| Date post: | 14-Aug-2015 |
| Category: |
Documents |
| Upload: | jason-ganz |
| View: | 168 times |
| Download: | 1 times |
THE POLITICS OF CYBERWAR
A Thesis
Presented to
The Faculty of the Department of Political Science
Brooklyn College
In Partial Fulfillment of the
Requirements for the Degree
Master of Arts
By
Jason S. Ganz
Spring 2015
i
ABSTRACT
The 2007 cyberattacks against Estonia and the 2008 cyberattack against Lithuania,
presumably by Russia, raised the question why are states turning to cyberwarfare. The
technical complexity of these attacks brings to light issues regarding international law,
international organizations, hegemony, plausible denial, hybrid regimes, and states' abilities
to endure these attacks. Through the analysis of these most similar attacks, I show that
international organizations and collective security organizations do not sufficiently protect
their member-states from cyberattacks, making them a useful strategy, especially for hybrid
regimes, but that there is an important second mover advantage in being able to learn from
the first attack and implementing measures to reduce the intensity and duration of subsequent
attacks. In conclusion, I highlight more recent cyberattacks by Russia against non-NATO
states, attacks by other states, pre-emptive cyberattacks, and non-aligned cyber-NGOs. I
propose a working relationship between states and non-aligned cyber-NGOs that will provide
state legitimacy and technological prowess in policing darknet, a portion of the internet
where many cyberattacks are hatched, thereby reducing or eliminating states' abilities to deny
their roles in future attacks.
ii
TABLE OF CONTENTS
CHAPTER 1: INTRODUCTION 1
RELEVANT CYBER-BACKGROUND 3
SOME POSSIBLE EXPLANATIONS
FROM INTERNATIONAL AFFAIRS
5
METHODOLOGIES 9
CONCEPTUAL SIGNIFICANCE AND
PRACTICAL SIGNIFICANCE
10
CHAPTER 2: INTERNATIONAL LAW AND
ITS LIMITATIONS
11
A TIMELINE OF INTERNATIONAL
CHARTERS AND TREATIES
11
LIMITATIONS OF CURRENT
INTERNATIONAL CHARTERS AND
TREATIES
18
HOW STATES HAVE SURVIVED
WITHOUT A SYSTEMIC TREATY
23
CHAPTER 3: WHY RUSSIA CHOOSES
CYBERWARFARE
25
RUSSIA'S HISTORIC EXPANSIONISM 25
THE POLITICS OF HYBRID REGIMES 30
CYBERWARFARE: AN
ALTERNATIVE AGAINST NATO
PARTY-STATES
34
HOW CYBER-MERCENARIES
ENGAGE IN ECONOMICS-DRIVEN
ATTACKS
36
CYBER-RUSSIAN ROULETTE 42
CHAPTER 4: ESTONIA: A TARGET, AND A
NERVE CENTER
43
ESTONIA'S FIGHT FOR
INDEPENDENCE
43
POST-COMMUNIST ESTONIA: FOR
ESTONIA, BY ESTONIA
47
THE CYBERATTACKS 52
iii
THE AFTERMATH OF THE
CYBERATTACKS
58
CHAPTER 5: LITHUANIA: ANOTHER
BALTIC STATE ANOTHER
CYBERATTACK
61
HISTORIC LITHUANIAN / RUSSIAN
RELATIONS
61
LITHUANIA: THE LITTLE COUNTRY
THAT SHOULDN'T
66
THE CYBERATTACKS 71
THE CYBERATTACK'S AFTERMATH:
LITHUANIA GETS MORE ATTACKS
74
CHAPTER 6: CONCLUSIONS AND
EPILOGUE: CURRENT ATTACKS, NEW
METHODS, AND A PROGNOSIS
78
RUSSIAN CYBERATTACKS vs. NON-
NATO MEMBER STATES
79
THE UNITED STATES (AND ISRAEL)
vs. IRAN: A BRIEF ON STUXNET
81
PREEMPTIVE CYBERWARFARE 83
NON-ALIGNED CYBER-NGOs: AN
IMPERFECT IDEA
86
PRINTED WORKS CITED 90
DIGITAL WORKS CITED 99
1
CHAPTER 1
BACKGROUND
From April 26 through May 23, 2007, Estonia endured a series of Distributed Denial
of Service (DDoS) attacks that crippled much of the government’s political and economic
infrastructure This followed the Estonian Parliament’s (Riigikogu) vote to remove a Soviet
war monument and exhume war graves into a military cemetery (AfriNIC 2010, Tikk, Kaska,
and Vihul 2010). Similarly, from June 28to July 2, 2008, Lithuania endured attacks against
its political structures due to laws passed by the Lithuanian Parliament (Seimas) prohibiting
public displays of Nazi and Soviet emblems and anthems. Although Russia has been blamed
for both attacks, the claim has been difficult to prove for both Estonia (Bradbury 2014) and
Lithuania (Tikk, Kaska, and Vihul 2010) due to various location-encrypting technologies
such as The Onion Router (TOR). The existing treaties do little to create penalties for states
that engage in cyberwarfare (Bradbury 2014). This thesis, using Estonia and Lithuania as
case studies, analyzes why and how these attacks took place, the legacy of these two attacks,
and briefs more recent, intense, attacks such as Stuxnet (Valeriano and Maness 2012) and
Ouroboros (BAE Systems 2014). Lastly, this thesis provides a solution to mitigate future
attacks.
Both Estonia and Lithuania share a common Nazi / Soviet history as a result of being
annexed to the Soviet Union as a result of Section I of the Molotov-Ribbentrop Pact’s
“additional secret protocol” (European Network – Molotov-Ribbentrop Pact.pdf). During
their tenures as Soviet Republics, nationalist movements such as the Union of Lithuanian
Freedom Fighters (LLKS) that fought from 1948-1952 (Vardys 1963), Lithuania’s Sajudis
movement (1980s) (Beissinger 2009a) and the Estonian National Front (1988) worked to
2
increase global awareness of the Baltic States’ issues (Muizniks 1995). Such resistance to
Soviet control were why Estonia and Lithuania were among the first to secede from the
Soviet Union; Lithuania on March 11, 1990 with a 124-0 vote (Kotkin 2008); Estonia on
March 30, 1990 with a 73-0 vote (Olson, Pappas, and Pappas 1994).
The post-Soviet governments passed statutes that prohibited pro-Nazi and pro-Soviet
media within both Estonia’s Riigikogu and Lithuania’s Seimas (Tikk, Kaska, and Vihul 2010)
and consequently were met with pro-Russian retaliation against both states – presumably in
order to show these neighboring states that Russia was still the regional hegemon among its
former Soviet Republics. However, whereas traditional attacks (i.e.: naval, infantry, air-
strike, etc.,) would have allowed for retaliation by the affected states as individuals and as
part of supranational organizations such as NATO – which both Estonia and Lithuania were
members of (Jarvenpaa 2014). Why haven’t such supranational organizations, rooted in
military protection, been able to react against cyberattacks in the same way as traditional
attacks?
This is not just a problem of small states like Lithuania and Estonia, but a problem
that affects larger states such as the United States. The United States has been cyber-attacked
26 times between 2001 and 2011 (Valeriano and Maness 2012). Russia, a primary attacker
of United States servers, has also cyberattacked former states such as Georgia with greater
frequency (Valeriano and Maness 2012). These attacks against larger states may be “to show
existence and the capabilities of an attack” (Valeriano and Maness / USNWC – Cyber
Espionage 2013), but larger states have allegedly countered with cyberattacks of their own in
order to sabotage computer networks and infrastructure within Iran (Demidov 2013).
3
One half of one percent of all Stuxnet attacks are aimed at Russia, and approximately
fifty-eight percent are aimed at Iran (Demidov 2013). On November 12, 2013 a USB drive
carrying Stuxnet was found on the International Space Station (Shamah 2013), demonstrating
the ease in which cyberattacks can unravel through otherwise-innocuous means. The United
States and Israel have denied any responsibility for the Stuxnet attack (Milosevic 2013),
presumably on the basis that the attacks cannot be definitively traced back to them.
RELEVANT CYBER-BACKGROUND
Because this thesis has a substantial weight of its information in computer science,
there are several key terms that, once understood, will facilitate the ability to combine
political science with the increasing prevalence of computer-based technologies in the
political theatre. Terms such as “cyberattack,” “distributed denial of service (DDoS) attack,”
“darknet,” and “TOR” will need to be understood as to how they tie into cyberattacks in the
21st century.
NEC (2014) defines cyberattacks “as politically and socially motivated attacks that
are carried out through the internet via fake websites, infected computers (bots), and
malicious programs (i.e.: viruses, worms, Trojan horses).” These malicious entities
compromise the legitimate operation of websites with the potential for extensive damage to
network infrastructures). These attacks may be launched by an individual with a computer,
but are primarily either from small countries with relaxed technological laws (Bradbury
2014), or from organizations that possess agendas against various government or private
organizations (AfriNIC 2010). The most common type of cyberattack is the Distributed
Denial of Service attack.
4
Distributed Denial-of-Service Attacks (DDoS) are attacks in which a variety of “bot”
computers – infected computers and servers controlled by a central computer or central
computers – work as a collective to overload the “recipient server(s)” with as many
information requests as possible so the server can no longer handle the requests, and thus the
network is degraded (Singh and Gyanchandani 2010). There are several types of DDoS
attacks that can be deployed to either oversaturate the server’s available network bandwidth
or overload a server’s computational resources. The most common forms of DDoS attacks
used in the political domain are bandwidth-based that hope to simply overpower the afflicted
government / organization’s firewalls with junk transmissions. The other type of DDoS
attack is traffic-based, in which the servers are simply overloaded with individual requests
and cannot discern the legitimate requests from “bot” requests (NSFocus Introduction to
DDoS 2014).
The Onion Router (TOR) is a location falsification and encryption program created in
2002 by the United States Naval Research Laboratory’s Center for High Assurance
Computing Systems as a means of allowing the various branches of the United States
military to communicate without detection on public networks (US NRL CHACS 2014).
More recently, it has been used by individuals seeking to protect their internet activities from
government and / or corporate snooping (TOR Project – Normal Users 2014), as well as by
cyberspace non-government organizations (Cyber-NGOs) and governments seeking to cloak
internet Protocol (IP) Addresses that could otherwise disclose their locations (Tikk, Kaska,
and Vikul 2010).
Darknet is a portion of the internet comprised of hidden services that uses a pseudo
top-level domain such as .onion, and is typically only accessible by using a program such as
5
TOR (Martin 2013). Darknet’s relative obscurity and clandestine nature, and its requirement
of a cloaking service such as TOR to access it, means that tracking user activities is often
difficult, if not impossible, without the appropriate entrance-node and exit-node information
(Martin 2013, Choucri 2012, Guitton 2013). DDoS attacks are often launched from darknet
due to the difficulty in tracing the point of origin (Bradbury 2014), and the difficulty in
tracing the hidden service’s users and their respective activities (Guitton 2013).
SOME POSSIBLE EXPLANATIONS FROM INTERNATIONAL AFFAIRS
From the perspective of the international relations theory of realism, a cyberattack is
not unlike a traditional attack, and is an act of war against the besieged state. Hans
Morgenthau argues in his six principles of political realism that power defines international
politics, and that motive, intentions, and other speculations are irrelevant compared to the
actual outcome of the event; good foreign policy’s interest being the mitigation of risk to the
state while maximizing benefit to the state (Morgenthau 1948). Geoffrey Blainey contends
that the collaboration of states for economic growth has worked in reducing the likelihood of
war by allowing states to jointly build up economic power while building mutual respect and
forming supranational unions in order to reduce the likelihood of further wars. Blainey states
that this collaboration is regional, and that there is often a desire by larger states to attack
smaller states as not only a show of the larger state’s “war resources,” but also because
smaller states are less likely to provoke a larger state or retaliate against a larger state
(Blainey 1988).
Blainey contends that states’ collaborations to maximize joint economic strength only
works between hegemons; larger / smaller state relations are more adversarial (Blainey 1988).
6
The issue that exists with this theory is that it only works within traditional political arenas,
and fail to take into account states’ respective presences in the digital domain. Katherine
Tsai contends that “The Three R’s of Compliance” for rational international law – reciprocity,
reputation, and retaliation – are more important because although traditional realists
accounted for actions taken between states, within the digital domain, non-state actors such
as Anonymous can exert a significant interest in the digital political domain of international
law (Tsai 2011).
The second theory that must be examined is small state theory. Small state theory
suggests small states are more concerned with their survival than large states due to various
factors. Thus, small states put a greater amount of foreign policy towards assuaging larger
states that can create more “political waves” than smaller states without retaliation (Fendius-
Elman 1995). Traditionally, large states and small states could be easily defined by the
ability to exert militarily or through treaties and organizations within a sphere of. States that
possess an excess of power are always under the temptation to use it regardless of any
treaties and conventions aimed to regulate the undue exertion of such power (Waltz 2000).
Small state theory gains relevance in cyberwarfare when larger states use
computational might as a weapon to force compliance from smaller states. Whereas small
state theory rested primarily in military interests such as the United States’ occupation and
overthrow of what it perceived as a “weak leader” in the Dominican Republic (Waltz 2000),
the cyber-aspect of small state theory must now contend with not only the presence of the
smaller state in cyberspace, but its ability to fend off external attacks from larger states, with
traditional military means taking a secondary position to firewalls, server strength, and ability
for Computer Emergency Response Teams (CERTs) to rectify the issues and mitigate
7
potential damage to the states’ infrastructures (CERT.LT). In chapter two, I analyze these
international relations theories, the shortcomings of international law, and explain how small
states have specialized in selling various technologies to larger states. In chapter four, I show
how one traditionally small state has become a hegemon in cybersecurity.
In chapter three, I turn to explanations that might explain why countries like Russia
are likely to turn to cyberwarfare. With the examples of Russia and China, Azar Gat
proposes that authoritarian capitalist regimes, in which a regime is capitalist and trades
openly on the market, are particularly dangerous. These regimes are different from traditional
liberal economic regimes in that their governments are not democratic. Gat proposes that had
there not been losses in wars, authoritarian capitalist regimes such as Nazi Germany or
imperial Japan may not have been economically inferior to western liberal economic states
(Gat 2007a). Additionally, Gat views an economic second world comprised of economically
liberal, yet politically authoritarian, states that possess a very close patron-client (or state-
private enterprise) relationship as a bipolar force against the liberal west (Gat 2007b)
Others suggest that Russia is a kind of hybrid, retaining some elements of democracy,
such as elections in which some opposition is allowed to run (Diamond 2002; Hale 2005).
They suggest that the state must have some support from its constituents either through votes,
or through exertions of power either against minorities within the state, or against smaller
surrounding states to gain some popular support. Hybrid regimes are seen as outwardly
democratic and use elections, multi-party structures (Diamond 2002), and ethnofederalism
(Hale 2005), in order to mask the actual authoritarian workings of the state (Diamond 2002).
