2007 cyberattacks on Estonia

Last updated

Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. [1] [2] Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. [3] Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page. [4]

Contents

Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyberwarfare, following Titan Rain. [5]

As of January 2008, one ethnic-Russian Estonian national had been charged and convicted. [6]

During a panel discussion on cyber warfare, Sergei Markov of the Russian State Duma has stated his unnamed aide was responsible in orchestrating the cyber attacks. Markov alleged the aide acted on his own while residing in an unrecognised republic of the former Soviet Union, possibly Transnistria. [7] On 10 March 2009 Konstantin Goloskokov, a "commissar" of the Kremlin-backed youth group Nashi, has claimed responsibility for the attack. [8] Experts are critical of these varying claims of responsibility. [9] The direct result of the cyberattacks was the creation of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

Estonia's response

The Estonian government was quick to blame the Kremlin, accusing it of being directly involved in the attacks. It was later revealed that the allegations were not completely correct when Estonia's defense minister, Jaak Aaviksoo, admitted that he had no evidence linking the cyber-attacks to the Kremlin. "Of course, at the moment, I cannot state for certain that the cyber-attacks were managed by the Kremlin, or other Russian government agencies," he said in an interview on Estonia's Kanal 2 TV channel, "Again, it is not possible to say without doubt that orders came from the Kremlin, or that, indeed, a wish was expressed for such a thing there." Russia called the accusations of its involvement "unfounded", and neither NATO nor European Commission experts were able to find any proof of official Russian government participation. [10] Since the attack, Estonia has advocated for increased cybersecurity protection and response protocol.

NATO's response

In response to such attacks, NATO conducted an internal assessment of their cyber security and infrastructure defenses. The assessment resulted in a report issued to the allied defense ministers in October 2007. It further developed into the creation of a cyber defense policy and the creation of the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) in May 2008.

Due to the attacks[ citation needed ], the Tallinn Manual on the International Law Applicable to Cyber Warfare was also developed. This report outlined international laws which are considered applicable to the cyber realm. The manual includes a total of ninety-five "black-letter rules" addressing cyber conflicts. The Tallinn Manual has worked to provide a global norm in cyber space by applying existing international law to cyber warfare. The manual suggests that states do not have sovereignty over the Internet, but that they do have sovereignty over components of the Internet in their territory. [11] [12]

Legalities

On 2 May 2007, a criminal investigation was opened into the attacks under a section of the Estonian Penal Code criminalising computer sabotage and interference with the working of a computer network, felonies punishable by imprisonment of up to three years. As a number of attackers turned out to be within the jurisdiction of the Russian Federation, on 10 May 2007, Estonian Public Prosecutor's Office made a formal investigation assistance request to the Russian Federation's Supreme Procurature under a Mutual Legal Assistance Treaty (MLAT) existing between Estonia and Russia. A Russian State Duma delegation visiting Estonia in early May in regards the situation surrounding the Bronze Soldier of Tallinn had promised that Russia would aid such investigation in every way available. [13] On 28 June, Russian Supreme Procurature refused assistance, [13] claiming that the proposed investigative processes are not covered by the applicable MLAT. [14] Piret Seeman, the Estonian Public Prosecutor's Office's PR officer, criticized this decision, pointing out that all the requested processes are actually enumerated in the MLAT. [14]

On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party. [3] [15]

As of 13 December 2008, Russian authorities have been consistently denying Estonian law enforcement any investigative cooperation, thus effectively eliminating chances that those of the perpetrators that fall within Russian jurisdiction will be brought to trial. [16]

Opinions of experts

Critical systems whose network addresses would not be generally known were targeted, including those serving telephony and financial transaction processing. [17] Although not all of the computer crackers behind the cyberwarfare have been unveiled, some experts believed that such efforts exceed the skills of individual activists or even organised crime as they require a co-operation of a state and a large telecom company. [5]

A well known Russian hacker Sp0Raw believes that the most efficient online attacks on Estonia could not have been carried out without the blessing of the Russian authorities and that the hackers apparently acted under "recommendations" from parties in higher positions. [18] [19] At the same time he called claims of Estonians regarding direct involvement of Russian government in the attacks [20] "empty words, not supported by technical data". [19]

