A wave of cyber attacks hit NATO (North Atlantic Treaty Organisation) websites, and the alliance's Estonia-based cyber defence “centre of excellence”, on Saturday forcing them offline for a “few hours” and even into the early hours on Sunday.
The www.nato.int homepage was inaccessible on Sunday morning but resumed normal operation on Monday, while the website of Tallinn-based NATO Co-operative Cyber Defence Centre of Excellence returned online shortly after the attack was first discovered.
The group responsible for the attack couldn't be verified immediately afterwards, until an organisation calling itself “cyber berkut” took responsibility. Cyber berkut is a reference to the disbanded riot squads used by the government of ousted pro-Russian Ukraine president Viktor Yanukovich. In a statement published on Sunday, the group says that it attacked NATO because of perceived interference in their country.
“We, Cyber Berkut, will not allow the presence of NATO occupiers on the territory of our homeland,” the group said.
NATO press spokesperson Oana Lungescu revealed that the attack was ongoing on Sunday morning and added that hackers were carrying out distributed denial of service (DDoS) attacks on a number of different websites.
“DDoS attack on some NATO sites ongoing but most services restored. Integrity of NATO data & systems not affected. We continue working on it,” tweeted Oana Lungescu at the time.
The attacks followed shortly after NATO claimed that the Crimea referendum was "illegal". The vote apparently shows that over 96 percent of those who voted want to become part of Russia.
NATO was hacked in July 2011, when hackers obtained 1GB of computer data from the alliance's servers, while last November Anonymous Ukraine launched a DDoS attack against NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE). Hackers kept the website offline for almost two hours in response to NATO hacking a number of Ukrainian government websites.
In response to this news over the weekend, Eerke Boiten, director, Cyber Security Research Centre, University of Kent, told SCMagazineUK.com that the DDoS attack was “innocuous” and the equivalent of “taking a poster down”, something Robert David Graham, CEO of Errata Security, added by pointing us to this graphic.
“They've shown the manpower and willpower but they haven't yet shown the intelligence,” he said of the Ukranian group, adding that this latest attack was likely more of a “digital protest” – something which he said was commonplace in 2007 and 2008 when there was political unrest in Estonia and Georgia. “Taking a web server down – it's a form of publicity and I wouldn't expect [hackers] to get much further.”
But Boiten added that this was a different thing entirely to government-sponsored cyber warfare, which he said often manifests itself when other events are going on.
“The best way for cyber warfare is to strike when something else is going on. What you'd expect from a government-sponsored attack is where you can't see the attack but it causes massive damage.”