right cheerleaders. These social media personas, whose bios are littered with words like “country,” “Christian,” “America” and “military,” then push pro-Trump hashtags loaded with skewed and fake news at American audiences, helping generate organic Trump support and distrust of the U.S. government.”

Watts and Weisburd also explain how Russia helped Brexit supporters:

“The United Kingdom observed a similar campaign. Dating back to the earliest parts of 2015, Russian media outlets incited fear of immigration and promoted Brexit advocate Nigel Farage’s accusations of American manipulation to foster popular support for the British to leave the EU.”

In early November 2016, Weisburd, Watts, and JM Berger published a comprehensive report which studied Russia’s trolling practices in the West. After spending 30 months closely watching Russia’s online influence operations and monitoring some 7,000 accounts, the team’s main message is frightening: “Trump isn’t the end of Russia’s information war against America. They are just getting started.”

As the case of the US presidential elections illustrated, Russia’s goal is no longer to freeze web-sites and paralyze governments and banks like it did during the test-run in Estonia. The real damage is now conducted through information wars. Hacking into databases and leaking classified documents allows Mr. Putin’s government to manipulate opinions and actions of people in other countries. Taking advantage of social media helps Russia further popularize ideas that advance its interests. There is no real evidence that can prove this without comprehensive and expensive investigations like those conducted by Watts and his team. Even then, international laws are not designed to punish such behavior. It is not illegal to create fake Twitter accounts and spread false news on social media.

Thankfully, Estonia’s experience has enabled the international community to develop strong capabilities of tracing trolls and identifying hackers. After gathering enough evidence to prove Russia’s liability in the DNC hacks, President Obama sanctioned Russian intelligence officials, expelled 35 Russian diplomats suspected of being spies, and shut down two Russian facilities in the United States.


Going Forward




In her January 17 speech, Samantha Power, US ambassador to the UN, encouraged Americans “to fight misinformation with information; fiction with facts.” Estonia’s experience taught the West how to deal with cases of cyber-attacks. But right now, the new Russian cyber warfare tactics have an online propaganda component, which is not properly countered at the moment. Amb. Power reminded Americans that the Russian government had spent up to $1 billion a year on propaganda tools like the television channel RT. Western nations will have to make meaningful financial investments in their anti-propaganda efforts to catch up with Putin’s sophisticated propaganda machine.

The National Intelligence Agency’s January 2017 report also assessed that “Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.” The US allies whose election processes will be targeted next are France, Germany, and Holland, among others. All three of these countries have national elections coming up in 2017, and in all three places, Russian funding of far-right nationalistic parties, as well as active Russian media propaganda, have been reported and are to be expected. Thus, the West now has a chance to learn and adopt quickly and prove that it has learned its lessons from the painful experiences of 2016.
font change