Fourth, war, even cyberwarfare, may be a way to build Vladimir Putin’s masculinity
engage in war-mongering actions in order to build up national pride, or participate in war /
8
conflict as a means of promoting masculinity. Janet Elise Johnson and Jean C. Robinson
(2007) suggest that masculinity might explain why Russia employs cyberwafare against the
Baltics. In this instance, Russia is the masculine and aggressive hegemon that uses
cyberattacks to impose is will upon the more feminine and less hegemonic Baltic States.
Janet Elise Johnson states that in post-Soviet Russia, the traditional ideal of masculinity was
“imaged” as Vladimir Putin, an under-50, fit (i.e.: the infamous naked torso shot released by
the Kremlin in 2007), President whose masculinity and aggressive behaviors as head of state
furthered Russia’s image as a global power through aggressive anti-terror stances and
national rebuilding.
Lastly, because of the anarchic, lawless state of nature within darknet, Thomas
Hobbes’ the “Leviathan Theory,” in which members within a population concede a measure
of power to a central sovereign / ruler in exchange for protections (Hobbes 1651) is studied
as a proposed means of controlling darknet. A Hobbesian view of darknet is a cruel place
where all individuals / parties seek to maximize their power such to the extent that no
individual power is great enough to check the leader. Hobbes claims that each individual –
or in the case of darknet, individuals, organizations, and potentially states – seeks to compete
with other actors in a zero-sum game (Hobbes 1651). Because darknet is a domain that is not
yet controlled by such a “Leviathan” such as a president or a supranational organization,
Hobbesian ideology, while primitive, is the most conducive means of instituting modern
political means into what is currently a state of chaos.
As a result, the following question must be raised. In the post-Cold War and post 9/11
era, why do countries turn toward cyberwarfare? Is this a new geopolitical reality that
realist IR theory or old political theory (i.e.: Hobbes) can help explain? My hypothesis is
9
that realist IR theory, mixed with Hobbesian theories of Leviathans and chaos, can help
explain this turn, especially between big and small states. The best evidence we have
suggests that big states such as Russia use informal groups, as “virtual thugs,” to do the
state’s dirty deeds against small states. The technical complexity of proving the state as the
culprit, thus gives the big state “plausible denial,” or lying to the general public and / or
organizations in order to protect the state and regime from reprisal (Marchetti 1989).
METHODOLOGIES
This thesis analyzes the most similar case method to compare Russian attacks against
Estonia and Lithuania. It explores the reasons why Russia chose to engage in these attacks
on its former Soviet Baltic neighbors by comparing the similarities and differences between
Estonia and Lithuania with regards to their traditional and cyberspace-based interstate
relationships. Additionally, examining domestic policies demonstrates how Russian foreign
policy influences relationships with its smaller, once-Soviet, neighbors.
In order to collect data on the attacks themselves, primary data sources such as
newspapers, government reports from countries and supranational organizations, and defense
blogs from states and organizations that specialize in cybersecurity were analyzed and
compiled in order to learn more about how the attacks in real-time. Additionally, the thesis
uses an extensive array of academic secondary sources, exploring Russian-Estonian relations
and Russian-Lithuanian relations from a “cyberpolitical perspective.” Lastly, some research
was done on darknet to find information on hidden services that may not be in journals, to
find the potential sources of, and organizations tied to, cyberwarfare.
.
10
CONCEPTUAL SIGNIFICANCE AND PRACTICAL SIGNIFICANCE
The conceptual significance of this thesis is to help Russian scholars understand
Russia better from the perspective of warfare; that is, because war for war's sake is no longer
considered acceptable by democratic states. Such predispositions toward warlike actions
have transitioned into cyberwarfare against smaller states, particularly by hybrid regimes that
must balance outward displays of democracy with inward displays of authoritarian and
nationalist might. Additionally, this thesis’ significance is to help international relations
scholars better understand and gain focus on the issue of cyberwarfare, which has not had a
great deal of focus within current political study. To improve the focus, this thesis brings
light to the increasing prevalence of cyberwarfare as a substitute for traditional means of
engaging in war through the included case studies – the 2007 Estonia Cyber War, and the
2008 Cyberattacks on Lithuania – and demonstrates the increasing importance of further
study of this largely overlooked subset of political science.
The thesis brings attention to the lack of treaties and theories that cover the behaviors
and actions of states and organizations that partake in such actions and then claim plausible
denial. In doing so, I wish to help the international diplomatic communities understand the
need to adopt and ratify laws and treaties that provide cyber-NGOs with the resources to
control cyberwarfare the ability to negotiate and ratify treaties in the same way that states do
so that darknet can maintain its status as a center for free speech while being less susceptible
to being the point of origin for cyberattacks against smaller states.
11
CHAPTER 2
INTERNATIONAL LAW AND ITS LIMITATIONS
One of the primary goals of international organizations has been to enact international
instruments to reduce the likelihood of conflict. The effectiveness of these conventions and
treaties are limited by issues involving interpretation of language and states' hesitations
towards their enforcement when they counter their military or economic interests. Cyber-
conventions are convention that aims to outline party-states' permissible and punishable
behaviors within the internet. Much like their traditional counterparts, cyber-conventions
have language, economic, and state's perception limitations as well.
This chapter demonstrates that existing international treaties regarding warfare are
insufficient in regulating cyberattacks. Most fundamentally, there is no global consensus as
to what constitutes a cyberattack or cyberwarfare. By analyzing key treaties, I argue that the
main problem lies in language that, based on the understanding of warfare at the time,
regulates “launched objects;” whereas cyberattacks are largely virtual in nature. Even if
existing treaties could be revised to include cyberattacks, important states such as Russia
have not become parties to such conventions, and technology continues to outstrip the glacial
pace in which new international law is created. Lastly, this chapter outlines how states have
adapted their economic interests in various ways in order to curb the threat of attack.
A TIMELINE OF INTERNATIONAL DECLARATIONS, CHARTERS AND
TREATIES
Various charters and conventions by organizations such as the United Nations, North
Atlantic Treaty Organization (NATO), and the Council of Europe spell out the terms and
conditions under which war may be waged, the rules of such wars, and the reparations should
12
war escape these “boundaries” (See Table 2.1) The most important are: the United Nations
(UN) Charter (1945), the NATO Charter (1949), the Treaty on Principles Governing the
Activities of States in the Exploration and Use of Outerspace, Including the Moon and Other
Celestial Bodies (1967), the Convention on International Liability for Damage Caused by
Space Objects (1972), and the European Convention on Cybercrime (ECC) (2001). All of
them are legally binding on party-states, but provide little regulation for cyberwarfare.
Table 2.1: Treaties Important for Regulating Russia’s Cyberwarfare
Key Strengths on
Cyberwarfare
Key Limitations on
Cyberwarfare
Relevant Party-States
(dates of accession)
UN Charter (1945) Defined of Sovereignty
(Art. 2), allowed for states
to defend sovereignty when
attacked (Art. 51)
Cyberattacks did not exist
at time of creation,
sovereignty relegated to
geographical borders
USA (1945), Russia
(1945), Israel (1949),
Estonia (1991),
Lithuania (1991)1
NATO Charter (1949) Provided collective security
to attacked member-states
(i.e.: the USA after 9/11)
(Art. 5)
Defers to Article 51 of the
UN Charter regarding
retaliations on behalf of
attacked states,
USA (1949)2, Estonia
(2003)3, Lithuania
(2003)4
Treaty on Principles (1967) Outlawed the use of
celestial bodies for military
purposes (Art. 7), made
states accountable for space
objects (Art. 4).
Limited “weapons” use to
nuclear weapons and
“weapons of mass
destruction”
USA (1967), Israel
(1977)5
Convention on International
Liability (1972)
Expanded space objects to
include components, launch
vehicles, etc., (Art. 1(d))
expanded ability to claim
damages beyond persons
(Art. 1(a)).
Continued to relegate
attacks to physical objects
(“launch vehicles” and
“space objects”),
USA (1972), Israel
(1977)6
Sources: 1 “Member States,” United Nations, accessed May 1, 2015, http://www.un.org/en/members/. 2 “The North Atlantic Treaty,” NATO, last modified December 9, 2008, accessed May 1, 2015,
http://www.nato.int/cps/en/natohq/official_texts_17120.htm?selectedLocale=en. 3 North Atlantic Treaty Organization. Protocol to the North Atlantic Treaty on the Republic of Estonia.
Washington, DC: NATO, 2003. 4 North Atlantic Treaty Orgnaization. Protocol to the North Atlantic Treaty on the Republic of Lithuania.
Washington, DC: North Atlantic Treaty Organization, 2003. 5 “Treaty On Principles Governing the Activities of States in the Exploration and Use of Outer Space, Including
the Moon and Other Celestial Bodies,” United Nations Treaty Collection, accessed May 1, 2015,
https://treaties.un.org/Pages/showDetails.aspx?objid=0800000280128cbd. 6 “Convention on the International Liability for Damage Caused by Space Objects,” United Nations Treaty
Collection, accessed May 1, 2015, https://treaties.un.org/Pages/showDetails.aspx?objid=08000002801098c7.
13
European Convention on
Cybercrime (2001)
Acknowledged
susceptibility of computers
to attacks (Art. 2),
addressed data interception,
illegal access (Art. 3),
device misuse (Art. 6) as
means of attack, required
party-states to build
emergency response and
punitive infrastructures as
defense measures (Art. 5
and Art. 14).
Membership largely
consists of EU / NATO
states and the USA, does
not cover data-falsified /
encrypted attacks (i.e.:
TOR-based), not globally
binding, does not allow for
existence of programs that
have both malicious and
beneficial purposes
Estonia (2003),
Lithuania (2004),
United States (non-
Council of Europe
Member, 2006)7
The UN Charter, enacted on June 26, 1945, and entered into force on October 24,
1945, legitimized state sovereignty at the systemic stage through Article 2, Sections 1-4.
These sections state:
The Organization (United Nations) is based on the principle of the sovereign equality of all its
Members (2.1)
All Members, in order to ensure to all of the rights and benefits resulting from membership, shall fulfil
(sic) in good faith the obligations assumed by them in accordance with the present Charter (2.2)
All Members shall settle their international disputes by peaceful means in such a manner that
international peace and security, and justice, are not endangered (2.3)
All Members shall refrain in their international relations from the threat or use of force against the
territorial integrity or political independence of any state, or in any other manner inconsistent with the
Purposes of the United Nations (2.4)
These sections establish that all states within the United Nations are equal in their
sovereignty, and that multi-state disputes are to be settled in a peaceful matter that does not
compromise the security of both involved, and uninvolved, states. Furthermore, Section 4
prohibits the use of force against the various integrities of a state inconsistent with the intents
of the UN (I UN XVI).
These “intents” specified by the UN Charter are outlined in Article 51, which states:
Nothing in the present Charter shall impair the inherent right of individual or collective self-defence if
an armed attack occurs against a Member of the United Nations, until the Security Council has taken
measures necessary to maintain international peace and security. Measures taken by Members in the
exercise of this right of self-defence shall be immediately reported to the Security Council and shall
not in any way affect the authority and responsibility of the Security Council under the present Charter
7 “Convention On Cybercrime CETS No.: 185,” Council of Europe, May 1, 2015, accessed May 1, 2015,
http://www.conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG.
14
to take at any time such action as it deems necessary in order to maintain or restore international peace
and security.
While Article 2 of the UN Charter outlines equal sovereignty amongst all member-states,
Article 51 states that sovereign states have the right to various forms of self-defense in the
event of attack. This provision concedes to the realities of war that existed during the
formation of the United Nations, and concedes that attacked states must be allowed
immediate self-defense until the Security Council decides what to do. For cyberattacked
states, Article 51 would provide a means of retaliation until the Security Council comes to a
measured consensus if a country can prove that the attack infringed on the state’s sovereignty
as outlined in Article 2.
The formation of the North Atlantic Treaty Organization (NATO) in 1949 built upon
the basic sovereignty protections afforded by the UN Charter. Most importantly, Article 5 of
the NATO Charter states:
The Parties agree that an armed attack against one or more of them in Europe or North America shall
be considered an attack against them all and consequently they agree that, if such an armed attack
occurs, each of them, in exercise of the right of individual or collective self-defence recognised by
Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking
forthwith, individually and in concert with the other Parties, such action as it deems necessary,
including the use of armed force, to restore and maintain the security of the North Atlantic area.
By emphasizing a “collective defense” ideology for its Western European and North
American member-states, NATO aimed to provide a more immediate, and stronger,
retaliation against offending states than what could be provided by the United Nations.
These “offending states” comprised primarily of the Soviet Union, and after the formation of
the Warsaw Pact in 1955, much of Eastern Europe (Mastny and Byrne 2005). As a result of
the recently ended war and its devastation, “rules” had to be made to reduce the likelihood of
such devastation in future conflicts between states and organizations.
15
The transition from “terrestrial” treaties to space-based treaties began with the Treaty
on Principles Governing the Activities of States in the Exploration and Use of Outer Space,
Including the Moon and Celestial Bodies, Adopted by the General Assembly on December
19, 1966, and entered into force on October 10, 1967). The Treaty on Principles provided the
first acknowledgment by the UN of not only the ongoing “Space Race” between the USSR
and the USA, but the increasing use of nuclear weapons and missiles and their potential to be
used in space. Article IV of the Treaty of Principles states:
States Parties to the Treaty undertake not to place in orbit around the Earth any objects carrying
nuclear weapons or any other kinds of weapons of mass destruction, install such weapons on celestial
bodies, or station such weapons in outer space in any other matter
By prohibiting the use of outer space, or any celestial body as a war zone, or even a place to
store nuclear weapons and other weapons of mass destruction, the Treaty of Principles aims
to allow the use and exploration of space solely for peaceful purposes (Treaty of Principles
UN GA 1967). The codification of the use of space for potentially war-mongering activities
is furthered in Article VII, which states:
Each State Party to the Treaty that launches or procures the launching of an object into outer space,
including the Moon and other celestial bodies, and each State Party from whose territory or facility an
object is launched, is internationally liable for damage to another State Party to the Treaty or to its
natural or juridical persons by such object or its components parts on the Earth, in air space, or in outer
space, including the Moon and other celestial bodies
Whereas Article IV merely covers conflicts and the storage of high-fatality capable weaponry
in space or on celestial bodies, Article VII outright prohibits “surface-to-space” object
launches. By outlawing “surface-to-space” object launches, the Treaty of Principles sought
to prevent the extrapolation of “surface-to-air” missiles such as the German V-2 Missile that
had proven its destructive worth in not only its range, but its ability to climb 50 miles into the
edge of space (Dungan 2015). While the Treaty of Principles failed to define exactly what an
16
“object” was; the 1972 Convention on International Liability for Damage Caused by Space
Objects fixed this.
Article I of the Convention on International Liability for Damage Caused by Space
Objects – Adopted by the General Assembly on November 29, 1971, and entered into force
on March 29, 1972 (Convention on International Liability / Damage), defined a “space object”
as:
(d) The term “space object” includes component parts of a space object as well as its launch vehicle
and parts thereof.
