Back
About RSIS
Introduction
Building the Foundations
Welcome Message
Board of Governors
Staff Profiles
Executive Deputy Chairman’s Office
Dean’s Office
Management
Distinguished Fellows
Faculty and Research
Associate Research Fellows, Senior Analysts and Research Analysts
Visiting Fellows
Adjunct Fellows
Administrative Staff
Honours and Awards for RSIS Staff and Students
RSIS Endowment Fund
Endowed Professorships
Career Opportunities
Getting to RSIS
Research
Research Centres
Centre for Multilateralism Studies (CMS)
Centre for Non-Traditional Security Studies (NTS Centre)
Centre of Excellence for National Security
Institute of Defence and Strategic Studies (IDSS)
International Centre for Political Violence and Terrorism Research (ICPVTR)
Research Programmes
National Security Studies Programme (NSSP)
Social Cohesion Research Programme (SCRP)
Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
Other Research
Future Issues and Technology Cluster
Research@RSIS
Science and Technology Studies Programme (STSP) (2017-2020)
Graduate Education
Graduate Programmes Office
Exchange Partners and Programmes
How to Apply
Financial Assistance
Meet the Admissions Team: Information Sessions and other events
RSIS Alumni
Outreach
Global Networks
About Global Networks
RSIS Alumni
Executive Education
About Executive Education
SRP Executive Programme
Terrorism Analyst Training Course (TATC)
International Programmes
About International Programmes
Asia-Pacific Programme for Senior Military Officers (APPSMO)
Asia-Pacific Programme for Senior National Security Officers (APPSNO)
International Conference on Cohesive Societies (ICCS)
International Strategy Forum-Asia (ISF-Asia)
Publications
RSIS Publications
Annual Reviews
Books
Bulletins and Newsletters
RSIS Commentary Series
Counter Terrorist Trends and Analyses
Commemorative / Event Reports
Future Issues
IDSS Papers
Interreligious Relations
Monographs
NTS Insight
Policy Reports
Working Papers
External Publications
Authored Books
Journal Articles
Edited Books
Chapters in Edited Books
Policy Reports
Working Papers
Op-Eds
Glossary of Abbreviations
Policy-relevant Articles Given RSIS Award
RSIS Publications for the Year
External Publications for the Year
Media
Cohesive Societies
Sustainable Security
Other Resource Pages
News Releases
Speeches
Video/Audio Channel
External Podcasts
Events
Contact Us
S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
Nanyang Technological University Nanyang Technological University
  • About RSIS
      IntroductionBuilding the FoundationsWelcome MessageBoard of GovernorsHonours and Awards for RSIS Staff and StudentsRSIS Endowment FundEndowed ProfessorshipsCareer OpportunitiesGetting to RSIS
      Staff ProfilesExecutive Deputy Chairman’s OfficeDean’s OfficeManagementDistinguished FellowsFaculty and ResearchAssociate Research Fellows, Senior Analysts and Research AnalystsVisiting FellowsAdjunct FellowsAdministrative Staff
  • Research
      Research CentresCentre for Multilateralism Studies (CMS)Centre for Non-Traditional Security Studies (NTS Centre)Centre of Excellence for National SecurityInstitute of Defence and Strategic Studies (IDSS)International Centre for Political Violence and Terrorism Research (ICPVTR)
      Research ProgrammesNational Security Studies Programme (NSSP)Social Cohesion Research Programme (SCRP)Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      Other ResearchFuture Issues and Technology ClusterResearch@RSISScience and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      Graduate Programmes OfficeExchange Partners and ProgrammesHow to ApplyFinancial AssistanceMeet the Admissions Team: Information Sessions and other eventsRSIS Alumni
  • Outreach
      Global NetworksAbout Global NetworksRSIS Alumni
      Executive EducationAbout Executive EducationSRP Executive ProgrammeTerrorism Analyst Training Course (TATC)
      International ProgrammesAbout International ProgrammesAsia-Pacific Programme for Senior Military Officers (APPSMO)Asia-Pacific Programme for Senior National Security Officers (APPSNO)International Conference on Cohesive Societies (ICCS)International Strategy Forum-Asia (ISF-Asia)
  • Publications
      RSIS PublicationsAnnual ReviewsBooksBulletins and NewslettersRSIS Commentary SeriesCounter Terrorist Trends and AnalysesCommemorative / Event ReportsFuture IssuesIDSS PapersInterreligious RelationsMonographsNTS InsightPolicy ReportsWorking Papers
      External PublicationsAuthored BooksJournal ArticlesEdited BooksChapters in Edited BooksPolicy ReportsWorking PapersOp-Eds
      Glossary of AbbreviationsPolicy-relevant Articles Given RSIS AwardRSIS Publications for the YearExternal Publications for the Year
  • Media
      Cohesive SocietiesSustainable SecurityOther Resource PagesNews ReleasesSpeechesVideo/Audio ChannelExternal Podcasts
  • Events
  • Contact Us
    • Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
      rsisvideocast
      school/rsis-ntu
      rsis.sg
      rsissg
      RSIS
      RSS
      Subscribe to RSIS Publications
      Subscribe to RSIS Events

