Cyber attacks 10 years on: from disruption to disinformation

Since the cyber attack on Estonia in 2007, internet-based incursions have escalated massively, but their targets have become more diffuse, indicating future attacks may target information and opinion.

The Conversation

This article first appeared on The Conversation.

April 27 is the tenth anniversary of the world’s first major coordinated “cyber attack” on a nation’s internet infrastructure. This little-known event set the scene for the onrush of cyber espionage, fake news and information wars we know today.

In 2007, operators took advantage of political unrest to unleash a series of cyber measures on Estonia, as a possible form of retribution for symbolically rejecting a Soviet version of history. It was a new, coordinated approach that had never been seen before.

Today, shaping contemporary views of historical events is a relatively common focus of coordinated digital activity, such as China’s use of social media to create war commemoration and Russia Today’s live-tweeting the Russian Revolution as its centenary approaches.

In 2017 and into the future, it will be essential to combine insights from the humanities, particularly from history, with analysis from information operations experts in order to maintain cybersecurity.

Estonia ground to a halt

A dispute over a past war triggered what might be called the first major “cyber attack.”

On April 27, 2007, the Government of Estonia moved the “Soldier of Tallinn” -- a bronze statue that commemorated the Soviet Army of World War II – from the center of the city to a military cemetery on Tallinn’s outskirts. The action followed an extensive debate over the interpretation of Estonia’s past. A “history war” concerning the role of the Soviet Union in Estonia during and after World War II had split Estonian society.

Several days of violent confrontation followed the statue’s removal. The Russian-speaking population rioted. The protests led to 1,300 arrests, 100 injuries and one death. The disturbance became known as “Bronze Night.”

A more serious disruption followed, and the weapons were not Molotov cocktails, but thousands of computers. For almost three weeks, a series of massive cyber operations targeted Estonia.

The disruption -- which peaked on May 9 when Moscow celebrates Victory Day -- brought down banks, the media, police, government networks and emergency services. Bots, distributed denial-of-service (DDoS) and spam were marshalled with a sophistication not seen before. Their combined effects brought one of the most digital-reliant societies in the world to a grinding halt.

The Tallinn Manual

In the aftermath, NATO responded by developing the NATO Cooperative Cyber Defence Centre of Excellence in Estonia. A major contribution of the centre was the publication of the Tallinn Manual in 2013 -- a comprehensive study of how international law applied to cyber conflict. The initial manual focused on disabling, state-based attacks that amount to acts of war.

Tallinn 2.0 was released in February 2017. In the foreword, Estonian politician Toomas Hendrik Ives argues:

In retrospect, these were fairly mild and simple DDoS attacks, far less damaging than what has followed. Yet it was the first time one could apply the Clausewitzean dictum: War is the continuation of policy by other means.

The focus of the new manual reveals just how much the world of cyber operations has changed in the 10 years since Bronze Night. It heralds a concerning future where all aspects of society, not just military and governmental infrastructure, are subject to active cyber operations.

Now the scope for digital incursions by one nation on another is much wider and more widespread. Everything from the personal data of citizens held in government servers to digitized cultural heritage collections have become issues of concern to international cyber law experts.

A decade of cyber operations

In the 10 years since 2007 we have lived in an era where persistent cyber operations are coincident with international armed combat. The conflict between Georgia (2008) and Russia, and ongoing conflict in the Ukraine (since 2014) are consistent with this.

These operations have extended beyond conventional conflict zones via intrusion of civic and governmental structures.

There are claims of nation-state actors’ active measures and DDoS incidents (similar to those that may have disabled last year’s Australian census) on Kyrgyzstan and Kazakhstan in 2009.

German investigators found a penetration of the Bundestag in May 2015.

The Dutch found penetration in government computers relating to MH17 reports.

Now, famously, we know there were infiltrations between 2015-16 into U.S. Democratic Party computers. Revealed in the last few days, researchers have identified phishing domains targeting French political campaigns.

There are even concerns that, as Professor Greg Austin has explained, cyber espionage might be a threat to Australian democracy.

Recently, the digital forensics of a computer hacked in 1998 as part of an operation tagged Moonlight Maze revealed that it is possible that the same code and threat actor have been involved in operations since at least that time. Perhaps a 20-year continuous cyber espionage campaign has been active.

Thomas Rid, professor in security studies at King’s College London, recently addressed the U.S. Select Committee on Intelligence regarding Russian active measures and influence campaigns. He expressed his opinion that understanding cyber operations in the 21st century is impossible without first understanding intelligence operations in the 20th century. Rid said, “This is a field that’s not understanding its own history. It goes without saying that if you want to understand the present or the future, you have to understand the past.”

Targeting information and opinion

Understanding the history of cyber operations will be critical for developing strategies to combat them. But narrowly applying models from military history and tactics will offer only specific gains in an emerging ecosystem of “information age strategies.”

The international response to the “attack” on Estonia was to replicate war models of defense and offence. But analysis of the last 10 years shows that is not the only way in which cyber conflict has evolved. Even the popular term “cyber attack” is now discouraged for incidents smaller than Estonia, as risks on the cybersecurity spectrum have become more complex and more precisely defined.

Since Estonia 2007, internet-based incursions and interference have escalated massively, but their targets have become more diffuse. Direct attacks on a nation’s defense forces, while more threatening, may in the future be less common than those that target information and opinion.

At the time, the attack on national infrastructure in Estonia seemed key, but looking back it was merely driving a wedge into an existing polarization in society, which seems to be a pivotal tactic.

Nations like Australia are more vulnerable than ever to cyber threats, but their public focus is becoming more distributed, and their goal will be to change attitudes, opinions and beliefs.

A decade ago in Estonia, a cyber war erupted from a history war. The connection between commemoration and information war is stronger than ever, and if nations wish to defend themselves, they will need to understand culture as much as coding.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.