Thursday, June 25, 2009

Cyber attacks in Estonia, 2007

My first academic paper was published last year in the Proceedings of the 7th European Conference on Information Warfare and Security, Plymouth. An annual event, this conference brings together people with very different perspectives on information warfare, from psychological to cyber.

My paper was titled Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective (see Publications for more information). In the paper, I analyze the Estonian case by posing three hypotheses and then arguing for and against each of them to find if any of them are plausible.

The first hypothesis is that the event was a Russian information operation, the second is that the event was a false flag operation to discredit Russia, and the last one is that it was a spontaneous grass roots response to Estonian government policy.

The false flag hypothesis is not plausible, considering the amount of circumstantial evidence against Russia (and only Russia) while the Russian government made no effort to stop the attacks or expose the attackers.

A true grass roots movement is also not plausible, as at the very least, passive government support (Russian authorities refusing legal cooperation) seems evident.
NOTE: Interestingly enough, a member of the Russian parliament later claimed that one of his aides was actively involved in the cyber campaign. This fact (?) emerged after publishing, so it is not included in the analysis.

That leaves us with the state information operation scenario. Specifically, it matches a Chinese concept of People's War, where people fight with their own resources and organization, for the interests of the state. That explains hostile rhetoric by politicians, the relatively high number of people involved, as well as lack of interest by the state to identify the attackers.

Unfortunately, the analysis can not attribute the attacks to any specific person, organization, or state. Instead, I find that of the three hypotheses considered, only the information operation scenario was plausible.

In hindsight, I do not consider it a very good paper, as it provides no definitive answer and devotes more detailed analysis to one of the hypotheses. In addition, I had just started my research on the topic, so my understanding of concepts like cyber militias and People's War was still very tentative. On the other hand, even though I notice many things I would write differently today, the conclusion would still remain the same.

No comments:

Post a Comment