International cyber warfare climbed the news agenda earlier this year when when the Estonian government was hit with major, sustained denial-of-service (DOS) attacks.
The attacks disrupted a dozen government websites and networks run by ISPs, financial institutions and media outlets for several weeks in April and May. A global botnet of compromised home computers was used to create and direct the packet flood attacks that reached a peak of 90Mbps. Hackers also defaced key government websites with anti-Estonian slogans.
Pro-Russian activists were behind the cyber attacks, which were motivated by the Estonian government's decision to move a Soviet World War II memorial. All in all, the hackers launched hundreds of individual cyberattacks against Estonian websites, ranging from less than one minute to 10 hours or more.
The Estonian attacks have left network professionals in the West wondering whether they've entered a new era of cyber war and what they should be doing to prepare for politically motivated attacks.
Glen Baker, Chief Information Officer (CIO) of Outsource Partners Inc (OPI), said he is "absolutely" concerned about the Estonia incident and the threat of politically motivated attacks against his company's network. The New York City firm does finance and accounting outsourcing for multinational companies, and it has the majority of its 1,500 employees in India and Bulgaria.
"We're in the process of hiring a security consulting firm to try to mitigate this threat," he said. "They will do analysis for us and build what a typical industry response should be."
Baker said OPI suffered web defacements in 2001 and sees regular virus and spam attacks through incoming email. He said he's more concerned about 'hactivism' than he is about internal threats such as disgruntled employees.
"We have locked down facilities in India and Bulgaria. Users don't have many access rights or internet access. They can't bring personal items on to our networks," Baker said. "But we do worry about external attacks. We can imagine political or anti-outsourcing attacks. Those are the ones we are trying to target and trying to mitigate."
Jose Nazario, senior security researcher with Arbor Networks, said CIOs in government and industry have been asking about the Estonian incident and whether it is evidence of a new online threat.
"As we move more critical infrastructure to the internet and we depend on it more and more for communications, the threat [of cyber war] is real," Nazario said. "It could be as specific as shutting down a phone system or it could be like the Estonian attacks, which were hitting key government sites and mail servers. It could be both making a statement and disrupting an activity."
Security experts agree that despite the damage caused by the Estonian attacks, they were more hactivism than all-out cyber war. However, experts fear that we could be entering an era of more frequent politically motivated attacks and that commercial networks will be targeted.
Experts say that the success of the Estonian attacks and the publicity they received may encourage other disgruntled individuals or groups to launch copycat attacks. Companies with unpopular employment policies, business practices or those contributing to global climate change could be hit by similar attacks, they warn.
"There is potential for [politically motivated attacks] to be more frequent based on the attention brought to what happened in Estonia," said Michael Witt, deputy director of the US Computer Emergency Readiness Team within the Department of Homeland Security.