Mike Witt, deputy director of the United States Computer Emergency Readiness Team (CERT) believes that the attacks were DDoS attacks. The attackers used botnets—global networks of compromised computers, often owned by careless individuals. "The size of the cyber attack, while it was certainly significant to the Estonian government, from a technical standpoint is not something we would consider significant in scale," Witt said. [21]

Professor James Hendler, former chief scientist at The Pentagon's Defense Advanced Research Projects Agency (DARPA) characterised the attacks as "more like a cyber riot than a military attack." [21]

"We don't have directly visible info about sources so we can't confirm or deny that the attacks are coming from the Russian government," Jose Nazario, software and security engineer at Arbor Networks, told internetnews.com. [22] Arbor Networks operated ATLAS threat analysis network, which, the company claimed, could "see" 80% of Internet traffic. Nazario suspected that different groups operating separate distributed botnets were involved in the attack.

Experts interviewed by IT security resource SearchSecurity.com "say it's very unlikely this was a case of one government launching a coordinated cyberattack against another": Johannes Ullrich, chief research officer of the Bethesda said "Attributing a distributed denial-of-service attack like this to a government is hard." "It may as well be a group of bot herders showing 'patriotism,' kind of like what we had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar Aarelaid, manager of Estonia's Computer Emergency Response Team "expressed skepticism that the attacks were from the Russian government, noting that Estonians were also divided on whether it was right to remove the statue". [23]

"Today security analysts widely believe that the attacks were condoned by the Kremlin, if not actively coordinated by its leaders." Andy Greenberg, author of the WIRED Guide to Cyberwar 23 August 2019. He noted that the next year, 2008, similar attacks on Georgia were accompanied by a Russian physical invasion. wired.com. [24]

Clarke and Knake report that upon the Estonian authorities informing Russian officials they had traced systems controlling the attack to Russia, there was some indication in response that incensed patriotic Russians might have acted on their own. [17] Regardless of conjectures over official involvement, the decision of Russian authorities not to pursue individuals responsible—a treaty obligation—together with expert opinion that Russian security services could readily track down the culprits should they so desire, leads Russia observers to conclude the attacks served Russian interests. [17]

Photograph taken by Bill Woodcock in order to "vet" Hillar Aarelaid, then director of the Estonian Computer Emergency Response Team, to the NSP-Sec cybersecurity coordination community, in the CERT-EE NOC on the night of Tuesday, May 8, 2007. Woodcock, Aarelaid, and Lindqvist in the EE-CERT, 2007.jpg
Photograph taken by Bill Woodcock in order to "vet" Hillar Aarelaid, then director of the Estonian Computer Emergency Response Team, to the NSP-Sec cybersecurity coordination community, in the CERT-EE NOC on the night of Tuesday, May 8, 2007.

On May 23, 2012, the Atlantic Council convened a retrospective conference, "Building a Secure Cyber Future: Attack on Estonia, Five Years On" in which cyber-experts who had been involved in the conflict discussed lessons learned and how the field of cyber-conflict was changed by the Estonian attack and the following year's attack on Georgia. The conference was organized by Jason Healey, director of the Atlantic Council's Cyber Statecraft Initiative, and featured talks by Jaan Priisalu, Director General of Estonia's Information System Authority; Bill Woodcock, an American cybersecurity expert who assisted in the defense; Jonatan Vseviov, then Minister of Defense and subsequently Ambassador to the United States; Heli Tiirmaa-Klaar, Estonian Ambassador-at-Large for Cybersecurity; and others. [25] Priisalu discussed the attack's impact on the Estonian financial system, while Woodcock described the methods the Estonian CERT used to coordinate defensive actions with network operators and their counterparts in neighboring countries, and Vseviov talked about the broader societal implications of the attack, and NATO's Article 5 obligations.