In defining a “space object” as any component part of the object in space, such as a space
station or man-made satellite, and its launch vehicle and its parts, the Convention on
International Liability / Damage expanded liability to include all involved mechanisms and
components involved in the object’s launch. Furthermore, Article I states:
(c) The term “launching state” means:
(i) A State which launches or procures the launching of a space object;
(ii) A State from whose territory or facility a space object is launched;
Additionally, launches did not need to be successful. Article I also states:
(b) The term “launching” includes attempted launching;
Article I also expanded on what “damage” actually meant. Whereas the 1967 Treaty of
Principles merely defined damage with regards to natural persons and juridical persons,
Article I of Convention on International Liability / Damage expanded the definition, stating:
(a) The term “damage” means loss of life, personal injury or other impairment of health; or loss of or
damage to property of States or of persons, natural or juridical, or property of international
intergovernmental organizations;
By expanding the definition of “damage” caused by “launched objects” and “space objects,”
the Convention expanded protections to include governments, organizations, and properties
belonging to these organizations and governments. By doing this, an aggrieved state would
be able to not only claim damages to parks, government buildings, etc., but the aggressor
17
state would be liable for those damages as well due to weapons and space objects typically
bearing marks of the launching state.
The Council of Europe suggested that cyberwarfare has its own set of issues that need
to be outlined and regulated, with the European Convention on Cybercrime (ECC) entering
into force in 2001. The ECC set forth definitions regarding cyberattacks regarding prohibited
behaviors. Chapter 2, Section I of the ECC spells these regulations out as follows:
Article 2 – Illegal access: Each Party shall adopt such legislative and other measures as may be
necessary to establish as criminal offences under its domestic law, when committed intentionally, the
access to the whole or any part of a computer system without right. A Party may require that the
offence be committed by infringing security measures, with the intent of obtaining computer data or
other dishonest intent, or in relation to a computer system that is connected to another computer system.
Article 3 – Illegal interception : Each Party shall adopt such legislative and other measures as may be
necessary to establish as criminal offences under its domestic law, when committed intentionally, the
interception without right, made by technical means, of non-public transmissions of computer data to,
from or within a computer system, including electromagnetic emissions from a computer system
carrying such computer data. A Party may require that the offence be committed with dishonest intent,
or in relation to a computer system that is connected to another computer system.
Article 6 – Misuse of devices:
1) Each Party shall adopt such legislative and other measures as may be necessary to establish as
criminal offences under its domestic law, when committed intentionally and without right:
a) the production, sale, procurement for use, import, distribution or otherwise making
available of:
i. a device, including a computer program, designed or adapted primarily for the
purpose of committing any of the offences established in accordance with the above
Articles 2 through 5;
ii. a computer password, access code, or similar data by which the whole or any part
of a computer system is capable of being accessed,
b) the possession of an item referred to in paragraphs a.i or ii above, with intent that it be used
for the purpose of committing any of the offences established in Articles 2 through 5. A Party
may require by law that a number of such items be possessed before criminal liability attaches.
By defining accessing a computer not only through traditional means, but more
technologically contemporary means such as remote access or using magnetics to wipe data
from a hard drive, the ECC sought to allow individual party-states the right to punish under
each state’s respective domestic law criminal acts of sabotage against technology.
At the same time, the ECC was not just a “welfare document.” The ECC required
party-states to set up formal infrastructures to establish not only what was defined as a
18
criminal offense, but the punishments for such offenses. As Article 5 of Chapter 2, Section I
states:
Article 5 – System interference: Each Party shall adopt such legislative and other measures as may be
necessary to establish as criminal offences under its domestic law, when committed intentionally, the
serious hindering without right of the functioning of a computer system by inputting, transmitting,
damaging, deleting, deteriorating, altering or suppressing computer data.
And furthered in Chapter 2, Section 2: Article 14 – Scope of procedural provisions
1) Each Party shall adopt such legislative and other measures as may be necessary to establish
the powers and procedures provided for in this section for the purpose of specific criminal
investigations or proceedings.
2) Except as specifically provided otherwise in Article 21, each Party shall apply the powers
and procedures referred to in paragraph 1 of this article to:
a) the criminal offences established in accordance with Articles 2 through 11 of this
Convention;
b) other criminal offences committed by means of a computer system; and
c) the collection of evidence in electronic form of a criminal offence.
The ECC’s outlining of the necessary state mechanisms for making cyber-law was intended
to legitimize the treaty and provide the party-states criminal jurisdiction over various attacks.
Furthermore, the ECC required party-states to expand “cybercrimes” to include non-attacks
that were merely originated by a computer, and required party-states to collect electronic
evidence in criminal investigations (Chapter 2, Section 2, Article 14). In doing so, the ECC
sought to bring international law not only into the twenty-first century, but aimed to show the
importance of international law beyond the terrestrial and extra-terrestrial domains. However,
limitations still exist with regards to these instruments and their effectiveness against
cybercrime.
LIMITATIONS OF CURRENT INTERNATIONAL TREATIES AND
CONVENTIONS
Although international diplomats aimed to outline permissible behaviors within the
terrestrial, extra-terrestrial, and digital domains, how treaties’ definitions and provisions are
19
interpreted by states is key to understanding what is and what is not applicable as a behavior,
action, or object. Article 51 of the UN Charter, for instance, requires that a state verify the
aggressor state. Although the International Conference on Cyber Conflict (ICCC) ruled that
Article 51 can be invoked in the event of a cyberattack (Valeriano and Maness 2012), its
power is limited when an attacking state uses a non-government organization (NGO) to
execute its dirty work. When organizations such as NATO cannot link the attacker’s work to
the attackers, and in turn, the government, states can deny the attack and avoid punishment
under Article 51 (Farwell and Rohozinski 2011).
Article 5 of the NATO Charter, which calls for collective security and collective
retaliation when a party-state is aggrieved, is limited by its deferral to Article 51 of the UN
Charter. This adherence to Article 51 means that a definitive offending state must be
ascertained before collective security can be invoked (Farwell and Rohozinski 2011).
Furthermore, it is often difficult for aggrieved states and their member organizations to
retaliate due to the use of “bulletproof services.” Bulletproof services are off-shore servers in
small, largely non-aligned states. These services hinder the aggrieved state’s ability to
retaliate either as an individual or as part of an organization because although the attack may
have the ruminations of one country, the trace-back goes to a completely different country,
such as Mauritius (Bradbury 2014). Thus, the “accused” state can deny a connection on
“origin of attack” grounds and avoid punitive action.
The two space documents are largely limited by the words themselves. Article I(d) of
the Convention of Liability (UN GA 1972) defines a “space object in a physical sense
through terms such as “components,” “parts,” and “vehicle.” By using words that imply a
physical mechanism with parts and appendages (i.e.: bomb or missile with wings, payload,
20
etc.,), and a vehicle (i.e.: tank, space ship, airplane, etc.,), more modern attack methods such
as a USB drive, computer, or smartphone, none of which are “vehicles” in the traditional
sense; and viruses, of which don’t have physical parts and appendages, may not be covered
under such a statute (i.e.: Stuxnet, per Shamah 2013).
The 1972 Convention of Liability / Damage, for example, does not cover attacks on
space objects as a result of digital-based attacks such as DDoS attacks including “close
access” methods, in which the virus enters the space station’s system through installation of
software from “friendly parties” to local computers. Social access can be a justification in
which a “trusted insider” goes rogue on the organization, and socially engineers an attack or
exposure (Clark et al 2014). A cyberattack need not be done remotely, or with overtly
malicious intent. They can be done internally, and still cause great damage to infrastructure
and personnel.
The issue of “launch state,” defined in Article I(c), is also limited from a
technological perspective with regards to an attack’s “point of origin.” The origin-state of an
attack can often be confirmed by markings on the missile, bomb, or other weapon. For a
cyberattack, there may be no weapon, but rather a USB stick or other digital mechanism that
can be transferred between parties (Clark et al 2014). Is the liable state the state that
launches the rocket and astronauts possessing the infected USB drive, or the state that
manufactured the virus used in the attack in the first place? To date, no space convention has
answered this question.
Chapter 2, Article 2 of the ECC, which covers illegal access to computer systems,
fails to explain beyond “when committed intentionally,” what constitutes a cyberattack (ECC
Ch. II, Sec. 1, Art., 2). There is no requirement for “physically being at the computer,”
21
hacking remotely, or location encrypted attack. Although Article 3 of the same chapter
attempts to clarify this by stating “through technical means <…> such as electromagnetic
transmission” (ECC Ch. II, Sec. 1, Art., 3), there is no provision for “remote attacks” or
encrypted attacks from remote locations.
The ECC is limited with regards to cyberattacks due to the rate of evolution in attack
mechanisms. At the time of the ECC’s implementation in 2001, e-mail or physical
manipulation of the computer were the primary mechanisms for an attack (ECC Ch.2, Art.
VI), and TOR would not exist for another year (US NRL CHACS 2014). Consequently, the
ability to cloak one’s location in an attack has made it difficult to enforce treaties because the
aggrieved state cannot verify the attack’s point of origin. Additionally, the ECC is viewed in
the same way as an agreement among students wearing glasses whereby they agree not to
punch other students wearing glasses (Bradbury 2014). What happens when a student who is
not wearing glasses, and thus not party to the treaty, punches a student wearing glasses?
Only the Council’s members and the non-Council party-states such as the United States
(CETS No. 185 2014) willfully comply with these rules; other “students” would not be
subjected to the ECC.
However, the ECC's biggest problem is its definition of a “program for legitimate use”
versus a “program used for cyberattacks or other malicious activities.” For example, The
Onion Router (TOR) can be used by individuals in internet-repressed states to encrypt
location-revealing data in order to and access and broadcast data and information that would
otherwise be censored (TOR Normal Users 2014). TOR can also be used by states and
NGOs, as a means of falsifying attack originations (Bradbury 2014). Consequently, states
such as the United States can use programs such as “Operation Onymous” in order to
22
dismantle TOR on the basis of its more pernicious application such as drug and weapons
sales (FBI 2014).
The inability for international law to reflect a consensus of the international
community primarily affects the ECC, the sole existing cyber-treaty. First, the list of party-
states for the ECC includes most Council of Europe member states but also the United States
(CETS No. 185 2014). It does not include Russia. The fact that Russia did not accede to the
treaty, and most of the signatories are also members of the EU or NATO, polarizes the treaty
along Cold War lines. This contention can be traced back to issues such as the Space Race
and Cold War of the 1950s and 1960s where the United States and the Soviet Union
competed in aspects including missile defense strength, nuclear production, and who could
get to the moon first – a prize for both countries until the 1967 Treaty of Principles outlawed
the viability of using the Moon as a military space base (Wasser 2005). By this logic, Russia
ascending to the treaty would remove the West-East competition that has driven Russia’s
interests since the end of World War II.
Finally, Bradbury (2014) contends that signatories includes non-Council of Europe
member states such as the Dominican Republic, Mauritius, and Senegal that sometimes serve
as proxies for cyberattacks. Bradbury (2014) argues that these states receive economic
benefits from larger states such as Russia by being the proxy-states for attacks. These states
then re-invest the proceeds into their local economies. When smaller states are used as
proxies to carry out the larger state's cyber-interest, they become the points of origin for
attacks (AfriNIC 2011). These small states cannot claim “plausible denial” because they are
the origins of attack, rather than the larger state that is attempting to further its agenda. Thus,
small states risk unintended repercussions by the international community for economic gain.
23
HOW STATES HAVE SURVIVED WITHOUT A SYSTEMIC TREATY
While international instruments provide little regulation of cyberattacks, economic
interdependence has provided some protection. As states have become increasingly
dependent on cyberspace for daily governmental operations such as voting and providing
social service, smaller states must devise ways of increasing their value to other states while
building up their digital defenses (Areng 2014). To do this, states have engaged in traditional
and contemporary behaviors that best serve their economic and technological interests while
upholding the requirements, as required, of regional treaties such as the ECC.
Otherwise-susceptible states have reduced their odds of being attacked by specializing
in various technologies that are useful to larger states. Smaller states leverage the European
Union’s organizational logistics in influencing policy and legislation (Areng 2014) in order
to become tech-confident in various fields in order to reduce threats from external and
internal forces (Talliharm 2013). By building cyber-infrastructures and integrating them into
civil society, states develop specializations in fields such as cybersecurity and
nanotechnology that they can use to interact with larger states in a mutually beneficial
fashion (Areng 2014). By engaging in bilateral trade agreements with these larger states,
larger states are able to buy technologies needed to build their own infrastructures, and
smaller states are less likely to be attacked because should one of their clients decide to
launch an attack, the small state knows that other states will value its services. As a result,
small, tech-savvy, states can leverage their weight in the digital domain in much the same
way Kenneth Waltz states traditionally (i.e.: economically, militarily, etc.,) large states can
24
throw their weight around with less consideration for the consequences compared to
traditionally small states.
Economic relations only reduce attacks when the states are amicable. For states
without such relations, the ECC also has useful provisions. Chapter II, Section I, Article V
of the ECC, compels party-states to build their own disaster mitigation structures. Signaling
implementation of the treaty but also in reaction to previous attacks, Lithuania (CERT.LT
2014), Estonia (RFC 2350 cert.ee 2014), and the United States (US-CERT 2015) have built
Computer Emergency Readiness Teams and Computer Emergency Response Teams
(CERTs). Some CERTs, such as the United States’ CERT, have used their sites as a means
of posting bulletins in order to allow technicians to fix vulnerabilities that may leave their
organizations or corporations open to attacks (US-CERT 2015).
In sum, this chapter shows that, on the one hand, while no international treaty or
convention can effectively curb cyberattacks, states have found means of reducing the
likelihood they will be attacked. On the other hand, no economic relationship nor emergency
readiness / reaction team can prevent all attacks, particularly when the larger attacker uses
smaller proxy-states to do its dirty deeds.
25
CHAPTER 3
WHY RUSSIA CHOOSES CYBERWARFARE
The limited international instruments for regulating cyberattacks at the global level
provides loopholes for a larger state such as Russia to engage in cyberwarfare. For reasons
that include national pride, economic gain, and as an alternative to traditional warfare, Russia
has launched these attacks against its Baltic neighbors by establishing informal relationships
with extra-systemic organization. Similar to traditional warfare, cyberwarfare has its own
rationales and consequences for Russia and the states it attacks.
This chapter examines Russia's use of cyberwarfare in lieu of more traditional attacks.
I explain how cyberwarfare is used to promote Russia's long-standing expansionist foreign
policy, war-mongering, and economic policies through means that are not in direct violation
of the NATO Charter. I show the importance of Russia's use of cyberwar as a new
alternative to more traditional means when traditional means are not in Russia’s interests.
RUSSIA’S HISTORIC EXPANSIONISM
Russia has been expansionist for centuries, with a military “always ready for war.”
This foreign policy can be traced back to the initial interactions between Peter the Great and
the military leaders and officials of western states that he despised (Lewitter 1961). Peter the
Great states:
The Russian nation must be constantly kept on a war footing- To keep the soldiers warlike and in good
condition, no rest must be allowed except for the purpose of relieving the state finances, recruiting the
army, or biding the favourable moment for attack. By this means peace is made subsequent to war, and
war, to peace, in the interests of the aggrandizement and increasing prosperity of Russia.
