What followed was what some here describe as the first war in cyberspace, a three-week battle that forced the Estonian authorities to defend their small country from a data flood they say was set off by orders from Russia or ethnic Russian sources in retaliation for the removal of the statue. There are still minor disruptions.Not quite an Article 5, but NATO did turn to.
"This may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society," said Linton Wells 2nd, the principal U.S. deputy assistant secretary of defense for networks and information integration at the Pentagon. "It has gotten the attention of a lot of people."
The Estonians note that an Internet address involved in the attacks belonged to an official who works in the administration of Russia's president, Vladimir Putin.
The Russian government has denied any involvement in the attacks, which came close to shutting down the country's digital infrastructure, clogging the Web sites of the president, the prime minister, Parliament and other government agencies, staggering the biggest Estonian bank and overwhelming the sites of several daily newspapers.
"It turned out to be a national security situation," Estonia's defense minister, Jaak Aaviksoo, said during an interview. "It can effectively be compared to when your ports are shut to the sea."
Computer security experts from NATO, the European Union, the United States and Israel have since converged on Tallinn to offer help and to learn what they can about cyberwar in the digital age.
For NATO, the attack may lead to a discussion of whether it needs to modify its commitment to collective defense. Aarelaid said NATO's Internet security experts said little but took copious notes during their visit.Estonia has a small population, picture this multiplied by 275 or so and you have what a similar attack on the US could do.
In the early hours of May 9, traffic spiked to thousands of times the normal flow. May 10 was heavier still, forcing the biggest bank in Estonia to shut down its online service for more than an hour. Even now, the bank, Hansabank, is under assault and continues to block access to 300 suspect Internet addresses. It has held losses to about $1 million.Attacks on small countries should be taken as the warning they are.
Finally, on the afternoon of May 10, the attackers' time on the rented servers expired, and the botnet attacks fell off abruptly. All told, Arbor Networks measured dozens of attacks. The 10 largest assaults blasted streams of 90 megabits of data a second at Estonia's networks, lasting up to 10 hours each. That is a data load equivalent to downloading the entire Windows XP operating system every six seconds for 10 hours.