Claiming responsibility for the attacks

A Commissar of the Nashi pro-Kremlin youth movement in Moldova and Transnistria, Konstantin Goloskokov (Goloskov in some sources [26] ), admitted organizing cyberattacks against Estonian government sites. [18] Goloskokov stressed, however, that he was not carrying out an order from Nashi's leadership and said that a lot of his fellow Nashi members criticized his response as being too harsh. [19]

Like most countries, Estonia does not recognise Transnistria, a secessionist region of Moldova. As an unrecognised nation, Transnistria does not belong to Interpol. [27] Accordingly, no Mutual Legal Assistance Treaty applies. If residents of Transnistria were responsible, the investigation may be severely hampered, and even if the investigation succeeds finding likely suspects, the legal recourse of Estonian authorities may be limited to issuing all-EU arrest warrants for these suspects. Such an act would be largely symbolic.

Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok confirmed Russia's ability to conduct such an attack when he stated: "These attacks have been quite successful, and today the alliance had nothing to oppose Russia's virtual attacks", additionally noting that these attacks did not violate any international agreement. [28]

Influence on international military doctrines

The attacks triggered a number of military organizations around the world to reconsider the importance of network security to modern military doctrine. On 14 June 2007, defence ministers of NATO members held a meeting in Brussels, issuing a joint communiqué promising action by the autumn of 2007. [29] NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) was established in Tallinn on 14 May 2008. [30] [31]

On 25 June 2007, Estonian president Toomas Hendrik Ilves met with US president George W. Bush. [32] Among the topics discussed were the attacks on Estonian infrastructure. [33]

The events have been reflected in a NATO Department of Public Diplomacy short movie War in Cyberspace. [34]

See also

Related Research Articles

Information warfare (IW) is the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. It is different from cyberwarfare that attacks computers, software, and command control systems. Information warfare is the manipulation of information trusted by a target without the target's awareness so that the target will make decisions against their interest but in the interest of the one conducting information warfare. As a result, it is not clear when information warfare begins, ends, and how strong or destructive it is.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a state

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Marina Kaljurand</span> Estonian politician (born 1962)

Marina Kaljurand is an Estonian politician and Member of the European Parliament. Kaljurand served as Minister of Foreign Affairs in Taavi Rõivas' second cabinet as an independent. Earlier, she served as the Ambassador of Estonia to the United States, Russia, Mexico, Canada, Kazakhstan, and Israel.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

<span class="mw-page-title-main">Estonian Defence Forces</span> Armed forces of Estonia

The Estonian Defence Forces is the unified military force of the Republic of Estonia. The Estonian Defence Forces consists of the Estonian Land Forces, the Estonian Navy, the Estonian Air Force, and the paramilitary Estonian Defence League. The national defence policy aims to guarantee the preservation of the independence and sovereignty of the state and maintain the integrity of its land area, territorial waters, airspace, and constitutional order. Its main goals remain the development and maintenance of a credible capability to defend the nation's vital interests and of the defence forces in a way that ensures their interoperability with the armed forces of NATO and European Union member states in order to participate in the full range of missions for these military alliances.

<span class="mw-page-title-main">Cooperative Cyber Defence Centre of Excellence</span> Military organization

NATO CCD COE, officially the NATO Cooperative Cyber Defence Centre of Excellence, is one of NATO Centres of Excellence, located in Tallinn, Estonia. The centre was established on 14 May 2008, it received full accreditation by NATO and attained the status of International Military Organisation on 28 October 2008. NATO Cooperative Cyber Defence Centre of Excellence is an international military organisation with a mission to enhance the capability, cooperation and information sharing among NATO, its member nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Russian influence operationsin Estonia consist of the alleged actions taken by the government of the Russian Federation to produce a favorable political and social climate in the Republic of Estonia. According to the Estonian Internal Security Service, Russian influence operations in Estonia form a complex system of financial, political, economic and espionage activities in Republic of Estonia for the purposes of influencing Estonia's political and economic decisions in ways considered favourable to the Russian Federation and conducted under the doctrine of near abroad. Conversely, the ethnic Russians in Estonia generally take a more sympathetic view of Moscow than that of the Estonian government. According to some, such as Professor Mark A. Cichock of the University of Texas at Arlington, the Russian government has actively pursued the imposition of a dependent relationship upon the Baltic states, with the desire to remain the region's dominant actor and political arbiter, continuing the Soviet pattern of hegemonic relations with these small neighbouring states. According to the Centre for Geopolitical Studies, the Russian information campaign which the centre characterises as a "real mud throwing" exercise, has provoked a split in Estonian society amongst Russian speakers, inciting some to riot over the relocation of the Bronze Soldier. The 2007 cyberattacks on Estonia is considered to be an information operation against Estonia, with the intent to influence the decisions and actions of the Estonian government. While Russia denies any direct involvement in the attacks, hostile rhetoric from the political elite via the media influenced people to attack.

