BRUSSELS/LONDON (Reuters) - Hackers brought down several public NATO websites, the alliance said on Sunday, in what appeared to be the latest escalation in cyberspace over growing tensions over Crimea.
The Western military alliance’s spokeswoman, Oana Lungescu, said on social networking site Twitter that cyber attacks, which began on Saturday evening, continued on Sunday, although most services had now been restored.
“It doesn’t impede our ability to command and control our forces. At no time was there any risk to our classified networks,” another NATO official said.
NATO’s main public website (www.nato.int), which carried a statement by Secretary-General Anders Fogh Rasmussen saying that Sunday’s referendum on Crimea’s status would violate international law and lack legitimacy, worked intermittently.
The so-called “distributed denial of service” (DDoS) attack, in which hackers bombard websites with requests causing them to slow down or crash, also hit the site of a NATO-affiliated cyber security center in Estonia. NATO’s unclassified e-mail network was also affected.
A group calling itself “cyber berkut” said the attack had been carried out by patriotic Ukrainians angry over what they saw as NATO interference in their country.
The claim, made at www.cyber-berkut.org, could not be independently verified. “Berkut” is a reference to the feared and now disbanded riot squads used by the government of ousted pro-Russian Ukrainian President Viktor Yanukovich.
Cyber warfare expert Jeffrey Carr, in a blog on the attacks, described cyber berkut as staunch supporters of Yanukovich and a “pro-Russia hacktivist group working against Ukrainian independence”.
Lungescu noted the statement by “a group of hacktivists” but said that, due to the complexities involved in attributing the attacks, NATO would not speculate about who was responsible or their motives.
John Bumgarner, chief technology officer at the U.S. Cyber Consequences Unit, a non-profit research institute, said initial evidence strongly suggested that these cyber attacks were launched by pro-Russian sympathizers.
“One could equate these cyber attacks against NATO as kicking sand into one’s face,” he said.
Crimeans voted in a referendum on Sunday on whether to break away from Ukraine and join Russia, with Kiev accusing Moscow of rapidly building up its armed forces on the peninsula in “crude violation” of an international treaty.
The website for the Crimea referendum (referendum2014.ru) said on Sunday that it had come under cyber attack overnight, although it appeared to be working on Sunday.
Cyber attacks on NATO’s computer systems are common, but a NATO official, speaking on condition of anonymity on Sunday, said the latest one was a serious online assault.
Ian West, director of NATO’s cyber defense nerve centre at Mons in southern Belgium, said last year that the alliance’s network intrusion detection systems handled around 147 million “suspicious events” every day and around 2,500 confirmed serious attacks on its computers in the previous year.
Tensions between Moscow and the West have been rising steadily since Russia intervened following the ouster of Yanukovich. Ukrainian and Russian websites have both been targets for cyber attacks in recent weeks but this appeared the first major attack on a Western website since the crisis began.
Suspected Russian hackers used DDoS attacks to cripple websites and services in Estonia in 2007 during a dispute over a war memorial, and against Georgia during its brief 2008 war with Russia. Moscow denied orchestrating such attacks, saying they were simply carried out by independent patriots.
Groups calling themselves cyber berkut have attacked several Ukrainian websites in recent weeks, computer security experts say.
Cyber berkut - which some experts believe may be affiliated with Russian intelligence - published its statement in Russian rather than Ukrainian.
Additional reporting by Jim Finkle in Boston, Mike Collett-White in Simferopol, Ukraine; Editing by Alison Williams