Could a single hacker crash a country's network?

Estonia's Hack Attack

Cybersecurity has become a full-blown national security problem.
Cybersecurity has become a full-blown national security problem.
Sean Gallup/Getty Images

Cyber-Armageddon has yet to commence, but hackers are waging small skirmishes -- like what took place on July 4, 2009, against the United States and South Korea -- and their skills only continue to mature. Some of the most talented hackers these days live in Russia and former Soviet states [source: Poulsen]. That criminal tech tidbit is interesting, given the political situation surrounding the virtual collapse of Estonia's nationwide network in 2007.

In March 2009, a 22-year-old Russian named Konstantin Goloskokov admitted to rallying a group of pro-Kremlin friends to launch a series of cyber-attacks against Estonian Web sites two years prior. Rioting broke out in Estonia in the spring of 2007 after government workers relocated a commemorative World War II statue of a Soviet soldier. Russian loyalists took offense to the statue incident, which they perceived as a direct snub to the former Soviet Union's contributions to the war [source: Lowe]. As the fighting in streets calmed, a second wave of aggression cropped up in cyberspace. According to Goloskokov, he and a group of friends directed enormous streams of data to Estonian government, bank and media Web sites, effectively crippling the nation's Internet access off and on from April 26 to May 18, 2007.

The Estonian virtual invasion consisted of distributed denial-of-service attacks (DDoS). With DDoS attacks, hackers use other people's computers, sometimes halfway across the globe, to wreak virtual havoc. To launch DDoS attacks, hackers first access other people's computers through zombie applications, malicious software that overrides security measures or creates an entry point. Once hackers gain control over so-called zombie computers, they can network them together to form cyber-armies, or botnets. The Estonian attack relied on vast botnets to send the coordinated crash-inducing data to the Web servers.

Just how much damage did that small group of hackers carry out? According to a New York Times article reporting on the events, the hackers rained down a data load equivalent to downloading the entire Windows XP operating system every six seconds for 10 hours [source: Landler and Markoff]. Hannabank, Estonia's largest bank and one of the prime targets of the attack, lost around $1 million over the course of the attacks, and Parliament members couldn't access e-mail for four days [source: Landler and Markoff].

Goloskokov, the cyber-attack mastermind, claimed the siege was a form of civil disobedience, rather than criminal behavior. Whatever the intent, the incident demonstrated the tremendous power that a remote group of hackers can wield. Especially considering that Estonia is one of the most wired nations on the globe, the implications for what could happen to larger and arguably less sophisticated networks in, say, the United States seem rather grave. In 2000, the Estonian government adopted Internet access as a basic human right. But as hackers hone their skills, the Baltic nation may have to fight to defend it.

Related HowStuffWorks Articles

More Great Links


  • Commission on Cybersecurity for the Office of the 44th President. "Securing Cyberspace for the 44th President. Center for Strategic and International Studies. December 2008. (July 31, 2009)
  • Internet Crime Complaint Center. "2008 Internet Crime Report." Bureau of Justice Assistance. 2008. (July 31, 2009)
  • Landler, Mark and Markoff, John. "Digital Fears Emerge After Data Siege in Estonia." The New York Times. May 29, 2007. (July 31, 2009)
  • Lowe, Christian. "Kremlin loyalist says launched Estonian cyber-attack." Reuters. March 13, 2009. (July 31, 2009)
  • Olsen, Kelly. "Massive Cyber Attack Knocked Out Government Web Sites Starting on July 4." Huffington Post. July 8, 2009. (July 31, 2009)
  • Poulsen, Kevin. "Future of Cyber Security: Hackers Have Grown Up." Wired. July 28, 2009. (July 31, 2009)
  • Zetter, Kim. "Obama Says New Cyberczar Won't Spy on the Net." Wired. May 29, 2009. (July 31, 2009)