How did the Estonian authorities respond? First, the country’s Central Criminal Police arrested a 19 year-old resident of Tallinn named Dmitri, who happened to have a higher technical education, as a suspect in the cyber attacks against government websites. The next developments, however, were completely unexpected. Estonian politicians broke an unspoken rule when the accused the Russian special service of orchestrating the attacks - and for the first time, the word "cyberwar" was used at this level.
It is no secret for anyone that the most prominent government special services have special departments dedicated to the security of a country's electronic resources and taking appropriate measures to do so. We call this "e-reconnaissance". There are similar divisions in the US army, and its members have even taken part in some hacker competitions to penetrate electronic resources, although without much success.
Yet this was the first time in history that one government accused another of launching a cyber attack. This never happened during the conflict between India and Pakistan, when the hackers of these two countries engaged in a virtual battle with one another on the Internet in the late nineties. That was, by the way, when the Lentin (Yaha) worm was created - one of the most destructive email worms in the last decade. Nor did it happen during a different time from NATO’s interference in the Yugoslavia conflict and the bombing of Serbia, when Serbian hackers formed an alliance with hackers from other countries and attacked US and NATO web resources. Such accusations were not voiced during the many complications in relations between China and Japan, when DoS attacks targeted Japanese government websites.
Nothing of the sort happened when American government departments and agencies were (and still are) the target of Chinese hacker groups, which often gain access to secret information. However, this time, although the nature of the attacks was clearly vandalism aimed against Estonian sites, it must have been beneficial for someone to bring the conflict to a new level. At first Urmas Paet, the Estonian Minister of Foreign Affairs, stated that the hackers were acting on behalf of Russia, including from computers located in government institutions. Later, Yaak Aaviksoo, the Estonian Minister of Defense, proposed declaring that the cyber attacks were a form of military action. “At present, NATO does not view cyber attacks as military action. That means that the NATO countries which have fallen victim to these attacks are automatically not included under the fifth article of the NATO agreement on military protection. None of the NATO Ministers of Defense today would recognize a cyber attack as military action. This issue must be resolved soon."
Ultimately, Estonia wanted military protection against threats from the Internet - this was getting serious. These kinds of statements would generally require - at the very least - irrefutable evidence of the Russian government’s participation in the attacks. For months after the attacks began, Estonia was unable to present any such evidence. Nothing could be established by the NATO experts that had rushed to Tallinn in early May to “save their ally.” Basically, the accusations that the Russian government was involved were based on the single, isolated fact that the Estonian president’s website had been visited from an IP address that “belongs to an employee of the Russian presidential administration.” The completeness of the knowledge of Estonian services regarding the owners of all Russian IP addresses is amazing, as is their knowledge about just how “difficult” it is to spoof such an address.