Large-scale cyber attacks on Estonia's state institutions which began last week and lasted several days came to an end on Monday, the state Information System Authority (RIA) says. The impact of the attacks was negligible, RIA adds, due to adequate counter-measures being deployed.
Head of RIA's Cyber Incident Handling Department (CERT-EE) Tõnu Tammer said that the main motivation behind the distributed denial-of-service (DDoS) attacks was notoriety, and to sow fear.
Tammer said: "The moment the attacks started, the hackers also started enlarging and expanding their impact via their social media network (Telegram), in order to sow fear and confusion among people."
However, transparency helped to mitigate this, Tammer added.
"The state's willingness to talk about what is happening in cyber space as openly and as early as possible reduces the impact of hackers' activities on the Estonian people," Tammer said.
"Naturally, there are some aspects we can't talk about as doing so would aid the hackers, but openness and clarity slow down the impact of such attacks," Tammer added.
Tammer said that the attacks were not a decoy to divert attention from other, more serious elements of cyber warfare.
He said: "We looked very closely at whether the attacks were used to divert our attention from elsewhere. Based on the information currently available, I can say that the attacks were not a cover for some other kind of cyber attack," adding that nonetheless the intention was to paralyze the site
RIA says over two billion malicious queries were issued to the state sites and those of state agencies and state-owned firms, with up to 11,000 per regular, non-hostile query, at the peak of the attack.
The mass DDoS attacks started on Thursday, April 21 and ended on the evening of Monday, April 25.
A total of 13 websites were targeted, though in many cases regular users of the sites would have been unaware at the time of the onslaught, thanks to counter-measures. In a few cases, reconfiguration meant that sites were temporarily down, though these were only isolated and relatively short-lived outages, Tammer said.
The same hackers have targeted sites in other states, it appears, and they may return to Estonia, Tammer added. "Unfortunately, we saw that in the example of the Czech Republic the initially-resolved attacks gained momentum again after a while. We have considered this possibility in Estonia, and additional funding for cyber security has already helped to prepare us better for future attacks."
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack aims to hobble a targeted server, service or a given network's regular operations. It does this by flooding it and/or its surrounding infrastructure with high levels of internet traffic, and also uses compromised computer systems as a source of such traffic.
Editor: Andrew Whyte