Estonia sits just to the Southwest of St. Petersburg on the Baltic and Russia has long considered it along with Lithuania, Latvia as rogue satellites. Reclaiming them would give Putin a bridge to its enclave of Kaliningrad, a small province of Russia north of Poland that is separated by the Baltic States. A Russian-dominated Baltic region would also push NATO back to the Polish frontier. Many believed that the 1940 seizure of Estonia and its “liberation” by the Soviet Union in 1944 was part of Russia’s tsarist desire to control the satellite states in its backyard. As many as 320,000 Estonians are ethnic Russians, and 40 percent of the population is considered “foreign.” The Russian populations of Estonia came during the Soviet occupation or were born there. Upon independence, the Estonians decided that Russians and other non-Estonian peoples would be considered émigrés and not nationals. Putin’s Russia took a dim view to the treatment of their ethnic brothers that would turn dark in 2007.
The Estonian break with Russia would come to a head when the government attempted to remove a bronze military monument to Russian soldiers lost in World War II. This dark grey statue of a young, chisel-chinned, highly-decorated Russian soldier, rifle slung over his back, helmet in hand, head lowered out of respect to the dead ,once stood in the center of the Estonian capital of Tallinn. It was a beautiful piece of art work, but ever since the Soviets reoccupied in 1944, the monument stood as a hated symbol of their Communist and post-communist hegemony. After independence in 1991 Estonia sought ways to remove the monument without antagonizing the local Russian population.
In 2007 Estonia was one of the most wired countries in the world. Its 1.3 million inhabitants fully integrated the internet into their daily lives using computers, tablets, and smartphones which made them the highest per-capita users of online technology in Europe and the Middle East regions. Estonia wired itself for global access to make it favorable to European markets. Marketing campaigns touted Estonia’s global interconnectedness, its small but growing economy, and its 2004 acceptance into NATO.
When the protests broke out, the Bronze statue was vandalized. Blood red paint was routinely thrown on it. The new imperial Russia was not amused. The opposition to the monument culminated in a series of riots that led to a greater, even more monumental event in the history of European political warfare. Estonia was attacked, but not one bullet was fired and not one person was injured. The CYBER BEARS were tasked to punish the nation as a whole. They did so by sending an entire European nation back to the pre-internet age.24
On April 26, 2007 a massive, covert barrage of cyberattacks struck the computers of Estonia. A series of “Denial-of-Service” attacks blocked up the servers that distributed web traffic and completely shut down all internet access to the nation. The sites targeted included the Estonian president, the Parliament, the ministries, three news outlets, political party sites and two banks.25 In order to stop the attack, countermeasures blocked all international traffic, which allowed the site traffic to return to normal levels.
Estonia conducted an investigation and later charged a 20-year-old Estonian, Dmitri Galushkevich for his role in the DoS attacks. He stated that his attack was inspired as a protest against removing the Bronze Soldier. He pleaded guilty. As he had no previous criminal record he was fined €110 and released.26 Despite his admission of starting the first DoS hack, many firms have concluded that cyber militias working under the direction of the Russian government quickly jumped onto the initial DoS attack and expanded it to the extent that it shut down the country’s internet.
The Bears Went Down To Georgia
Since 1988 when the people of Ossetia, an enclave in Southern Georgia asked for more autonomous authority, the independent central government asserted its control in a tug of war with Russia. Georgia had declared its independence from the Soviet Union in 1991 and shortly after South Ossetia declared its independence from Georgia. Ossetians had been seeking to increase their autonomy for years, but under the new Georgian President Zvaid Garmskhurdia it was clear Georgia was not going to give up this territory as it sought independence for itself. Ossetia had been an oblast, or province, under the Soviet system since 1923.27 After Garmskhurdia was deposed in December 1991, Eduard Shevardadze became the new Georgian leader and by mid–1992 a ceasefire agreement accompanied another agreement to leave Georgia in substantial control over South Ossetia.28
However, the South Ossetians are supported largely by Russia, and this tension boiled up over Georgian control in 2004 and again in 2008. In August 2008, Russia and Georgia clashed in South Ossetia and Abkhazia after years of tensions. When Georgian troops sought to enter South Ossetia they were outmaneuvered and outflanked by the Russian-backed forces. In five days, the combined Ossetian and Russian forces defeated the Georgian forces.29
During the clash Russia hit Georgia with a campaign of hybrid warfare that included massive cyberattacks on the websites of the officials, ministries, and other sites. Their campaign against Georgia started three weeks before the August 7, 2008 assault on Ossetia.30 On July 20, 2008, Georgian president’s office suffered a denial-of-service attack that shut down the website. As the conflict ensued, Russia used its cyber assets to both send pro-Russian messages aimed at the former soviet state and render the online resources of the Georgians useless. On August 8, 2008, hackers used an early variant of BlackEnergy malware to conduct distributed denial-of-service (DDoS) attacks against Georgian government websites as Russian forces invaded.31 This is perhaps first time combat has joined with cyber warfare operations. The aim of the attacks was to shape public opinion and control Georgian communications.
The coordination of the attacks was well planned and well targeted to gain the maximum effect of creating a digital outage for Georgian authorities, including stopping the ability to get their messages out to seek support. Georgia was blindsided and blinded at the same time. Analysts later determined that Russian nationalists who had received advanced warning conducted the attacks. Russia recruited these hackers via social media forums. The use of patriot hackers in this operation would set the pace for future hands-off operations. Russia’s use of hackers and cyber militias under a nationalistic banner proved effective over the Georgian authorities.32
Pro-Russian websites were launched during the war in South Ossetia. Unlike the attacks on Estonia, the attacks on Georgia’s cyber systems used botnets, waves of self-replicating cyber agents, to engage in a distributed attack. As of 2016, the Cyber Bears APT28 and APT29 continue peripheral attacks on Georgia with spear-phishing campaigns aimed at the administration and military.33
Lithuania Under Attack: June 2008
In 2008, the Lithuanian Parliament passed a series of amendments that aimed to prohibit the display the symbols of both Nazi Germany and the Soviet Union. This would include depictions of Nazi or Soviet leaders and Nazi or Soviet symbols, including the swastika and the hammer and sickle.34
In response to this law, more than three hundred websites suffered both vandalism and DoS attacks.35 Most of the sites were co-located with the server host.36 Hackers defaced the websites with anti-Lithuanian messages images of the Soviet hammer and sickle.37 The sites affected included Lithuanian Socialist Democratic Party, the Securities and Exchange Commission, government agencies, and private enterprises.