The cyberwar era arguably began two hours before midnight on April 26, 2007, when hordes of Internet traffic started quietly overwhelming servers in the small European nation of Estonia.
The barrage, prompted by the Estonian government’s decision to relocate a controversial monument to the country’s Russian liberators in World War II, went largely unnoticed for the first 24 hours. After a week, major government websites were offline. In the second week, the hackers, operating from an unknown location and controlling infected machines all over the world, brought down the websites of Estonia’s major newspapers. The papers’ IT experts eventually had to block all international traffic to stay online—saving themselves, but cutting off their best way of telling the world that they were under attack.
The hackers were using a technique called a distributed denial-of-service (DDoS) attack. They assembled botnets—networks of computers surreptitiously infected with their malware—to flood Estonian servers with data requests. This jumble of garbage traffic prevented packets of genuine data from getting through. DDoS attacks are a crude but highly effective tool, and they continue to be a major weapon in cyberattackers’ arsenals.
The attacks peaked at midnight, Russian time, on May 9, the anniversary of V-E Day. The symbolism was obvious and deliberate: Most of the attacks were the work of pro-Russian activists, who used software distributed on Russian-language forums and were furious about the relocation of a statue honoring their war heroes. When the nationwide political cyberattack reached a fever pitch, Estonian servers received a combined total of 4 million packets per second from almost 1 million computers worldwide.
“Never before had an entire country been targeted on almost every digital front all at once,” wrote Wired’s Joshua Davis in August 2007, “and never before had a government itself fought back.”