      Getting to RSIS

      Nanyang Technological University
      Block S4, Level B3,
      50 Nanyang Avenue,
      Singapore 639798

      Click here for direction to RSIS

      Get in Touch

    Connect
    Search
    • RSIS
    • Publication
    • RSIS Publications
    • CO07043 | The First information War? Russia’s Cyberwar Against Estonia
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • RSIS Commentary Series
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • Future Issues
    • IDSS Papers
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers

    CO07043 | The First information War? Russia’s Cyberwar Against Estonia
    Paul Mitchell

    23 May 2007

    download pdf

    Commentary

    IN APRIL, the tiny Baltic state of Estonia moved a war memorial dedicated to fallen Soviet soldiers of World War Two from its prominent location in central Tallin to a military cemetery outside the capital. The act resulted first in a series of civil disturbances throughout the ethnically-diverse country that left one dead, 40 injured, and 300 arrested. However, it is the subsequent “cyber-war”, ostensibly lead by the Kremlin, that has attracted the most attention in recent days. The media has typically warned of new forms of warfare that threaten modern societies, however, there is much that is familiar in the present conflict. Overlooked is the role that Estonia has played in recent months to frustrate a German/Russian oil pipeline. Indeed, Germany’s Gerhard Schroeder recently claimed that in this dispute Estonia had contradicted “every form of civilised behaviour”.

    A playback of history

    For all the sound and light accompanying the story, the context is depressingly familiar for students of history. Indeed, the story is at least as old as the Peloponnesian war. In 416BC, the superpower of the age, maritime Athens demanded the obeisance of the tiny neutral republic of Melos with the famous observation that “the strong do what they can and the weak suffer what they must”. Russia seems intent of reminding Estonia, now emboldened by membership in both NATO and the European Union (EU), of this eternal strategic truth.

    In times past, the Kremlin might have had to content itself with massing tank armies on the border of Estonia. Such sabre-rattling would have led to a significant crisis in East-West relations that had a high potential of cascading out of control. Information Technology (IT) gives actors of all stripes new avenues for coercion, especially of “fragile” modern societies like Estonia. John Robb, the author of Brave New War points to the ability of “global guerrillas” to create systemic disruptions with IT by attacking the infrastructure of a country. Estonia is highly vulnerable to such attacks. Most of its government provides services through on-line portals, and its banking sector is heavily dependent on on-line services. While Robb is primarily concerned with the actions of groups like Al Qaeda, clearly these capabilities are well within the ambit of states as well.