Mark Sirõk is a Russian-speaking Estonian political activist. He is designated as a commissar of the pro-Kremlin youth movement Nashi and a leader of the movement in Estonia.

The July 2009 cyberattacks were a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States. The attacks involved the activation of a botnet—a large number of hijacked computers—that maliciously accessed targeted websites with the intention of causing their servers to overload due to the influx of traffic, known as a DDoS attack. Most of the hijacked computers were located in South Korea. The estimated number of the hijacked computers varies widely; around 20,000 according to the South Korean National Intelligence Service, around 50,000 according to Symantec's Security Technology Response group, and more than 166,000 according to a Vietnamese computer security researcher who analyzed the log files of the two servers the attackers controlled. An investigation revealed that at least 39 websites were targets in the attacks based on files stored on compromised systems.

<span class="mw-page-title-main">Jart Armin</span> Cybercrime and computer security investigator and analyst

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.

The Estonian Defence League’s Cyber Unit is a group of units within certain malevs of the Estonian Defense League established in 2010. Created out of inspiration from the 2007 cyberattacks on Estonia and spearheaded by Informatics Scientist Ülo Jaaksoo, it focuses on the defense of the Estonian state and private telecommunications infrastructure from outside-derived cyberattacks, and mostly employs the volunteer participation of IT professionals.

Jeffrey Carr is a cybersecurity author, researcher, entrepreneur and consultant, who focuses on cyber warfare.

<span class="mw-page-title-main">Eerik-Niiles Kross</span> Estonian politician

Eerik-Niiles Kross is an Estonian politician, diplomat, former chief of intelligence and entrepreneur. He is a member of parliament (Riigikogu). During the 1980s, Kross was a prominent figure in the anti-Soviet non-violent resistance movement in Soviet Estonia. After re-independence, in 1991, he joined Estonia's Foreign Ministry. He served as the head of intelligence from 1995 to 2000; and as national security advisor to former President Lennart Meri in 2000 and 2001.

The Tallinn Manual, originally entitled, Tallinn Manual on the International Law Applicable to Cyber Warfare, is an academic, non-binding study on how international law, especially jus ad bellum and international humanitarian law, applies to cyber conflicts and cyber warfare. Between 2009 and 2012, the Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts. In April 2013, the manual was published by Cambridge University Press.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include APT44, Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

In Q2 of 2013, Akamai Technologies reported that Indonesia topped China with a portion 38 percent of cyber attacks, an increase from the 21 percent portion in the previous quarter. China was at 33 percent and the US at 6.9 percent. 79 percent of attacks came from the Asia Pacific region. Indonesia dominated the attacking to ports 80 and 443 by about 90 percent.

