defensive strategies.38 Therefore, an active defense is paramount in which the attacker is forced to pay a price for targeting a system. Does such a philosophy of active defense, though, mean that self-defense against cyber attacks is justified – and if so, to what extent, and in which cases? Modern IW raises a huge variety of practical and legal concerns that are highlighted by analyzing the Estonian cyber attack.
From Russia with Love?: The Cyber Attack on Estonia
The Estonian public and private sector was the subject of a prolonged IW campaign beginning on April 27, 2007 and running for a period of several weeks.39 The primary weapon deployed against the state included “distributed denial of service” (“DDOS”) attacks, in which a target site is bombarded with so many bogus requests for information that it crashes.40 Data from Arbor Networks Active Threat Level Analysis System shows that there were at least 128 unique DDOS attacks targeting internet protocols within Estonia.41 Internet traffic increased from 20,000 packets to more than 4
38 Vizard, War.com: A Hacker Attack Against NATO Uncovers a Secret War in Cyberspace, Popular Science, July 1, 1999.
39 The timeline of the attacks on Estonia was as follows. On April 26-27, the day of the government’s decision to relocate the Soviet-era statue, the web sites of Parliament, the president and the prime minister are hit by a flood of junk messages and are shutdown. On April 30, several daily newspaper websites are brought down and a high-level meeting takes place with plans to protect vital services such as online banking. On May 2, internet service providers from around the world succeed in blocking most of the incoming malicious data. On May 5, the Estonian government announces that the attacks originated in Russia. On Victory Day, May 9, botnet attacks begin which succeed in shutting down Estonia’s largest bank’s online portal leading to losses of more than $1m. In one case, the attackers sent a single huge burst of data to measure the capacity of the network. Then, hours later, data from multiple sources flowed into the system, rapidly reaching the upper limit of the routers. May 18 saw the last major wave of attacks, though small-scale assaults continued for several weeks. Mark Lander & John Markoff, Digital Fears Emerge after Data Siege in Estonia, N. Y. Times, May 29, 2007.
40 A Cyber Riot, The Economist, May 10, 2007. DDOS attacks are also increasingly being used for extortion, in which a cyber attacker begins an attack and does not stop until the website owner pays “protection” money. Susan Brenner, At Light Speed: Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 379 (2007).
41 Sean Kerner, Estonia Under Russian Cyber Attack?, Security, May 18, 2007.