    Russian targets

    To date, cyber attacks on Estonia have been limited to denial of service attacks (DOS). Websites for the Estonian presidency, its parliament, government ministries and political parties have all been targeted, as have three of the six news agencies and two of its banks. Given the role of the Internet in facilitating Estonian elections, such attacks are clearly worrisome in their potential impacts. Initial attacks were poorly executed, reportedly from computers traceable to the Kremlin itself. However, later attacks emerged from a wide variety of international sources, probably from “zombie” systems. So called “bot-nets” are built from a series of remote computers that, without the owner’s knowledge, overwhelm targeted web-sites with waves of spam or information requests. Such zombies are recruited through the spread of viruses or Trojan horses onto the affected systems. As these attacks have come from systems as far away as Vietnam, Estonia has had to block many of its sites to international traffic, impacting especially the conduct of on-line business.

    As disruptive as DOS is for websites providing information and services, it is important to note that such disruptions are more of an irritant than anything else. DOS attacks against on- line banking services and businesses are certainly a modern form of economic warfare resulting in lost income and as such must be considered seriously. However, the effective collapse of Estonia’s economy would probably require a long term sustained campaign that the present underground methods are unlikely to deliver, especially given the growing support being provided to Estonia from NATO computer security experts. For example, consider how ineffective much more comprehensive sanctions regimes targeting Serbia, Iraq, and other pariah states have been in gaining political compliance.

    What next?

    More pernicious forms of information warfare may yet surface in this current struggle. As yet, however, there have been no reports of the alteration of information on secure websites, or the collapse of public services such as energy, communication and transportation networks. States may be reluctant to engage in such tactics given the efficacy of reciprocal use against the attacker. Indeed, in past conflicts, the US has refrained from engaging these forms of information warfare for fear of breaching these operational taboos.

    While many in the media are calling this the first information war, the coercive use of IT is at least a decade old. The Guardian reported that the US allegedly used “offensive hacking” against Haiti in 1995. Furthermore, Serbia engaged in information warfare against both NATO and the US during the Kosovo conflict in 1999. The Serbs shut down NATO web servers using DOS attacks, and managed to hack into secure sites, defacing them with their own propaganda. The Serbs even managed to crash a White House server. The US reportedly feared being accused of war crimes if they attacked “civilian” web sites. Since these early campaigns, however, information warfare has become increasingly ubiquitous. Last year, Hizbullah used Photo-Shopped .jpg files for propaganda purposes as an important tool to shape international opinion of Israeli operations. The website infowar-monitor.net currently watches the coercive use of IT in five different conflict areas, including Chechnya, and India-Pakistan.

    So is anything new in this current struggle? The bot-net nature of the conflict points to the creative use of the anarchical features of the Internet itself. One Estonian computer security specialist noted that “the EU and NATO need to work out a common legal basis to deal with cyber-attacks”, as if this were some minor bureaucratic misunderstanding.

    Implications of the cyberwar

    This misses the whole point that using distributed attacks from anonymous zombie systems, Russia gains enough plausible deniability to frustrate any legal challenge until long after the political effect of such attacks have already had their impact. However, much of this present conflict is fairly well grounded in historical precedent. The small nation of Estonia, with as much as 40% of its population being ethnic Russian, has unwisely provoked its much larger neighbour and now must hope that the thin promises of collective defence enshrined in

    3 Article V of the Washington Treaty will be enough to protect its sovereignty. In the 1939 Winter War, Finland played a very similar game against Russia and lost; most of Scandinavia took notice, going to extreme lengths to avoid angering the Russian bear even during the height of the Cold War.

    Information technology clearly gives Estonia some resources to play against the Russians in this struggle. An effective counter-information campaign is beginning to emerge in the very nature of the Western media’s coverage of this skirmish. Further, just as smaller Hizbullah was able to manipulate an ironic “David vs. Goliath” image, so too can Western Estonia confront the traditional Eastern Russian bully. However, none of this changes the fundamental strategic logic of geographical proximity. In the end, Brussels is much further removed from Tallin than Moscow. Estonia will not be deprived of its sovereignty by DOS attacks, but rather through a sustained campaign against its infrastructure and the removal of its government’s ability to control its own territory. Info-war may play a role in this, but it will not remove the need for the ubiquitous “boots on the ground”.