Every possible means must be used to invite from the most cultivated European states commanders in
war and philosophers in peace, to enable the Russian nation to participate in the advantages of other
countries, without losing any of its own. (Lewitter 1961)
26
By keeping the military in an always-war-ready condition, Peter the Great was able to always
be ready to make war in the interest of having a “peaceable outcome” that favored the
geographical, political, and economic expansions of Russia. At the same time, Peter the
Great would only stop a “war footing,” or a war-ready mentality, when economics required
such action, an expansion of military ranks was necessary, or when planning took precedent
over expanding. By keeping his western counterparts at arms’ length, Peter was able to not
only learn their techniques, but maintain a sort of bipolarity between Russia and the “West”
of the 17th and 18th centuries.
Raymond McNally (1964) states that this disdain arises from Peter the Great’s
attempts at civilizing Russia through blind imitation of West European methods that were
perceived as reducing Russia’s national confidence and masculine pride. This “confidence
reducing” practice allowed the Russian Empire to defeat the Ottoman Empire in the 1680s
and begin Russia’s expansion to the Black Sea (North 2014, 73), as well as the
transformation of the northern port Arkhangel’sk’ into one of Russia’s naval, trade and
manufacturing epicenters during the late 17th and early 18th centuries (WorldPortSource
2015).
During World War II, Joseph Stalin sought to expand again through the Molotov-
Ribbentrop Pact, a non-aggression pact between the Soviet Union and the “western state”
Germany that allocated the Baltic States (Estonia, Latvia, and Lithuania) to the Soviet Union
and allocated Poland to Germany (European Network – Molotov-Ribbentrop Pact). These
borders were short-lived, as Germany invaded Russia on June 22, 1941 (Brandenberger and
Dubrovsky 1998).
27
The Soviet Union expanded again after the close of World War II, adding an “outer
empire” of Eastern European states that would comprise the Warsaw Pact. Although each
party-state was independent, hardline Soviet political and military policy was the guiding
force behind maintaining the expansion of Soviet ideas throughout Eastern Europe. When
party-states such as Hungary had uprisings (1956), or instituted reforms such as
Czechoslovakia (1968) that threatened the “Soviet ideal,” the Soviet Union would invade the
offending state. In other cases, the Soviet leaders would remove leadership in favor of more
conservative leadership. Both methods were justified as needed to maintain order within the
pact. (Dept. of State – Soviet Invasion of Czechoslovakia 2015). In doing so, the Soviet
Union was able to legitimize its power as well as maintain a “buffer zone” that prevented
NATO from advancing into Eastern Europe.
Maintaining a dual empire through military means is no easy task. Mikhail
Gorbachev’s ascension to General Secretary of the USSR in was seen as bringing about a
newfound energy to the Soviet Union after a series of incompetent or nearly-dead secretaries
in Leonid Brezhnev – in particular his later years (1982), Yuri Andropov (1984), and
Konstantin Chernenko (1985) (Kotkin 2008). Instead, Gorbachev’s reforms led to the
collapse of the outer empire by 1990, (Fredo-King 1999), the inner empire in 1991 (Cold
War Museum 2015), and the end of the Soviet Union’s superpower status.
While the West might see the collapse of the Soviet Union in 1991 as an
“Armageddon Averted” (Kotkin 2008), the Russian government was more inclined to see a
colossal loss. Gorbachev’s reforms, meant to assuage states such as Lithuania, instead
allowed nationalism to flower (Beissinger 2009a). While sending personnel into Lithuania
and Estonia as last-ditch attempts to suppress secession (Kotkin 2008), Gorbachev was
28
unwilling to use mass violence. Lithuania, Estonia, and Latvia seceded in 1990 (Kotkin
2008), and the Soviet Union acknowledged the Baltics as three independent states on
September 6, 1991 (Babich 2011); a painful loss for many Russians.
After more than a decade of reconstituting itself, Russia again moved to expand,
sending armed forces to invade Georgia in a five-day war in 2008 (Sakwa 2013). The plan
was for Russia to increase its control in South Ossetia and Abkhazia, Georgian territories
with a strong Russian cultural presence (Tsygankov 2013). President Medvedev declared:
Considering the freely expressed will of the Ossetian and Abkhaz peoples and being guided by the
provisions of the UN Charter, the 1970 Declaration on the Principles of International Law Governing
Friendly Relations Between States, the CSCE Helsinki Final Act of 1975 and other fundamental
international instruments, I signed Decrees on the recognition by the Russian Federation of South
Ossetia's and Abkhazia's independence. (Medvedev / Kremlin 2008)
Since Georgia is not a member of NATO (NATO Member States 2015), it is therefore not
eligible for collective security under Article 5 of the NATO Charter. Georgia is also not a
member of the Organization for Security and Cooperation in Europe (OSCE), whereas
Russia is a member of the OSCE (OSCE Participating States 2015).8 The Russian
government's refusal to allow 20 OSCE monitors to maintain operations on the basis of
South Ossetia's and Abkhazia's “independence” – Russia demanded separate monitoring
missions for each “state” (Robinson Reuters 6/30/2009) – has ultimately left both territories
in flux. President Medvedev justified his motion to increase Russian controls in South
Ossetia and Abkhazia by claiming that neither NATO nor the OSCE could prevent military
action in Georgia (Tsygankov 2013).
Russia’s most recent land grab was Crimea, a peninsula off of the southern tip of
Ukraine, also a non-NATO state, that juts into the Black Sea (Walker, Salem, and MacAskill
8 The OSCE observed Georgia from 1992 until a lack of organizational consensus terminated observations in
2008 (OSCE Mission to Georgia 2015).
29
Guardian 2/28/2014) with a population that is 59 percent Russian (Kalotay 2014). On
February 27, 2014, a militia believed to have Russian backing, seized Crimea's parliament.
The next day, military units seized Crimea's two airports in Sevastopol and Simferopol
(Walker, Salem, and MacAskill Guardian 2/28/2014). The Kremlin initially denied the
attack, claiming that Russian agents’ involvements in the Crimean was “speculation based on
unreliable information” (RFERL 2014). On March 18, 2014, President Vladimir Putin
remarked about the situation in Ukraine:
Millions of Russians and Russian-speaking people live in Ukraine and will continue to do so. Russia
will always defend their interests using political, diplomatic and legal means. But it should be above all
in Ukraine’s own interest to ensure that these people’s rights and interests are fully protected. This is
the guarantee of Ukraine’s state stability and territorial integrity. (Washington Post 3/18/2014)
President Putin did not explicitly endorse the actions of the militias, choosing calculated
verbiage in order to reduce Russia's potential liability and allow for plausible denial if
accused of any actions. President Putin continued:
General international law contains no prohibition on declarations of independence...the Supreme
Council of Crimea referred to the United Nations Charter, which speaks of the right of nations to self-
determination...(and that the USA's position on Kosovo was) declarations of independence may, and
often do, violate domestic legislation. However, this does not make them violations of international
law. (Washington Post 3/18/2014)
Putin claimed that for some indeterminately small amount of time, Crimea's self-determinist
movement provided them Russian-backed independence, and that Crimea willfully joined
Russia's borders. Putin stated that he had no desire to further annex Ukrainian territory
beyond Crimea and Sevastopol (Englund Washington Post 3/18/2014). However, Novaya
Gazeta, a Russian newspaper known for its positions and actions, leaked that the annexation
of Crimea may have been a planned move between Ukrainian President Viktor Yanukovych
and Vladimir Putin to “break Ukraine apart” (Nemtsova 2015), leaving the potential open for
further Russian expansion – at least in Ukraine.
30
Whether power is held by a monarch, a general secretary of the communist party, or a
president, Russia has had expansionist aspirations. Russia's use of both the military and,
more recently, presumably paramilitary organizations has allowed Russia to exert its
influence on empires, states, and self-determinist movements in order to expand its territory
as well as maintain its borders. The maintaining of borders and occasional annexation of
other states’ territories is ultimately a move to build up national pride and display Russian
strength, key elements in Russia’s current regime.
THE POLITICS OF HYBRID REGIMES
In the mid-2000s, political scientists moved away from seeing Russia as a transitional
democracy, using a variety of terms such as hybrid regime and competitive authoritarian that
indidcated a combination of democratic and authoritarian political elements that created a
new type of regime (Diamond 2002). A hybrid regime can combine economically liberal and
politically democratic ideals with an aggressive foreign and domestic policy meant to build
up national pride. This call for public support through culturally digestible means – for
Russia, emphasizing masculinity – must be balanced with avoiding the alienation that can
result from starting wars.
Russia’s hybrid regime allows for Russia to build legitimacy through
pseudodemocratic methods such as quasi-free multiparty presidential elections that classify it
as a competitive authoritarian state (Diamond 2002). For example, the 2008 Russian
presidential election, in which President Dmitry Medvedev of the United Russia Party ran for
the presidency and received 70.28% of the popular vote (Izbirkom 2008), with Putin
becoming Prime Minister. At face value, this supermajority displays to the world a unified
31
and democratic nation-state; in reality, organizations such as the OSCE raised concerns that
the election had been rigged by United Russia in order to maintain Putin’s influence in
Russia (Kelley 2009). 9 Other scholars state that pseudodemocratic elections are analogous
to “Plato’s cave or nothing…an unrepresentative snapshot of the political world” (Radnitz
2011, 366) and skew the political image favorably to the ruling party.
As elections became less free (and the once vibrant Russian economy moved towards
crisis in 2008), Russia began to build a foreign policy that would help build Putin’s
popularity and legitimacy by reclaiming influence on ethnic republics within Russia as well
as former Soviet states. Russia’s hybrid regime also results in a superpresidential system
where there may be a president and a prime minister, but unlike most semi-presidential
systems where the president sets the broad policy agenda and the prime minister manages the
day-to-day duties, in Russia’s superpresidential system the president (or Putin, depending on
who’s actually president) holds substantially greater power than the prime minister (Hale
2010). Hale (2010) states that this is a byproduct of both Yeltsin’s attack on the Parliament
building in 1993, as well as Putin’s consolidation of a competing-pyramid system where
regions and corporations compete for support into a single-pyramid where the president
consolidates these pyramids into a single state-wide machine. This machine then allows for
Putin to have opposition in elections that provide the façade of democracy to the outside
world while removing doubts as to who holds the power in Russia.
Furthermore, Russia’s primarily ethnically Russian population is interspersed
throughout Russia’s twenty-one republics. With only five of Russia’s republics maintaining
an ethnic majority, the likelihood of regional secession is reduced due to ethnofederalism.
9 Russia’s electoral oversight stipulations were so harsh that the OSCE did not monitor the election.
32
Ethnofederalism emphasizes ethnic favoritism through a patronalist system that employs
economic favors and bilateral treaties in order to maintain docility within otherwise
dissenting oblasts / regions (Hale 2005). This technique is a modern-day version of the
Soviet Russification used by the Soviet Union to permeate Russian culture and influence
throughout the Soviet Republics (Venclova 1991). Thus, Russia uses informal and formal
political techniques in order to prevent a “second Baltic secession” among minority regions
(Hale 2005), and to provide a buffer zone against the advances of “western” organizations
such as NATO, thereby maintaining its regional hegemony.
The Kremlin also attempted to build legitimacy in gendered ways that also contribute
to its likelihood of an aggressive foreign policy. Anna Lowry (2008) suggests that the
construction of “hegemonic masculinity” in Russia is linked to a bellicose world view where
military interests drive Russia’s economic and cultural policy and help to explain the
belligerent nature of Russia and its male citizens compared to smaller states such as Estonia
and Russia’s female citizens. When masculinity-based nationalism is thwarted, Russian
leaders can be seen as emasculated as when Gorbachev lost 14 republics of the Soviet Union.
Boris Yeltsin, the first President of post-Soviet Russia, who bravely stood on the tanks
against the conservative coup that inadvertently led to the collapse of the Soviet Union,
became a weak and unmanly figure by the late 1990s because of his drinking and medical
problems that compounded Russia’s financial collapse (Kotkin 2008). The result? A Russia
that was perceived as bumbling, inept, and weak by much of the global system.
Putin’s consolidation of power in the 2000s explicitly became a “masculinity scheme”
in which he was cast as a tough guy who could get things done, for example, with the “naked
torso” photo meant to construct a hero with “vision, wisdom, moral, and physical strength
33
(Johnson 2014, 585). This masculinity scheme reified the notion in Russia that leaders are
supposed to exude the “masculine” properties of confidence, power, strength, and morals,
leadership that either stands idle as its allies collapse, or worse, represents the state in a weak,
judgment-lacking, and inept fashion. A state that is perceived to be weak leaves itself at
greater risk to be attacked. Putin is further constructed to Russians as a manly leader through
various accolades in martial arts such as Sambo and Judo, and other masculine-oriented
athletics such as ice hockey, whitewater rafting, and fishing (Kremlin Putin 2015).
The Kremlin uses cyberattacks in order to hinder or eliminate the operations of
individuals and organizations that partake in activities that dissent from United Russia,
Putin’s favored party. After the 2011 Russian parliamentary election, sites such as
http://www.agentura.ru and Golos that worked to increase political transparency within
Russia, were bombarded with DDoS attacks that forced server resets and turned other
computers into bots that furthered the attacks. Furthermore, in order to ensure that Russian
social networking is done on approved sites, social networking sites such as VKontakte are
required to register with Russian law enforcement and are subject to investigations by
government organizations to reduce the odds that anti-Putin interests ensue (Soldatov 2011).
Thus, the Kremlin an integral part in protecting Putin’ within the digital domain.
Portraying Vladimir Putin as “the masculine ideal” is merely one component of the
political and economic behaviors of Russia’s hybrid regime. By outwardly portraying a
nationally unified Russia through pseudodemocratic elections where one party receives a
supermajority, favoring certain persons within the state with special privileges, and
emphasizing masculine gender roles, Russia’s hybrid regime may not be as inferior to
traditional democracies as many states may perceive (Gat 2007a). The variable that may
34
determine whether hybrid regimes can survive as a “second-world” (Gat 2007b), is one of
Russia’s primary tools for displaying its masculinity: war. The only difference being the
battleground no longer needs a physical location.
CYBERWARFARE: AN ALTERNATIVE AGAINST NATO PARTY-STATES
Traditional warfare has been a means of conflict between states and nations for as
long as nations, states, and empires have existed. Modern warfare involved weapons-based
conflict in which casualties were measured in bodies, infrastructure costs, and spent
munitions. The advent of collective security organizations such as NATO, whose charter
dictates that an attack on one member-state is met with collective retaliation against the
offending state, created incentives for states wishing to attack “collectivized” states to find
non-traditional methods to further their political agendas. For Russia, whether one of its
former Soviet Republics holds NATO membership influences how Russia deals with
conflicts with its former Soviet Republics.