References

  1. Ian Traynor (17 May 2007). "Russia accused of unleashing cyberwar to disable Estonia". The Guardian .
  2. "War in the fifth domain. Are the mouse and keyboard the new weapons of conflict?". The Economist. 1 July 2010. Retrieved 2 July 2010.
  3. 1 2 "Estonia fines man for 'cyber war'". BBC. 25 January 2008. Retrieved 23 February 2008.
  4. Graham, Mark; Zook, Matthew; Boulton, Andrew (10 August 2012). "Augmented reality in urban places: contested content and the duplicity of code". Transactions of the Institute of British Geographers. 38 (3): 464–479. doi:10.1111/j.1475-5661.2012.00539.x. ISSN   0020-2754.
  5. 1 2 "Cyberwarfare is becoming scarier". The Economist . 24 May 2007. Archived from the original on 9 December 2008. Retrieved 26 May 2007.
  6. "Estonia fines man for 'cyber war'". BBC News. 25 January 2008. Retrieved 22 April 2010.
  7. Robert Coalson (6 March 2009). "Behind The Estonia Cyberattacks". Radio Free Europe .
  8. "Kremlin-backed group behind Estonia cyber blitz". Financial Times . 11 March 2009. Archived from the original on 11 April 2009.
  9. "Authoritatively, Who Was Behind The Estonian Attacks?". 17 March 2009. Archived from the original on 1 July 2009.
  10. Bright, Arthur (17 May 2007). "Estonia accuses Russia of "cyberattack"". Christian Science Monitor. Retrieved 10 May 2017.
  11. Shackelford, Scott (4 November 2009). "Estonia Two-and-A-Half Years Later: A Progress Report on Combating Cyber Attacks". Journal of Internet Law. SSRN   1499849.
  12. Herzog, Stephen (2011). "Revisiting the Estonian Cyber Attacks: Digital threats and Multinational Responses". Journal of Strategic Security. 4 (2): 49–60. doi: 10.5038/1944-0472.4.2.3 .
  13. 1 2 "Venemaa jätab Eesti küberrünnakute uurimisel õigusabita". Postimees (in Estonian). 6 July 2007. Archived from the original on 8 July 2007.
  14. 1 2 "Venemaa keeldus koostööst küberrünnakute uurimisel". Eesti Päevaleht (in Estonian). 6 July 2007.
  15. Leyden, John (24 January 2008). "Estonia fines man for DDoS attacks". The Register. Retrieved 22 February 2008.
  16. "Venemaa keeldub endiselt koostööst küberrünnakute uurimisel". ERR (in Estonian). 13 December 2008.
  17. 1 2 3 Clarke, R.A.; Knake, R.K. (2010). Cyber War: The Next Threat To National Security And What To Do About It. Harper Collins.
  18. 1 2 "Commissar of Nashi says he waged cyber attack on Estonian government sites". Swiss Baltic Chamber of Commerce in Lithuania/Baltic News Service . 2 June 2007. Archived from the original on 10 October 2007.
  19. 1 2 3 "Электронная бомба. Кто стоит за кибервойной России с Эстонией" (in Russian). Archived from the original on 9 October 2007.
  20. "Urmas Paet, the Estonian Foreign Minister, accused the Kremlin of direct involvement". Times Online. Archived from the original on 24 July 2008.
  21. 1 2 "Analysis: Who cyber smacked Estonia?". United Press International.
  22. "Estonia Under Russian Cyber Attack?". Internetnews.com.
  23. Bill Brenner (18 May 2007). "Experts doubt Russian government launched DDoS attacks". SearchSecurity.com.
  24. "The WIRED Guide to Cyberwar". WIRED.
  25. Healey, Jason (23 May 2012). "Building a Secure Cyber Future: Attacks on Estonia, Five Years On". Atlantic Council. Retrieved 11 June 2021.
  26. "Monument dispute with Estonia gets dirty".
  27. Tiraspol Times 9 June 2007: Ministry of Internal Affairs lists PMR's 10 most wanted
  28. "Военно-виртуальный альянс - Украина делает первые шаги на пути в НАТО". gzt.ru (in Russian). 8 February 2008. Archived from the original on 6 June 2008.
  29. Ahto Lobjakas (15 June 2007). "NATO andis rohelise tule Eesti küberkaitse kavale". Eesti Päevaleht (in Estonian). Archived from the original on 4 June 2008.
  30. "About Us". CCDCOE. Retrieved 25 April 2022.
  31. "NATO launches cyber defence centre in Estonia". AFP. 14 May 2008. Retrieved 25 April 2022.
  32. "President Bush to Welcome President Toomas Ilves of Estonia". White House . 4 May 2007.
  33. "Bush, Ilves eye tougher tack on cybercrime". Yahoo/AFP. 25 June 2007.
  34. "NATO tegi filmi Eesti "kübersõjast"". Postimees (in Estonian). 28 March 2009.