    About the Author

    Paul T. Mitchell is an Associate Professor with the Revolution in Military Affairs (RMA) Programme of the S. Rajaratnam School of International Studies, NTU. 

    Categories: RSIS Commentary Series / Europe

    Commentary

    IN APRIL, the tiny Baltic state of Estonia moved a war memorial dedicated to fallen Soviet soldiers of World War Two from its prominent location in central Tallin to a military cemetery outside the capital. The act resulted first in a series of civil disturbances throughout the ethnically-diverse country that left one dead, 40 injured, and 300 arrested. However, it is the subsequent “cyber-war”, ostensibly lead by the Kremlin, that has attracted the most attention in recent days. The media has typically warned of new forms of warfare that threaten modern societies, however, there is much that is familiar in the present conflict. Overlooked is the role that Estonia has played in recent months to frustrate a German/Russian oil pipeline. Indeed, Germany’s Gerhard Schroeder recently claimed that in this dispute Estonia had contradicted “every form of civilised behaviour”.

    A playback of history

    For all the sound and light accompanying the story, the context is depressingly familiar for students of history. Indeed, the story is at least as old as the Peloponnesian war. In 416BC, the superpower of the age, maritime Athens demanded the obeisance of the tiny neutral republic of Melos with the famous observation that “the strong do what they can and the weak suffer what they must”. Russia seems intent of reminding Estonia, now emboldened by membership in both NATO and the European Union (EU), of this eternal strategic truth.

    In times past, the Kremlin might have had to content itself with massing tank armies on the border of Estonia. Such sabre-rattling would have led to a significant crisis in East-West relations that had a high potential of cascading out of control. Information Technology (IT) gives actors of all stripes new avenues for coercion, especially of “fragile” modern societies like Estonia. John Robb, the author of Brave New War points to the ability of “global guerrillas” to create systemic disruptions with IT by attacking the infrastructure of a country. Estonia is highly vulnerable to such attacks. Most of its government provides services through on-line portals, and its banking sector is heavily dependent on on-line services. While Robb is primarily concerned with the actions of groups like Al Qaeda, clearly these capabilities are well within the ambit of states as well.

    Russian targets

    To date, cyber attacks on Estonia have been limited to denial of service attacks (DOS). Websites for the Estonian presidency, its parliament, government ministries and political parties have all been targeted, as have three of the six news agencies and two of its banks. Given the role of the Internet in facilitating Estonian elections, such attacks are clearly worrisome in their potential impacts. Initial attacks were poorly executed, reportedly from computers traceable to the Kremlin itself. However, later attacks emerged from a wide variety of international sources, probably from “zombie” systems. So called “bot-nets” are built from a series of remote computers that, without the owner’s knowledge, overwhelm targeted web-sites with waves of spam or information requests. Such zombies are recruited through the spread of viruses or Trojan horses onto the affected systems. As these attacks have come from systems as far away as Vietnam, Estonia has had to block many of its sites to international traffic, impacting especially the conduct of on-line business.

    As disruptive as DOS is for websites providing information and services, it is important to note that such disruptions are more of an irritant than anything else. DOS attacks against on- line banking services and businesses are certainly a modern form of economic warfare resulting in lost income and as such must be considered seriously. However, the effective collapse of Estonia’s economy would probably require a long term sustained campaign that the present underground methods are unlikely to deliver, especially given the growing support being provided to Estonia from NATO computer security experts. For example, consider how ineffective much more comprehensive sanctions regimes targeting Serbia, Iraq, and other pariah states have been in gaining political compliance.

    What next?