In 2003, Estonia (NATO Protocol Estonia 2003) and Lithuania (NATO Protocol
Lithuania 2003) joined NATO. Russian leadership perceived the accession of these two
states as a means of moving NATO forces directly to its borders, and considered responding
by moving forces to borders where the neighboring states were NATO. Russian leaders
promoted a “brinksmanship” policy towards NATO for two reasons. First, Russia was not
happy that NATO had continued to expand after the collapse of the Warsaw Pact, and shortly
after, the Soviet Union (Gidadhubli 2004). Second, Russian President Vladimir Putin stated
“As soon as we rise, some other nations (NATO members) immediately feel the urge to push
Russia aside, to put it ‘where it belongs,’ to slow it down” (Francis 2014).
35
NATO membership provides collective security under Article 5 to Estonia and
Lithuania, relegating any actions by Russia to saber-rattling, aggressive actions that are often
made for public consumption to cover inadequacies – perceived or actual (Cashman and
Robinson 2007). Anders Fogh Rasmussen, former NATO Secretary General from 2009-
2014, fears that the saber-rattling against the Baltics may become a way for Russia to test
Article 5, and turn a “cold-war” into a “hot war of potentially tremendous proportions.”
NATO would be forced to either uphold Article 5 and engage Russia in conflict, or walk
away and render itself irrelevant due to unwillingness to provide equal collective security for
all party-states regardless of size (Mitchell 2015).
Russia’s leaders seemed to have come to understand that NATO membership does
not provide collective security against cyberattacks in the same way that it provides
collective security against traditional attacks. Cyberattacks allow Russia to attack NATO
states for two reasons. First, Russia’s use of offshore servers and bulletproof services
(Bradbury 2014) to launch these attacks means that if Russian propaganda is found on a
NATO member’s website, Russia simply has to show that Russia was not the origin of attack,
and Russia can then claim plausible denial. Second, because the aggrieved state cannot
prove to NATO that it was definitively attacked by Russia due to these offshore servers,
NATO will not retaliate against Russia (Farwell and Rohozinski 2011).
On the other hand, Russia launched traditional attacks against Ukraine in 2014 –
annexing Crimea in the process (MacFarquhar NYTimes 6/14/2014) – and against Georgia in
2008 (King 2008). Neither Ukraine nor Georgia are party-states to NATO (NATO Member
States 2015). As such, neither state is protected under Article 5 of the NATO Charter. These
states must rely on either their own military force, bilateral treaties with larger states, or UN
36
Peacekeeping forces. Ukraine, which wishes to join NATO, was warned that such accession
would be “unacceptable to Moscow” (Francis 2014). Georgia, which also wishes to join
NATO, sees NATO membership as a means of gaining security and ending its tenure as a
victim of Russian force. Much like with Ukraine, the Kremlin has made clear that it will
“take steps to stop that (Georgia’s joining of NATO).” Thus, NATO has not accepted either
state due to their continued instability with regards to Russian activity (Mitchell 2015).
Russia uses cyberattacks against NATO states that go through bulletproof services
and offshore servers that trace back to states that aren’t Russia (Bradbury 2014) or the
assumed attacker (AfriNIC 2011). This is because while the ICCC ruled that a state’s
cyberspace is part of its sovereign territory (Valeriano and Maness / USNWC – Cyber
Espionage 2013), so long as NATO refuses to act based on “what appears in the attack” and
solely relies on “the origin of attack,” states such as Russia can continue to claim plausible
denial through both informal relations with non-governmental organizations as well as
locational information. As such, NATO may prevent traditional attacks, but for small states
to be truly protected in the digital and traditional domains, NATO must expand Article 5 to
cover “plausible attacks” as well.
HOW CYBER-MERCENARIES ENGAGE IN ECONOMICS-DRIVEN ATTACKS
Russia is likely to have an aggressive foreign policy, not just because of its hybrid
politics, but also because of its political economy. Gat (2007a) argues that Russia is an
authoritarian capitalist regime that engages in trade with states in much the way a traditional
capitalist regime engages in trade, but the state is not democratic. Unlike traditional
capitalist regimes, that allow corporations and businesses to compete with domestic and
37
foreign corporations freely within its market, an authoritarian capitalist regime requires that
the private enterprises within the regime not only engage in commerce for the enterprise’s
interests, but that the authoritarian capitalist regime benefits as well. If the businessperson or
corporation fails to demonstrate its loyalty, the regime can compromise or eliminate the
individuals or businesses that are deemed disloyal to the regime (Shachtman 2011).
Russia’s economic practices rely on various factors such as oligarchs who control
large industries such as oil businesses and computer-based technologies, and their informal
relations with the state and various organizations. Russia is an authoritarian capitalist regime,
which Azar Gat (Foreign Policy 2007) defines as a regime that is capitalist and trades openly
on the market but differs from traditional liberal economic regimes in that the government is
not democratic. Russia is also a hybrid regime, which Diamond (2002) defines as outwardly
democratic; using elections, multi-party structures, etc. that mask the illiberal workings of the
state. As such there are incentives for cyber-mercenaries to engage informally with both the
state and oligarchs as means of showing their loyalty to the state and engaging in “war,” but
without the cost of life associated with traditional war.
The first economic reason Russia has for engaging in cyberwarfare rests in the
Russian oligarchs that maintain informal relations with the state (Dipert 2010). Dipert (2010)
contends that oligarchs maintain an informal relationship with the Putin regime because
cyber-mercenaries – for-hire individuals with specialized attacking skills – work with both
oligarchs and the Putin regime. These cyber-mercenaries not only aim to provide the best
possible economic outcome for the oligarch they have been hired by, but to also improve
Russia’s economic position when dealing with western businesses. For these individuals, the
38
opportunities serve as a means of demonstrating masculine qualities while demonstrating
their loyalty to the Putin regime.
The second economic reason lies with the glut of educated-yet-unemployed
computer-savvy youth within Russia that work with oligarchs to attack western networks as
part of organizations such as Nashi (Eidman and Green 2014). Nashi is a state-sponsored
group that engages in online activities such as DDoS attacks that can be considered
“undeclared cyber warfare” (Giles and Hagestad II 2013). Nashi, which works on an
informal basis with the Russian government, recruits these computer-savvy youth for
surveillance and attack purposes. Because Nashi informally serves the Putin regime and
oligarchs in a quasi-military capacity, Nashi’s largely male membership is provided
validation of its masculinity in a way that does not put lives in danger. Russia benefits by
having an always-war-ready “cyber-militia” when it wishes to launch an attack with a
minimum of probability of detection (Eidman and Green 2014).
Russia, for its predisposition to use informal relations to engage in cyberwarfare, has
a major problem with investing in means to reverse its “brain-drain.” This is because of
“latent unemployment,” or the underutilization – or un-utilization – of academic resources
due to the Putin regime’s removal of support, and in turn, economic growth, in the IT sector
(Winogradow 2013). In fiscal year 2013, out of Russia’s $2.09 trillion USD Gross Domestic
Product (GDP) (World Bank Russian Federation 2013), Russia spent approximately $22
billion, or 1.12%, on Research and Development, which includes IT (World Bank SciTech
2013). As a result, economic desperation drives youths to join organizations that are in
informal relations with both oligarchs and the state.
39
The third economic reason lies in Western business’s exploitable security
vulnerabilities and the Russian criminal justice system’s reticence towards charging hackers
who attack neither Russia nor Russian businesses (Flook 2009). Russian cyber-mercenaries
and their affiliated organizations primarily attack Western businesses with weak security
protocols for two reasons. First, Russian hackers resent the West, their view being that if
Western businesses are too lazy to install the correct security protocols, they deserve to be
hacked. This view is a result of the high standards of science and math education, yet
reduced IT industry-related learning, Russian students receive, combined with the fact that
“Russian IT specialists only receive 15-20 percent as much as their US Counterparts”
(Jellenc and Zenz 2007, 13). The second economic reason for attacking Western businesses
is that while Western multinational corporations such as Microsoft and IBM have built
research and development centers and acquired research companies, “the Russian education
system graduates roughly 100,000 new programmers per year, resulting in a huge domestic
surplus” (Jellenc and Zenz 2007, 13). With supply outstripping demand for IT professionals,
it becomes little surprise that economic desperation breeds this contempt.
Cyber-mercenaries need not be educated-yet-underutilized college-age persons
desiring a means to display their newfound IT skills. Cyber-mercenaries can also be silovik,
or security and military representatives that are aligned with President Putin (Sakwa 2013). I
will therefore use the term cyber-silovik to define a silovik whose domain is primarily the
protection of Russian interests in the digital domain. Eugene Kaspersky, a former KGB
agent and chairman of Kaspersky Labs, a Russian antivirus / cybersecurity company, is a
businessman who must balance the interests of approximately 300 million users while
cooperating with the traditional silovik in the Putin Regime. Kaspersky states:
40
A substantial part of his company is intimately involved with the FSB (the replacement for the
KGB)… My goal is not to earn money. Money is like oxygen: Good idea to have enough, but it’s not
the target…The target is to save the world (Shachtman 2012).
Whereas the youth who join Nashi join out of desperation to gain revenue and
validation of masculinity, cyber-siloviks primarily operate more directly with government
agencies. Much like their ad hoc counterparts, cyber-silovik must maintain loyalty to the
Putin regime if they wish to continue engaging the cybersecurity market. Executives and
oligarchs who dissent from the Kremlin’s interests have tendencies to be arrested and
incarcerated, or to disappear. As a result, critics of Kaspersky and other cyber-silovik view
their work not as “saving the world,” but rather as a way for the Russian government to use
businesses as a means of monitoring the activities of states who wish to do harm to the
Russian government and its interests (Shachtman 2012).
Cyberwarfare remains economically viable due to the rampant corruption between
oligarchs, cyber-mercenaries and their organizations, and the state. This is due to law
enforcement’s hesitation to prosecute unless Russia or one of its business interests is
involved (Flook 2009). Russia’s regime measures loyalty by various actors’ ability to both
engage in militaristic and economic means to optimize Russia’s position in the global domain,
as well as officials’ ability to remain quiet on matters that could put a negative stigma on the
“hegemonic masculine ideal” Russia seeks to portray in both foreign and domestic affairs
(Lowry 2008). With “whistleblowing” against Russia and its interests being deemed
contrary to masculine ideals on the basis that whistleblowers are cowards (Lowry 2008),
cyberwarfare is ultimately a way for educated youth in Russia to display their “hegemonic
masculinity” in a way that not only satisfies the cultural norm of military service and an
41
“always-war-ready” mentality, but also provides the overabundance of IT-capable youth an
opportunity to join the Putin regime’s “economic war against the slovenly west.”
CYBER-RUSSIAN ROULETTE
Russia has various historic, gendered, economic, and military incentives to partake in
cyberwarfare when its economic interests encourage such action, or when collective security
organizations make traditional warfare unfeasible. Russia uses informal interactions with
oligarchs and cyber-mercenary organizations in order to maximize its economic and
technological positions with NATO-aligned states and their MNCs. As such, Russia still
upholds the “always-war-ready” mentality that dates back to Peter the Great, albeit the
traditional military has been replaced to an extent with “ad hoc” organizations that provide
similar, yet different “invasions.”
States have survived Russia’s attempts of exerting its masculinity by entering
collective security agreements with organizations such as NATO. Smaller NATO member-
states are able to use NATO’s clout as protection against a traditional attack against Russia
(Gididhubli 2004), and are protected against the threat of traditional attacks by Russia under
Article 5 of the NATO charter. As a result, NATO is still relevant in the protection of these
states because of expanisionist actions by Russia against non-NATO states and its continued
saber-rattling towards the Baltic region (Mitchell 2015).
However, MNCs and NGOs are limited in their ability to control Russia’s proclivity
to use cyberwarfare as a means of circumventing Article 5. With masculinity being
measured by how loyal a person or organization is to the Russian state (Lowry 2008),
cyberwarfare allows for organizations and cyber-mercenaries to attack other states and their
42
businesses in order to put Russia in a better economic position. So long as these attacks are
done in a way where forensic information cannot be traced to Russia, NATO states must rely
on their own CERTs to fix the “cyber-messes” caused by Russia’s cyber-mercenaries. Even
if an attack were to be blamed on Russia, unless the attacked state can prove Russia to be the
origin, Russia can claim plausible denial and avoid punitive action, as cyberspace is not
considered part of a state’s sovereign territory (Valeriano and Maness / USNWC – Cyber
Espionage 2013).
In sum, this chapter shows that although collective security organizations may keep
Russia at bay with regards to traditional war, states are largely unable to contain Russia from
using cyberattacks. Until NATO is allowed to respond to cyberattacks with their own
cyberattacks, Russia’s aggressive foreign policy towards its former Soviet Republics, as well
as western MNCs, will persist, with educated male cyber-mercenaries willing to do Russia’s
dirty work, while hiding their digital footprints in the process.
43
CHAPTER 4
ESTONIA: A TARGET, AND A NERVE CENTER10
Having established the limits of international law for regulating cyberattacks and the
reasons why Russia was inclined to embrace them, I turn to analyzing the first of two cases
of the thesis. Estonia is a country in the Baltics that has been at various points of history a
Soviet republic as well as an independent state. Estonia’s tenure as a Soviet republic has had
a marked influence on its government policies regarding Russia and Russian history, its
interactions with Western states and organizations, as well as how Estonia has positioned
itself as one of the epicenters for cybersecurity. Estonia has economic, political, and social
reasons for being both a target for cyberwarfare and an epicenter for anti-cyberwar activities.
This chapter explains how Estonia’s actions have made it susceptible to cyberattacks
by Russia and other political actors, as well as how Estonia has made itself an epicenter for
cybersecurity at the systemic level. I explain how Estonia’s anti-Russian and pro-Western
actions have caused it to become targeted by the Putin regime. By stating the significance of
Estonia’s post-Soviet actions, I show the importance of states such as Estonia both in
highlighting the devastation that cyberattacks can cause on small states, as well as the
importance of self-reliance and attracting larger states’ and organizations’ interests in
mitigating cyberwar.
ESTONIA’S FIGHT FOR INDEPENDENCE
The relations between Estonia and Russia are marked by expansion through conquest,
brief periods of Estonian independence, and annexation by treaty. Estonia was part of the
10 Author’s Note: Portions of this chapter originally from Fall 2014 term paper for Global Gender Politics
Class at City University of New York – Brooklyn College
44
Russian Empire during World War I and manufactured ships and munitions for the Russian
Empire. In 1918, while Russia was in the throes of revolution and civil war, Estonia declared
itself independent. The Brest-Litovsk Treaty between Soviet Russia and Germany, entered
into force on March 3, 1918, allowed Russia to leave World War I, albeit at the cost of the
Baltics, Finland, and Poland (Estonian War Museum 2015).
