Estonia Defense Minister: Cyberattacks Will Grow

Three years after a widespread cyberattack temporarily shut down the Estonian economy, Estonia’s defense minister said such incidents will only continue to grow.

The 2007 Estonian incident came at a time when Russian nationalists had taken to the streets in protest over the government’s decision to move a Soviet war memorial. The goal of the cyberattack was to undermine the credibility of Estonia’s government, said the country’s defense minister, Jaak Aaviksoo, speaking at the IT Security Entrepreneurs forum at Stanford University on Wednesday.

The Estonian incident, along with a similar attack that coincided with Russia’s invasion of Georgia in 2008, “brought the issue of national cybersecurity on the global political agenda,” Aaviksoo said.

Nobody has definitively linked the Estonian attacks to the Russian government — security experts have likened them to an Internet brawl fuelled by tech-savvy nationalists in online forums. But some say the incident appears at least to have had the tacit approval of Estonia’s western neighbor.

The distributed denial-of-service attacks and Web defacements that disrupted the tiny Baltic country did a number on Estonia’s economy. At its worst point, traffic in and out of Estonia was 400 times peak levels, overwhelming banking, online news and government communications in one of the world’s most wired countries.

Other countries will almost certainly face similar incidents, Aaviksoo said.

“Cyberattcks that may constitute a national security threat are not a science-fiction thing anymore,” he said. “It is a reality that may return one day in much larger scale in much bigger countries.”

Others at the conference agreed. A major cyberattack sponsored by terrorists or a state will happen within the next decade, predicted Jerry Archer, chief information security officer with Sallie Mae. “I think within the next five to 10 years we will have a cyberwar that will turn into a shooting war,” he said, speaking during a panel discussion at the conference.

In the meantime, there’s a lot of work left to be done to fight cybercrime. “The legal instruments that we’ve developed to fight cybercrimes and cyberattacks are clearly underdeveloped,” Aaviksoo said.

Aaviksoo’s comments were underscored Tuesday by the ongoing efforts of law enforcement and security investigators to take down a notorious Internet service provider called Troyak. Associated with the Zeus botnet, Troyak has spent the past week jumping from one service provider to another after legitimate companies have stopped doing business with it.

Failed states, such as Moldova’s Trans-Dniester region and other countries where cybercrime enforcement is lax, make it hard to shut down bad operators, Aaviksoo said in an interview after his talk. “There are very many more safe havens in cyberspace than in real space,” he said.