    More pernicious forms of information warfare may yet surface in this current struggle. As yet, however, there have been no reports of the alteration of information on secure websites, or the collapse of public services such as energy, communication and transportation networks. States may be reluctant to engage in such tactics given the efficacy of reciprocal use against the attacker. Indeed, in past conflicts, the US has refrained from engaging these forms of information warfare for fear of breaching these operational taboos.

    While many in the media are calling this the first information war, the coercive use of IT is at least a decade old. The Guardian reported that the US allegedly used “offensive hacking” against Haiti in 1995. Furthermore, Serbia engaged in information warfare against both NATO and the US during the Kosovo conflict in 1999. The Serbs shut down NATO web servers using DOS attacks, and managed to hack into secure sites, defacing them with their own propaganda. The Serbs even managed to crash a White House server. The US reportedly feared being accused of war crimes if they attacked “civilian” web sites. Since these early campaigns, however, information warfare has become increasingly ubiquitous. Last year, Hizbullah used Photo-Shopped .jpg files for propaganda purposes as an important tool to shape international opinion of Israeli operations. The website infowar-monitor.net currently watches the coercive use of IT in five different conflict areas, including Chechnya, and India-Pakistan.

    So is anything new in this current struggle? The bot-net nature of the conflict points to the creative use of the anarchical features of the Internet itself. One Estonian computer security specialist noted that “the EU and NATO need to work out a common legal basis to deal with cyber-attacks”, as if this were some minor bureaucratic misunderstanding.

    Implications of the cyberwar

    This misses the whole point that using distributed attacks from anonymous zombie systems, Russia gains enough plausible deniability to frustrate any legal challenge until long after the political effect of such attacks have already had their impact. However, much of this present conflict is fairly well grounded in historical precedent. The small nation of Estonia, with as much as 40% of its population being ethnic Russian, has unwisely provoked its much larger neighbour and now must hope that the thin promises of collective defence enshrined in

    3 Article V of the Washington Treaty will be enough to protect its sovereignty. In the 1939 Winter War, Finland played a very similar game against Russia and lost; most of Scandinavia took notice, going to extreme lengths to avoid angering the Russian bear even during the height of the Cold War.

    Information technology clearly gives Estonia some resources to play against the Russians in this struggle. An effective counter-information campaign is beginning to emerge in the very nature of the Western media’s coverage of this skirmish. Further, just as smaller Hizbullah was able to manipulate an ironic “David vs. Goliath” image, so too can Western Estonia confront the traditional Eastern Russian bully. However, none of this changes the fundamental strategic logic of geographical proximity. In the end, Brussels is much further removed from Tallin than Moscow. Estonia will not be deprived of its sovereignty by DOS attacks, but rather through a sustained campaign against its infrastructure and the removal of its government’s ability to control its own territory. Info-war may play a role in this, but it will not remove the need for the ubiquitous “boots on the ground”.

    About the Author

    Paul T. Mitchell is an Associate Professor with the Revolution in Military Affairs (RMA) Programme of the S. Rajaratnam School of International Studies, NTU. 

    Categories: RSIS Commentary Series

    Popular Links

    About RSISResearch ProgrammesGraduate EducationPublicationsEventsAdmissionsCareersVideo/Audio ChannelRSIS Intranet

    Connect with Us

    rsis.ntu
    rsis_ntu
    rsisntu
    rsisvideocast
    school/rsis-ntu
    rsis.sg
    rsissg
    RSIS
    RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    Getting to RSIS

    Nanyang Technological University
    Block S4, Level B3,
    50 Nanyang Avenue,
    Singapore 639798

    Click here for direction to RSIS

    Get in Touch

      Copyright © S. Rajaratnam School of International Studies. All rights reserved.
      Privacy Statement / Terms of Use
      Help us improve

        Rate your experience with this website
        123456
        Not satisfiedVery satisfied
        What did you like?
        0/255 characters
        What can be improved?
        0/255 characters
        Your email
        Please enter a valid email.
        Thank you for your feedback.
        This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
        OK
        Latest Book
        more info