Estonia’s secession from Russia at the end of World War I was a time of cultural
heterogeneity for ethnic Estonians. Estonia passed minorities rights laws that provided
cultural autonomy for minority groups with at least 3,000 persons in Estonia. Estonian law
defined cultural autonomy as:
§ 2, the tasks of the cultural autonomy bodies include
(a) organizing and administrating own-language schools for minority nationalities,
(b) taking care of other cultural tasks and institutions organized for that purpose;
§ 5, the autonomy body is directed by a cultural council and board elected by the minority in question;
§ 6, the financial basis of the autonomy bodies consists of
(a) school costs paid by the state,
(b) school costs paid by the local government (municipalities and cities),
(c) state and local government support for implementing other cultural tasks,
(d) fees collected from members of the minority, which are specified by the cultural council,
but confirmed by the government of the republic as proposed by the ministries of finances and
education,
(e) gifts, collections, sales income and the like;
§ 8, minority nationalities as defined by the law are Germans, Russians, Swedes, and other minorities
with at least 3,000 persons living in Estonia;
§ 9, the minority group includes adult citizens of Estonia who have enrolled themselves on the national
register of the minority in question;
§ 12, belonging under the cultural autonomy of a minority does not free the members of the minority
from their other civic duties (Németh and Léphaft October 11-14 2012, 2)
Although Russians were a majority-minority in Estonia’s Petseri and Prinarova regions,
Russians could not organize due to the economic dichotomy between Russian peasants and
the Russian elite. This resulted in apathy towards cultural autonomy that did not subside
until 1937. By this time, Konstantin Päts had assumed political power as an authoritarian
right-wing ruler and Nazism had become influential within the Baltic German population.
Although Päts’ regime never abolished minority autonomy due to Estonia wanting to
45
maintain its international prestige, the regime had to balance its strategic connections with
Germany “for the sake of the Baltic-German minority issue” (Németh and Léphaft October
11-14 2012, 3).
The Soviet Union saw this as an opportunity to regain lost territory while reducing its
potential liabilities in World War II through the Molotov-Ribbentrop Pact’s Secret
Additional Protocol. Signed on August 23, 1939, The Secret Additional Protocol regarded
Estonia as follows:
Article I. In the event of a territorial and political rearrangement in the areas belonging to the Baltic
States (Finland, Estonia, Latvia, Lithuania), the northern boundary of Lithuania shall represent the
boundary of the spheres of influence of Germany and U.S.S.R. In this connection the interest of
Lithuania in the Vilna area is recognized by each party. (European Network – Molotov-Ribbentrop
Pact.pdf)
Estonia’s was then integrated into the Soviet Union as follows:
June 28, 1940: Prime Minister Johnnes Vares denounces Estonia-Latvia Defense Alliance
June 29, 1940: The Estonian government denounces the 1934 Estonian-Latvian-Lithuanian Treaty
of Friendship and Cooperation (also known as the Baltic League or Baltic Entente)
Early July 1940: Moscow desires to implement new parliaments in the Baltic Countries
July 14-15, 1940: Estonia holds “Parliamentary” elections
July 22, 1940: The Estonian “Parliament” requests membership into the Soviet Union (Ilmjärv
2005)
August 9, 1940: Estonia formally annexed into the Soviet Union (Beaton 2013)
Ultimately, Päts was reduced to one of the Soviet Union’s puppets; his role was to sign
Moscow’s policies as though he was approving them (Ilmjärv 2005).
Great Britain’s hesitation to pressure the Soviet Union into reversing the annexation
of the Baltics into the Soviet Union furthered Estonia’s integration into the Soviet Union.
Great Britain did not wish to stress relations with the United States by recognizing the Baltics’
annexation to the Soviet Union, but at the same time wished to improve relations with the
Soviet Union even in light of what had happened after the annexation of the Sudetenland to
Germany in the name of appeasement. On October 22, 1940, Great Britain recognized
Soviet Sovereignty over the Baltics, in exchange that Great Britain would not join Anti-
46
Soviet alliances (Ilmjärv 2005). Estonia was now recognized by a Western power as part of
the Soviet Union.
The Soviet Union implemented various programs to assimilate Estonia into the USSR.
“Communal apartment” programs were formed in order to mix Russians and Estonians
together in order to remove Estonian influence and presence from the Soviet Union. I.
Vareikis defines the Soviet Union as a “large communal apartment in which ‘national state
units, various republics, and autonomous provinces’ represented ‘separate rooms.’” (I.
Vareikis 1924 from Skezine 1994, 415). Additionally, the Soviet Union imposed upon
Estonia scarce resources for private initiative and public housing. This dominant ownership
of Estonia’s property made it difficult for people to move to the larger towns that the Soviet
Union promoted in the name of “industrialization” and “jobs” (Tammaru 2000).
Estonians responded to the Soviet Union’s occupation, programs, and population
redistribution programs by forming organizations that engaged in civil resistance against the
Soviet regimes that came into power. The first two independent organizations to engage in
this behavior were the Estonian National Front and the Estonian Democratic Movement, both
of which were founded in 1972. Although independent, their common anti-Russification
mission led them to appeal to the United Nations in October 1972. (Brzechczyn 2008).
Moscow reacted in wildly differing ways to protests and demonstrations by
organization such as the Estonian National Front and Estonian Democratic Movement, as
well as protests and demonstrations by student movements. Soviet forces forcibly squelched
protests durin the 1980 Summer Olympics’ yachting events were held in Tallinn (Misiunas
and Taagepera 1993). On the other hand, a joint session of the Board of Writers and Artist
Associations’ call for the dismissal of Karl Vaino, First Secretary of the Estonian Communist
47
Party, and Brunon Saul, Prime Minister of the Republican government, was met with Vaino’s
spring 1988 dismissal and Saul’s subsequent autumn resignation (Brzechczyn 2008). The
contrast of these two instances, the former under the Brezhnev regime, and the latter under
the Gorbachev regime, show the transition the Soviet Union was making from meting out
brutality for protests to attempting to work with nations within the state.
On March 13, 1990, the Estonian Parliament (Riigikogu) voted 73-0 to secede from
the Soviet Union (Olson, Pappas, and Pappas 1994). The Soviet Union retaliated in
December 1990 by occupying Estonia (Olson, Pappas, and Pappas 1994) in a last-ditch effort
to maintain its empire in spite of the costs accrued of reining in seceding territories (Snyder
1991). The cost of communism’s implosion in the USSR as a result of Gorbachev’s reforms
such as glasnost and perestroika (Elliot 1989), resulted in the Soviet Union granting Estonia
its independence on September 6, 1991 (Babich 1991).
POST-COMMUNIST ESTONIA: FOR ESTONIA, BY ESTONIA
Estonia’s independence from the Soviet Union was marred by infancy pains” that
included three constitutions between 1992 and 1997 (NSD 2015) and various caretaker
governments. These governments were tasked with passing laws, maintaining the Riigikogu,
and other functions meant to legitimize the new state’s existence (CSPP 2011 / 2015). In the
process, Estonia instigated Russia through citizenship laws, alliances, and historic reforms
that made it a target for Russian cyberattacks.
On January 19, 1995, the Riigikogu passed the Citizenship Act. The Citizenship Act
outlined the conditions of citizenship as follows:
Chapter 1
General Provisions
48
§ 1. Estonian citizen
(1) An Estonian citizen is a person who holds Estonian citizenship upon the entry into force of
this Act or a person who acquires or resumes Estonian citizenship on the basis of this Act.
(2) An Estonian citizen shall not simultaneously hold the citizenship of another state.
§ 2. Acquisition, resumption and loss of Estonian citizenship
(1) Estonian citizenship is:
1) acquired by birth;
2) acquired by naturalisation;
3) resumed by a person who lost Estonian citizenship as a minor;
4) lost through release from or deprivation of Estonian citizenship or upon
acceptance of the citizenship of another state.
(2) Estonian citizenship shall be acquired, resumed and or lost under the conditions and
pursuant to the procedure provided for in this Act.
<...>
§ 4. Certificate of citizenship
(1) Everyone who acquires Estonian citizenship by naturalisation or who resumes Estonian
citizenship shall be issued a certificate of citizenship pursuant to the procedure provided for in
this Act.
<...>
Chapter 4
Conditions for Resumption of Estonian Citizenship
§ 16. Right to resume Estonian citizenship
(1) Everyone who has lost his or her Estonian citizenship as a minor has the right to its
restoration.
(2) A person who wishes to resume Estonian citizenship shall be staying in Estonia
permanently and be released from his or her previous citizenship or prove that he or she will
be released therefrom (sic) in connection with his or her resumption of Estonian citizenship.
(Citizenship Act 1995, Last Revised June 15, 2006)
The Citizenship Act allowed those who were exiled from Estonia during Russian occupation
to return to Estonia and, pending proof or Estonian bloodlines and previous familial
citizenship, reclaim their respective citizenships. On the surface, this looks amicable, but
transplanted Russians faced a significant problem.
Russians who had been transplanted into Estonia as part of the Russification program
were subject to draconian language outlining the need for knowledge on Estonia, as well as a
very complex process for naturalization. The Citizenship Act of 1995 states:
Chapter 2
Conditions for Acquisition of Estonian Citizenship
§ 6. Conditions for acquisition of Estonian citizenship by naturalisation
An alien who wishes to acquire Estonian citizenship by naturalisation shall:
<…>
3) have knowledge of the Estonian language in accordance with the requirements provided for
in § 8 of this Act;
<…>
49
§ 8. Requirements for and assessment of knowledge of Estonian language
(1) For the purposes of this Act, knowledge of the Estonian language means general
knowledge of basic Estonian needed in everyday life.
(2) The requirements for knowledge of the Estonian language are as follows:
1) listening comprehension (official statements and announcements; danger and
warning announcements, news, descriptions of events and explanations of
phenomena);
2) speech (conversation and narration, use of questions, explanations, assumptions
and commands; expressing one's opinion; expressing one's wishes);
3) reading comprehension (official statements and announcements; public notices,
news, sample forms, journalistic articles, messages, catalogues, user manuals, traffic
information, questionnaires, reports, minutes, rules);
4) writing (writing applications, authorisation documents, letters of explanation,
curriculum vitae; completion of forms, standard forms and tests). (3) Knowledge of the Estonian language is assessed by way of examination. The procedure
for the holding of the examinations shall be established by the Government of the Republic.
(4) A person who passes the examination shall be issued a corresponding certificate.
(5) Persons who have acquired basic, secondary or higher education in the Estonian language
are not required to pass the examination.
(6) A person specified in subsection 35 (3) of this Act shall take the examination to the extent
and in the manner prescribed in the decision of the expert committee specified in subsection
35 (7) of this Act.
<…>
Chapter 5
Procedure for Acquisition of Estonian Citizenship by Naturalisation and for Resumption of
Estonian Citizenship
§ 18. Submission of documents
(1) A person who wishes to acquire Estonian citizenship by naturalisation or to resume
Estonian citizenship shall submit the necessary documents to the governmental authority
authorised by the Government of the Republic.
(2) The documents specified in subsection (1) of this section shall be submitted on behalf of a
minor under 15 years of age or an adult with restricted active legal capacity by his or her
parent, adoptive parent, or guardian who is an Estonian citizen, or by a guardianship authority.
<…>
§ 21. Refusal to grant or refusal for resumption of Estonian citizenship
(1) Estonian citizenship shall not be granted to or resumed by a person who:
1) submits false information upon application for Estonian citizenship or a document
certifying Estonian citizenship, and thereby conceals facts which preclude the grant
of Estonian citizenship to him or her, which preclude him or her from resuming
Estonian citizenship or which would have precluded the issue of a document
certifying to Estonian citizenship to him or her;
(08.12.98 entered into force 12.07.99 - RT I 1998, 111, 1827)
2) does not observe the constitutional order and Acts of Estonia;
3) has acted against the Estonian state and its security;
<…>
Chapter 7
Final Provisions
§ 33. Special conditions for acceptance of documents and calculation of time
The requirement for having a residence permit of a long-term resident or the right of permanent
residence provided for in clauses 6 2) and 22) of this Act does not apply with regard to persons who
settled in Estonia before 1 July 1990 and who apply for Estonian citizenship. (Citizenship Law 1995 /
2006)
50
Estonia’s linguistic, cultural, and political requirements meant Russians who had moved to
Estonia could only attain Estonian citizenship by proving both a sufficient grasp of Estonia’s
culture and language, have family members who were Estonian citizens, prove they had no
role in an act against the Estonian state, or were Estonian citizens before Estonia’s
annexation. Because many Russian-Estonians were born and raised in Estonia under Soviet
pretenses, they were often unable to meet the requirements of the new Estonian state.
Estonia gave Russian-Estonians who could not meet the citizenship law’s
requirements two options. Either they could use their “stateless persons” status to have their
children apply for citizenship – providing the child is under 15 years of age and the parents
have resided in Estonia for 5 years, or immigrate to Russia and apply for Russian citizenship
(Estonia – CIA World Factbook – Transnational Issues 2015). For Russian-Estonians who
immigrated to Russia, the only way to visit Estonia was by visa (Estonian Embassy in
Moscow 2015), no doubt a way to protect Estonian borders from Russian influence.
Estonia’s second action perceived as inflammatory towards Russia was joining
NATO in 2003. NATO, which had originally formed as a collective security organization
against the Soviet Union and later the Warsaw Pact, accepted Estonia into NATO on March
26, 2003 (NATO Update 2003). By joining NATO, Estonia sought to further distance itself
from Russian influence. Estonia also received the benefits of Article 5 of the NATO Charter
with regards to collective security in the event of attack upon a NATO state.
For Estonia, NATO’s collective security clause provided three benefits. First, as a
NATO member, Russia could no longer attack Estonia using traditional means unless Russia
wanted larger NATO members such as Germany and the United States to come to Estonia’s
aid. Second, Estonia’s ascension into NATO cemented Estonia’s desire to distance itself
51
from Russian / Soviet history and gain a presence in both Western collective security and in
NATO / EU decision making. Third, Estonian troops were now able to train with Western
forces and learn new tactics to protect against Russia (Corum 2013). The strengthened
Estonian forces to better balance them against Russia.
Estonia’s “provocation” was met with Russian forces being deployed at the Russia-
Estonia border. Estonia’s joining of NATO was viewed by Russia as an expansion of NATO
after the fall of the Warsaw Pact (Gidadhubli 2004), and as an attempt to oppress Russia’s
progress (Francis 2014). By putting Russian forces at Estonia’s border, Russia sought to
show Estonia and NATO that Western influences would not make Russia docile (Gidadhubli
2004). These exercises, one of which in 2009 involved over 30,000 soldiers and naval
personal in close proximity to Baltic territory were to test how Russia would stop a NATO
invasion should conventional defenses fail. One such exercise used the Baltics and Finland
as a simulated border, the other used an “end-game” strategy where a nuclear attack would be
launched on Poland (Shetty, Kearns, and Lunn 2012), presumably to “choke out” the Baltics.
The third action Estonia made that was perceived by Russia as provocative was
joining the European Union in 2004 (About EU – Estonia 2015). Russia, perceived Estonia’s
economic actions as a “return to the west,” or an acceptance of liberal economic principles
(Kononenko 2006, 70). Russia responded by adopting “compatriots abroad policies” aimed
to show the human rights violations that Estonia was committing against Russian speakers
and promoting Estonian Russians in violent street riots (Archer, Bailes, and Wivel 2013).
