TALLINN (Reuters) - Estonian officials reeling from three weeks of cyber attacks on government and private Internet sites are looking at ways to shore up the Baltic state’s infrastructure against future onslaughts.
The attacks hit sites across the country, from newspapers to schools to the defense ministry, and appear to have stemmed initially from Russia, though the Kremlin has denied waging a “cyber-war” against Estonia’s infrastructure.
The April 27 start of the onslaught coincided with fierce rioting by members of Estonia’s Russian minority, sparked by Tallinn’s plans to move a Soviet-era statue from the city centre to a military cemetery.
The decision enraged Moscow, which threatened sanctions.
“We should look at the timing of the attacks on our embassy, the non-official sanctions and the cyber attacks against Estonian government Web sites and it is clear that it is not a coincidence,” Foreign Minister Urmas Paet told reporters after meeting Baltic counterparts in Latvia on Friday.
Estonian police have charged only one person, a 19-year-old Tallinn man, with encouraging the attacks in Internet forums.
New measures on the table for the Internet-dependent country — which pioneered online voting earlier this year — include creating a working group to look at current efforts and drawing on ideas from Estonia’s allies in NATO and the European Union.
A NATO investigator visited Estonia this week.
“This was the first time a NATO member was attacked in this way on such a large scale,” Paet said. “NATO can learn from this experience and be better prepared against future attacks.”
Estonia also raised the attacks at an EU defense ministers’ meeting this week.
The cyber attack became so severe in early May that Estonia’s recently formed Computer Emergency Response Team had to resort to blocking foreign access to Estonian servers.
Network specialists said the attacks consisted of a barrage of clicks on a given website, leading to overload. Some sites faced up to 1,000 clicks a second, compared with a normal level of 1,000 to 1,500 clicks a day.
“Thousands of sites in Estonia were affected,” Estonia State Informatics Centre communications manager Rica Semjonova said.
“We are planning to make plans, but the people that would do this have been working non-stop for the last three weeks and they are only thinking of a rest right now,” she said.
The attacks peaked on May 8 and 9 — during events in Russia and the Baltics marking the anniversary of the World War Two victory over the Nazis.
They tailed off this week, but Semjonova said it was clear professional hackers were still probing for network weaknesses.
Government officials and commentators said the attacks were coordinated, though many Estonians were reluctant to point the figure directly at Russia.
“I can say that the attacks coincided with the bronze soldier saga,” said defense Ministry spokesman Madis Mikko.
“During this time, instructions on how to attack and what sites to attack were posted in the Russian language on the Internet,” he added.
Still, Mikko said it was impossible to say for sure that the attacks came from Russia because hackers can hijack computer addresses to hide their origin.
What shook experts was the sophistication of the methods.
“They used very different modern techniques we have not seen before,” said information technology lecturer and government adviser Linnar Viik.
The cost of the attack is not yet clear.
“Even Internet service providers do not know how to price it. But key services such as for banks were down for only a short time,” Semjonova said.
Estonia has a population of just 1.3 million but nearly 800,000 Estonians use internet banking.