Emergency Response Team (“USCERT”), surmised that botnets utilizing slave computers known as “zombies” had been operated by unknowing individuals, many of which in this case were in the U.S., and lacked the sophistication of the major powers. USCERT is the element within the Department of Homeland Security that “coordinates defense against and responses to cyber attacks across the nation.”59 In this instance, USCERT worked with the Forum of Incident Response and Security Teams to coordinate the global response to the attacks, such as it was. In contrast a well-known Russian hacker SpORaw believes that the most efficient online attacks on Estonia could not have been carried out without the blessing of the Russian authorities. He and others have argued that the hackers apparently acted under “recommendations” from parties in higher positions, as demonstrated with the chat room postings60 and by the fact that on at least one Estonian site attackers replaced the homepage with the phrase “Hacked from Russia.”61 It is not the goal of this paper to determine whether the Estonian cyber attacks were in fact state-sponsored. Rather, an analysis of these attacks is meant to highlight the types of issues that arise when considering how best to form a legal regime to deal with cyber attacks going forward. These include serious questions of state responsibility and attribution that will be addressed in Part V.
The Reaction of the U.S. and NATO to the Cyber Attacks on Estonia
What was a near disastrous attack for Estonia has been brushed off by U.S. officials, such as the former chief scientist of the Defense Advanced Research Project
59 US-CERT website: . Last visited: 01/28/2008.
60 Commissar of Nashi says he waged cyber attack on Estonian government sites, Swiss Baltic Chamber of Commerce in Lithuania News, Jun. 6, 2007. Available at: . Last visited: 01/28/2008.
61 Davis, supra note 2.