The fourth major event was the April 27, 2007, moving of the Bronze Soldier, a
statute in Tõnismägi Park in central Tallinn to the Tallinn Military Cemetery, a less
“prominent” location. The Bronze Statue symbolized Estonia’s liberation by the Soviet
52
Army from Nazi Occupation during World War II and held two very differing perceptions.
The Riigikogu had voted to move the statue earlier than expected as a result of increasingly
hostile activities against the Estonian state (Tikk, Koska, and Vihul 2010). For Estonians, the
soldier represented the Soviet Occupation, whereas the Russian-Estonian population viewed
the move as ostracizing a minority ethnicity (Herzog 2011). However, this direct affront at
Russian culture, which Russian propaganda accused Estonia of “rewriting history” and
“glorifying Nazism” (Tisk, Koska, and Vihul 2010), took what had started as rioting, and
brought an entirely new form of warfare to the attention of the world.
THE CYBERATTACKS
Russia responded to the Statue’s relocation by launching the Estonian Cyber War
against on April 27, 2007 (Tikk, Koska, and Vihul 2010), and ended on approximately May
23, 2007 (AfriNIC 2010). As Estonia was protected under NATO collective security, it was
not in Russia’s best interest to launch a conventional attack against Estonia, as it likely would
have been met with a NATO response. However, Estonia’s cyber-infrastructure was an
equally viable target for Russia and its informally-aligned cyber-mercenaries such as Nashi
(Tikk, Koska, and Vihul 2010).
After seceding from the Soviet Union in 1990 and becoming independent in 1991,
Estonia began building an extremely intensive internet network as a “symbol of democracy
and freedom” (Kingsley – Guardian 4/15/2012). In 2001, Estonia introduced X-Road, a data
exchange center used by Estonian Government organizations to communicate with one
another (AfriNIC 2010). Estonia built upon this innovation by expanding its “e-
infrastructure” as follows
53
Paperless Cabinet Meetings since 2000
94% of Tax Returns are done online (Kingsley – Guardian 4/15/2012)
More than 355 of Estonia’s Government Agencies operate in the digital domain through servers
(i.e.: A government “cloud”)
All data is sent through security servers for encryption and decryption purposes to prevent
unauthorized users from jeopardizing operations
Security servers are kept separate from both end-users’ (i.e.: home users, government agencies,
businesses) computers, as well as the government “cloud” to mitigate compromise
All Citizens have an ID Card that allow the citizen to do government functions and banking
completely online
2005: Estonia becomes the first country in the world to use internet voting in elections (AfriNIC
2010)
Electronic Tax Collection (Lesk 2007)
Estonia’s e-infrastructure also became a benchmark for European robustness. With fifty-one
percent of all households leasing broadband connections, which amounts to approximately
seventy percent of the population using broadband (Ministry of Defence 2008), Estonia’s
connectedness also makes it a target for retaliation by unfriendly states. The April 26, 2007
relocation of the Bronze Statue (Tikk, Koska, and Vihul 2010), exposed this vulnerability,
crippling Estonia and bringing light to the use of DDoS attacks and TOR as weapons of
cyberwarfare against technologically advanced, yet insecure, states.
Following the Bronze Statue’s relocation, a series of TOR-encrypted DDoS attacks
were launched against Estonia’s infrastructure. DDoS attacks are typically done by
organizations, businesses, and states that buy botnets (a network of bots). These botnets
typically cost the end-user $5,000 to $7,500 for the service, with an attack on the scale of
Estonia costing approximately $100,000 (Lesk 2007). The use of TOR in launching such
attacks is twofold. First, TOR re-routes information sent through it through entry nodes (the
servers immediately after the sender), exit nodes (the servers immediately before the
recipient), and at least three other “middle-man computers” in order to reduce the likelihood
of detection and falsify the sender’s IP Address (Choucri 2012). Second, the re-routing
process limits the ability to have an internet service provider (ISP) track attacking botnets.
54
An ISP will likely shut down an attempted attack if it detects many requests from the same IP
address and quarantine the IP address (Lesk 2007), but if the IP addresses are different, then
the odds of the attack being shut down are reduced.
Estonia suffered attacks against various government and political websites including:
Government
Prime Minister
President
Riigikogu
State Audit Office
All Ministries (State Departments) except for the Estonian Ministry of Culture
State Agencies (i.e.: The Estonian Poice Board)
Estonia’s Reform Party (Tikk, Koska, and Vihul 2010)
Three News Organizations
Two Biggest Banks and Communication Firms (AfriNIC 2010)
The DDoS attacks against these websites took on various forms. Some sites, such as
http://silimaja.ee,11 were defaced with pro-Soviet signs, while other sites such as
http://www.riigikogu.ee12 and http://www.valitsus.ee13 were unreachable (AfriNIC 2010).
The attacks occurred in waves, which told Estonia’s CERT two things. First, the
attack may not be state-initiated because botnets are typically rented, and the departure of an
attack meant that the payment for the botnet had run out. Second, several pro-Russian hacker
forums divulged information about future attack targets. However, because the botnets were
rented, this meant that the attacks would potentially take place using differing means and
have varying magnitudes depending on financial and computational resources (Brenner
2014). Worse, the botnets could be reprogrammed on-the-fly to avoid detection and
subsequent deactivation (Springer 2015).
11 Sillamäe, Estonia’s official website
12 The Estonian Parliament’s website
13 (Estonia’s Government site)
55
The second wave of attacks in the Estonian Cyber War began on May 9, 2007. May 9
is Victory Day in Russia, the anniversary of the Soviet Union’s defeat of Germany in World
War II (Brenner 2014). Whereas the first round of attacks largely attacked government sites
(AfriNIC 2010), the second round of attacks focused on private enterprises such as banks,
information outlets and corporations. Estonian banks and corporations typically received
1,000 hits per day, but received 2,000 hits per second during the attack. This wave ground
Estonia’s internet to a halt; resetting servers simply brought on a new onslaught of
cyberattacks (Springer 2015), leaving Estonia’s CERT with many difficulties in reversing,
and ultimately investigating, the attack.
The first difficulty was that the original source of attack could not be verified through
traditional means such as an IP Address that would give location-based information to
investigating organizations. The attackers used offshore servers, in order to falsify the
locations of the attacks (Bradbury 2014). As such, although various Estonian sites were
vandalized with pro-Russian propaganda on them (AfriNIC 2010), the cloaking programs
resulted in the attacks being traced back to diverse locations such as the Seychelles
(Bradbury 2014), San Jose, Mexico, Aruba, and Italy (AfriNIC 2010). Estonia accused
Russia of committing the attack on the basis of what was plastered onto its government sites
based on what was present on its government sites (Libicki 2009). Russia responded by
refusing to take the blame on the attacks, as well as refusing to help Estonia find who – or
what – caused the cyberattacks (Springer 2015).
The second difficulty was Russia’s ability to use information about the attack to claim
plausible denial regarding investigating the attack. When Russia was confronted with
information that the “botnet controllers (individuals who bought / programmed the bots in the
56
Estonian Cyber War) were in Russia, the government suggested that Russian patriots might
have attacked on their own volition, for which they would not be punished by the Russian
government” (Springer 2015, 36). The Kremlin’s inaction is consistent with Flook’s (2009)
assertions that the Russian police and investigatory look the other way when the attacks
promote Russian interests, only care about cyberattacks when they are aimed at Russians and
Russian businesses..
The third difficulty Estonia’s CERT faced with regards to investigating the 2007
Estonian Cyber War was Estonia’s affiliation with NATO. Although NATO was a collective
security organization, NATO’s Charter did not take into account non-traditional means of
warfare (Brenner 2014). NATO’s reasoned that since nobody was injured, and physical
damage was inconsequential, that its presence was not needed (Springer 2015). Estonia
responded by comparing the attack to “terrorist activity … coordinated by computers within
Russian Cyberspace, and enjoyed at least the tacit concurrence of Russian authorities”
(Farwell & Rohozinski 2011, 32). NATO ultimately refused to accuse Russia (Farwell &
Rohozinski 2011) of the attack due to IP addresses not being from Russia (AfriNIC 2010),
although at least some of the controllers of the attacking servers were from Russia (Farwell
& Rohozinski 2011 and Springer 2015).
The final difficulty Estonia’s CERT faced was the CERT’s own actions in attempting
to stop the cyberattack. Government agencies, banks, and media outlets were vandalized or
shut down altogether by the attack. Estonia’s CERT shut down internet access to persons
either in foreign states, or detected to be in a foreign state due to IP address falsification tools
such as TOR (Libicki 2009). This was an attempt to reduce the damage that internet traffic
originating from outside Estonia could potentially cause. Ultimately, Estonia’s CERT was
57
ill-prepared to handle the threat itself, and required Finnish, Israeli, German, and Slovenian
assistance teams, as well as NATO CERTs and the European Network and Information
Security Agency (ENISA,) in order to ultimately reverse the attacks (Herzog 2011).
The 2007 Estonian Cyber War brought to light the ability for a state and / or
organization to debilitate another state’s cyber-infrastructure and effectively hold it hostage
as a means of retaliation. Additionally, the use of computer-based technologies such as off-
shore servers, as well as informal relationships with cyber-mercenaries, allowed for Russia to
retaliate without risking Estonia’s invocation of Article 5 of the NATO charter. As a result,
Estonia was forced to react without the collective military clout of NATO. Herbert Lin, chief
scientist at the Computer Science and Telecommunications Board of the US National
Research Council, states:
you may have only an IP address, not a physical location that you can attack in response. Assume a
computer controls an adversary’s air defense network and you cannot physically locate it. If you go
after it with a cyber attack, what if it’s located in a neutral nation? Or on your own territory? Cyber
war complicates matters and challenges traditional notions of neutrality and sovereignty. (Interview
with Dr. Herbert Lin, from Farwell & Rohizinski 2011, 32)
The 2007 Estonian Cyber War thus highlighted the need for improvement in
collective security organizations’ and aggrieved state’s behaviors regarding cyberattacks.
Although Estonia acted to protect the interests and activities of its citizens by blockading
access from foreign states, Estonia was too technologically weak to stop and reverse the
effects of the Cyber War. Estonia required assistance from more advanced NATO and non-
NATO states’ computer teams and organizations to end the attack. The attack did have a
significant impact on states’ and organizations’ reactions to, and preparedness for,
subsequent attacks. An impact that would both Estonia at the epicenter of cybersecurity
while aiming to mitigate the intensity of future attacks.
58
THE AFTERMATH OF THE CYBERATTACKS
The Estonian Cyber War of 2007 raised questions by states and organizations whether
contemporary rules regarding war were sufficient. The duration of the attacks, the various
countermeasures taken by the attackers, and Estonia’s and NATO’s inability to stop the
attack answered these questions as “NO!” NATO, Estonia, and Russian cyber-mercenaries
reacted to the attacks in different ways and provided methods and infrastructures to prevent
future cyberattacks from having the intensity and duration of the Estonian Cyber War.
On October 28, 2008, NATO responded to the Estonian Cyber War by accrediting the
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, as
an International Military Organization (IMO). As an IMO within NATO, the CCDCOE was
allowed to hold defense exercises such as “Baltic Cyber Shield,” a Cyber defense exercise
held on May 10, 2010, and the First Locked Shields cyber defense exercise on March 26,
2012 (NATO CCDCOE 2015).
These exercises served varying purposes. “Baltic Cyber Shield” was carried out by
six teams from Latvia, Lithuania, Sweden, and NATO headquarters attempting to defend an
initially insecure virtual company network from hostile attacks (NATO CCDCOE Baltic
Cyber Shield 2010). The first Locked Shields cyber defense exercise was an exercise in
which trained IT specialists and legal experts worked to telecommunications companies
across Europe called “Blue Teams.” The “cyber attackers,” named the “Red Team,” was
comprised of specialists and volunteers from Finland and Estonia, with contributors from
Germany, Latvia, Italy, and NATO. The Red Team would create balanced attacks against
59
blue team networks. Success was measured by the effectiveness of defense strategies and
tactics, and measured on a predefined scale (NATO CCDCOE Locked Shields 2012).
The Estonia Defence League (EDL) established a Cyber Unit (CU) in 2007 in the
aftermath of the Cyber War (Kaitseliit EDL CU History 2015). The EDL CU aims to
increase the state’s cybersecurity through the spread of knowledge and training. This
training is not just through traditional computer-based means such as information security,
but also by participating in cybersecurity training events and networking with qualified IT
specialists (Kaitseliit EDL CU 2015). These IT specialists volunteer in events such as the
First Locked Shields exercise to spread this knowledge to other CERTs, as well as to test
whether their methods suffice against attack (NATO CCDCOE Locked Shields 2012).
On February 12, 2015, the EDL CU and the CCDCOE formalized their working
relationship regarding the annual Locked Shields exercises. The cooperation agreement
commits Estonia to the exercises while allowing EDL CU members to receive more training
and workshops from the CCDCOE (Kaitseliit EDC CU / CCDCOE Agreement 2015).
Knowledge spread from this joint cooperation will bolster technical skills and cybersecurity
within Europe in the hopes of reducing the likelihood of future attacks.
However, not all organizations resolve to prevent future cyberattacks against Estonia.
Konstantin Goloskokov, the commissar of Nashi, stated in 2009 that Nashi’s activities
“taught the Estonian authorities a lesson” in response to the relocation of the Bronze Statue
(Lysenko and Endicott-Popovsky 2012, 405; Conference held March 22-23, 2011).
Goloskokov furthered his antipathy towards Estonia, stating “if the (Estonia) act illegally, we
(presumably Nashi as the Kremlin’s informal “cyberwar” arm) will respond in an adequate
60
way” (Brenner 2014). As a result, prevocational actions by small states may still incur the
wrath of cyber-mercenaries.
The Estonian Cyber War exposed states and organizations to the reality that war is no
longer exclusive to land, air, or sea. Although its three week duration may be relatively short
compared to many traditional wars, the low cost of attacks combined with the amount of
government and private organizations that were compromised in the process exposed the
weakness that states and organizations had in protecting their cyber-sovereignty. The
reactions by states and organizations to hold drills and work as collectives against that are
just that, reactions. So long as larger states possess mercenaries that function through
informal relations and possess cloaking and attacking technologies, Estonia will need to rely
not only on its CU for cybersecurity, but the collective resources of NATO’s CCDCOE as
well. Cyberwar in Estonia proved to have a reactive, rather than proactive, outcome.
However, Estonia’s lessons soon paid dividends in 2008, when neighboring Lithuania
endured its own attack.
61
CHAPTER 5
LITHUANIA: ANOTHER BALTIC STATE, ANOTHER
CYBERATTACK14
Not long after Estonia was cyberattacked, Lithuania endured a similar attack, for what
appears to be similar reasons. Lithuania is a country in the Baltics that has been a serfdom, a
Soviet republic and an independent state at various points of its existence. Lithuania has
many political and economic similarities to Estonia. Lithuania’s tenure as part of the Soviet
Union has also had a significant impact on its government policies regarding Russia and
Russian history, its interactions with Western states and organizations, as well as Lithuania’s
position as one of Europe’s “tech epicenters.” Lithuania has economic, political, and social
reasons for being a target for cyberwarfare as well as a center for tech expansion.
