Delfi falls victim to cyber attacks

The Baltic Times
Adam Krowka, TALLINN

The multilingual Internet news portal Delfi has been hit with several waves of cyber attacks that have forced administrators to temporarily cut off international access to the Web site.

The attacks, which varied in intensity, began early in the week of Jan. 7 and reached a climax on Jan. 9 and 10. Foreign access to the site was completely restricted Jan. 11 as a response to the onslaught.

Before going to press The Baltic Times learned that another attack had occurred on the night of Jan. 14.

Delfi administrators have since blocked traffic from several countries in the Far East where the attack appear to have come from.

The attacks are reminiscent of the days following the Bronze Soldier riots of last April, when broad, sustained cyber attacks crippled a large number of government and commercial Web sites.

Delfi admitted they are still not on top of the problem.

“You can never say when it [the attack] is finished. It sort of comes and goes, can cease at one moment and then start again,” Andrus Raudsalu, executive director at Delfi, told The Baltic Times.

Access to the site from Estonia suffered only small interruptions during the attacks, and access from European and North American domains was quickly restored.

No other Estonian news sites reported problems with their services. The culprits and their motive for the attack remain unclear.

“We haven”t received any indication of who would have been behind the attacks. The question is why was it solely against Delfi? This was targeted against us, it wasn”t an attack on the entire Estonian Internet,” Raudsalu said.

Delfi maintains that it did not have any controversial articles on its site that could have sparked the offensive. However, the timing may have been meant to coincide with the opening of a trial on Jan. 14 of several men charged with organizing the April riots.

Additionally, Konstantin Golosokov, a member of the pro-Kremlin youth group Nashi, was detained days earlier for attempting to illegally cross the border from Belarus in Lithuania. Golosokov had admitted to having a part in organizing April”s cyber attacks.

The Estonian Informatics Centre (RIA), which responds to security incidents affecting Estonian networks, played a small part in assisting Delfi throughout the attack. RIA Communication Manager Katrin Pargmae said that Delfi dealt very well with managing the situation on its own.

Computer experts say it is very difficult to determine the source of such an attack. Although these attacks appeared to come from the Far East, the ultimate source could be anywhere. In the case of such DDoS (distributed denial of service) attacks, the organizer carries out the work using a large number of computers in different countries, usually without the computer owners” knowledge.

When a DDoS attack is initiated, a single, untraceable computer sends a signal to these computers, known as “bots.” These machines then simultaneously attempt to access a single site. The result is an overload of attempts to reach the site, and denial of service for regular users.

In the cyber attacks that followed the April disturbances a wide range of Estonian sites were targeted including those of government ministries, political parties, newspapers, banks and private companies.

The NATO alliance sent computer experts to Estonia to investigate, describing the offensive as an “operational security issue.” Russian cyber attackers were largely suspected for being behind the monthlong attacks.