This chapter explains how Lithuania’s actions have made it a target for cyberattacks,
as well as how Lithuania has made itself one of the centers for e-infrastructure at the
systemic level. I explain how Lithuania’s anti-Russian and pro-Western actions have caused
it to become targeted by the Kremlin. By stating the significance of these actions, I show the
importance of Lithuania as a state that learned from another state’s mistakes during its own
cyberattack, as well as show the importance of continued cyber-alliances in furthering states’
and organizations’ interests in building infrastructure that will mitigate future cyberattacks.
HISTORIC LITHUANIAN / RUSSIAN RELATIONS
Lithuania and Russia have a history marked with conquest, uprisings, brief periods of
Lithuanian independence, and annexation by treaty. Lithuania was a serfdom from at least
14 Author’s Note: Portions of this chapter originally from Spring 2014 term paper for Post-Communist
Politics Class at City University of New York – Brooklyn College
62
the fifteenth century (Millward 1982) until February 19, 1861 when Tsar Alexander II
abolished serfdom as a result of revolts and riots by Lithuanian serfs. Although Alexander
II’s regime abolished serfdom, Lithuanian serfs were left with forty-nine year mortgages for
any lands they may have owned (Pauliukonis 1970). Lithuania became a semi-private
agrarian zone (Mincyte 2009) even as Russia industrialized during the 1890s (Skocpol 1976).
The Vilnius Conference, held from September 18-23, 1917, was the first significant
move to make Lithuania a state. After approximately 3 months of self-determination
movements, the Council of Lithuania declared itself independent from Russia on February 16,
1918 (Seimas – Lithuanian Restoration 2015). From 1917 to 1926, Lithuania floundered
between Presidents as it struggled to survive against the rapidly forming Soviet Union. Not
until Kayzs Grinius became the President of Lithuania, and Mykolas Krupavicius led a more
fascist / anti-Soviet Seimas, did Lithuanian officials begin to outwardly oppose the Soviet
Union and its socialist values (Misiunas 1970).
Lithuania’s increasingly fascist political perspectives during the later interwar years
gained prominence as Krupavicius engaged in increasingly anti-Soviet rhetoric. In one such
speech, Minister Krupavicius states:
Fascism in itself is a wholesome nationalist movement (strong applause and shouts of 'bravo' on the
right), a reaction against socialist government or a Kerenshchina which are leading the state to its
doom. Today Fascism is a legal organisation in all states. But I make a difference between Fascism [as
an ideology] and Fascism [as a system]. If you accuse national self-consciousness, patriotism, and
national ideals of being Fascist, in that sense I am also a Fascist. And all of us Lithuanian nationalists
are Fascists! (Misiunas 1970)
Krupavicius’ statement may have riled support amongst Lithuanians who sought to distance
themselves from the Soviet Union by defining national self-consciousness, patriotism, and
pro-Lithuanian ideals as fascist, but he also saber-rattled against a state far larger and more
powerful than Lithuania. Krupavicius called the Soviet government “kerenschina,” due to
63
collective operations being favored over self-awareness and self-motivations (Misiunas 1970.
Saber-rattling, though, only goes so far when the rattler is a militarily weak state provoking a
larger, and militarized, state.
Lithuania’s interwar independence ended in much the same way Estonia’s interwar
independence ended. On August 23, 1939, the Molotov-Ribbentrop Pact’s Secret Additional
Protocol divided Lithuania into two. Areas south of Vilnius were annexed to Germany, with
the balance going to Russia along with the rest of the Baltic States (European Network –
Molotov-Ribbentrop Pact.pdf). The political effects of the Pact on Lithuania were immediate.
A brief timeline of events that ensued as a result of the Pact:
June 15, 1940: Antanas Merkys, President of Lithuania, is exiled by Soviet forces (Mincyte 2009)
June 18, 1940: Justas Paleckis, Acting President of Lithuania, creates a foreign policy that
promotes assistance with the Soviet Union
June 22, 1940: Vincas Krévé-Mickevicius, Lithuanian Deputy Prime Minister and Foreign
Minister, telegraphed Lithuanian foreign representatives “the foundation of the existing political
system will not be changed. The inviolability of private property is guaranteed… good relations
with the Soviet Union is the priority of the new government.”
July 5, 1940: The Paleckis government lowers voting the age-limit from 24 to 21 in order to
promote voting among men conscripted to the military
July 21, 1940: The Lithuanian Parliament proclaims its desire to join the Soviet Union (Ilmjärv
2005)
August 3, 1940: Lithuania is incorporated into the Soviet Union (Kaszeta 1988)
On October 22, 1940, Great Britain recognized the annexation of the Baltics into the Soviet
Union in exchange that Great Britain would not join Anti-Soviet Alliances. This act,
combined with Nazi Germany’s recognition of the Baltics’ annexation on January 10,
1941(Ilmjärv 2005), rendered the Baltics a part of the Soviet Union. Although Nazi
Germany would occupy the Baltics from 1941 through 1944 in the aftermath of the Soviet
Union “turning” on Nazi Germany, by August 1944, Lithuania was firmly a part of the
Soviet Union (Kaszeta 1988), and would remain a Soviet Republic for 47 years.
64
Lithuanians did not accept the Soviet leadership as legitimate rulers. Russia sought to
assimilate Lithuania through a multinational apartment system (Leder 2002). Lithuanians
responded to the Soviet Union’s attempt at assimilation through thinly veiled hatred and
exercising non-Soviet afforded civil rights such as freedom of speech and expression
(Girnius 1988). Furthermore, organizations such as the Movement of Lithuania’s Struggle
for Freedom (LLKS) fought Soviet forces from 1948 through 1952 in attempts to regain
Lithuania’s independence. The Movement was quashed in 1952 at the cost of an estimated
20,000 to 30,000 lives (Vardys 1963).
The Soviet Union tried to assimilate Lithuania by collectivizing Lithuania’s main
resource-generating farms. Lithuania’s main resources – potatoes, grain, milk, and meat –
were dekulakized, or removed from the ownership of wealthy farmers called kulaks. The
Soviet Union rapidly collectivized Lithuanian farms. In 1948, 60.5 percent of Lithuanian
farms were collecitivized (Mincyte 2009); by 1950, 90 percent of Lithuania’s farms had been
collectivized (Girnius 1988). This collectivization, combined with the multinational
apartment, were two of the ways that the Soviet Union sought to assimilate Lithuania into the
Inner Empire and thus expand Soviet Society (Beissinger 2009b).
By the 1980s, the Soviet Union was failing, and Lithuania was still pushing the
boundaries of what was considered acceptable to the Soviet Union. General Secretary
Mikhail Gorbachev, who was tasked with saving a fracturing Soviet Union, implemented
various “democratic” mechanisms in a last-ditch effort to maintain the Inner Empire. One of
these mechanisms, Glasnost, was instituted to provide freer dialogues between the Soviet
constituency and Moscow (Putinaite 2008). Lithuanians took full advantage of Glasnost by
holding protests and writing cynical editorials that questioned the true motive of Gorbachev’s
65
liberalizing reforms (Olcott – Lithuanian Crisis 1990). By 1988, Gorbachev was forced to
recognize measures of cultural sovereignty in Lithuania, a move meant as “humane
socialism,” or Soviet rule with a kinder hand (Hough 1990). Gorbachev’s “humane
socialism” was met with separatist movements that fought for more than cultural sovereignty.
Lithuanians movements such as Sajudis that followed the spirit of the LLKS. Sajudis,
a self-determinist and secessionist movement led by Algirdas Brazuskas, reacted to
Gorbachev’s reforms by fighting initially for cultural sovereignty (Olcott – Soviet (Dis)union
1991), but more importantly for its independence from the USSR. After Gorbachev ousted
Brazuskas from Lithuanian politics, he was forced to reinstate him as the Lithuanian SSR’s
leader as a last-ditch attempt to keep a “rogue SSR” from seceding (Beissinger 2009b).
Gorbachev’s concessions resulted in an increasingly brave Lithuania pushing for separation
from the Soviet Union – culminating on March 24, 1990 when the reformed Seimas voted
124-0 (with 9 abstentions) to secede from the Soviet Union (Kotkin 2008).
The Soviet Union, which by 1990 had lost its “outer empire” of Warsaw Pact states,
tried harder to maintain its inner empire. Lithuania’s self-determination movement had
gained the support of both opposition and in-power elites (Clark and Praneviciute 2008), and
was met by a politically realist USSR seeking to maintain its borders. From January 11 – 13,
1991, Gorbachev ordered direct strikes on Vilnius, Lithuania’s capital. These strikes became
known as “The January Events.” The “Events” were spearheaded by the Soviet military and
non-government organizations such as the National Salvation Committee of Lithuania, a pro-
Soviet organization within Lithuania that sought to keep Gorbachev in power in the USSR
(Dunlop 2003). Although Lithuania survived “The January Events,” the USSR still would
not relinquish Lithuania.
66
On August 18, 1991, General Secretary Gorbachev, with Kazakh SSR President
Narsultan Nazarbaev and RSFSR President Boris Yeltsin’s “blessings,” launched an attack
against Lithuania that should have been a simple power grab, but instead failed spectacularly.
Gorbachev, his aid Vadim Medvedev, and several of his generals, were unable to maintain
communications with one another throughout the attack, in part due to Gorbachev’s hectic
schedule, in part due to Gorbachev’s cautious nature, and in part due to Vytautas Landsbergis,
head of the Lithuanian Parliament’s desire to aid Yeltsin in overthrowing the Gorbachev
regime (Dunlop 2003). This “semi-inside job” not only decimated the Soviet Union’s ability
to forcibly influence its Soviet Republic, but was such a humiliation to the Soviet Army, that
on August 22, 1991, Gorbachev pulled all troops from Lithuania.
On November 6, 1991, the Soviet Union recognized Lithuania as an independent state
(Babich 2011). Although Lithuania remains an independent state to this day, issues exist
with its former colonizing power regarding political, social, and cultural aspects of its society.
By studying the Tsarist and Soviet history of Lithuania, I show that Lithuania had much to
spite about Russia, and in the 20th century, the Soviet Union. By stating the final days of
Soviet occupation, I show that Lithuania’s independence was a byproduct of not only self-
determination, but the collapse of a hegemon. These factors will influence how Lithuania
behaves towards Russia at the close of the 20th century, and into the 21st century.
LITHUANIA: THE LITTLE COUNTRY THAT SHOULDN’T
Lithuania gained its independence on November 6, 1991, and set out to politically,
socially, and economically distance itself from its former colonizing power. Lithuania’s
joining of Western political and economic organizations, banning Soviet and Nazi ephemera,
67
and passing laws that promoted Lithuanian culture at the expense of Russian culture may
have fortified its statehood, but also instigated its former colonizer. By discussing these
actions, I show how Lithuania also made itself a target for Russian cyberattacks.
On March 26, 2003, Lithuania acceded to NATO (NATO Protocol Lithuania 2003).
In October 2003, public opinion surveys found that 77 percent of Lithuanians favored the
country’s entering into NATO (Krupavicius 2004). Lithuania’s accession to NATO
guaranteed it collective security against attacks from other states (NATO Charter – Article 5).
For Lithuania, acceding to NATO was both a milestone in terms of democratic maturity and
consolidation, as well as a way to bolster military strength against Russia. Additionally,
NATO accession is often viewed as a step towards entering the more stringent EU (Barany
2004). However, critics such as Holger Mölder (2006) state that economic factors such as
EU membership play an equal role in both preventing war and as a security community due
to common economic interests.
Russia reacted to Lithuania’s accession to NATO as an expansion of Western
interests. Much like with Estonia, Russia viewed Lithuania’s accession to NATO as a way to
curtail Russia’s progress (Francis 2014). Russian foreign ministry spokesman Aleksandr
Yakovenko viewed Lithuania – and the Baltics as a whole – acceding to NATO as a threat
against Russia’s national security. Sergei Oznobischev, director of Strategic Assessment
Institute, took a different perspective to the accession. Whereas Mr. Yakovenko perceived an
expanding NATO as a threat to Russia, Mr. Oznobischev viewed the accession as a
“diplomatic failure” on Russia’s part, and a “virtually genetic fear of the Soviet Union and
now Russia” (Gidadhubli 2004, 1885).
68
There are two issues with NATO and the current threat. First, what “U.S. Senator
wants to be the first to tell a mother that her son died fighting in Abkhazia?” (Or in this case,
Lithuania). A state as small and widely perceived as insignificant as Lithuania would not
register as a blip on the general population’s radar, and many Westerners would not want to
have military action in a state largely deemed to be inconsequential. Second, should Russia
attack Lithuania, NATO would either have to invoke Article 5 and potentially cause World
War 3 over Lithuania’s invasion, or abandon Lithuania; demonstrating that collective
security doesn’t apply to smaller members (Mitchell 2015).
Lithuania’s second action that Russia perceived as confrontational was its accession
to the EU on May 1, 2004 (Europa – Lithuania 2015). As Lithuania had proven itself to be a
consolidated democracy by joining NATO, its accession to the EU served as validation of its
liberal economy. Lithuania validated its liberal economic prowess with a lower-than-
Eurozone-average annual inflation rate, an about-average deficit as a percentage of GDP, and
a much lower than average consolidated general government debt as a percentage of GDP
from 2004 through 2011; the last criteria spelled out in the Maastricht Treaty that set up the
EU in the first place (Georgieva 2012).
This ability to economically succeed in spite of its Soviet past, afforded Lithuania the
privilege of joining the Schengen Area on December 21, 2007 (Europa – Lithuania 2015).
The Schengen Area is a zone of EU and non-EU states in which EU citizens, and Non-EU
Citizens in Schengen Area states, are allowed to travel between Area states with a visa,
subject to what basically amounts to “visa spot-checks” rather than sweeping “visa border-
checks” (European Commission – Schengen Area 2014). Lithuania’s acceptance to
Schengen meant that more travel from traditionally western European states (i.e.: France,
69
England, Germany) would allow for the spread of technologies; the culmination of which,
statewide high-speed fiber-optic internet (10 Years of FTTH - CE May 7, 2014), will be
discussed later in this chapter.
Russia’s reaction to Lithuania’s economic westernization was fear that Kaliningrad,
an exclave of Russia separated from Russian influence (i.e.: Russia and / or Belarus) by
Lithuania, would become increasingly “European” by becoming a strategic leverage point for
the EU (Archer & Etzold 2010). Russia’s fear of Lithuania’s isolating action is furthered by
the population of Kaliningrad – particularly the young, the educated, and Kaliningrad’s
oligarchs – desiring to join the EU and perceiving themselves as European (Krickus 2014).
The EU viewed it as necessary to mend Kaliningrad’s economic and infrastructural problems
at the cost of €132 million so that Lithuania’s border infrastructure would be more
sufficiently bolstered against Russia (Kaliningrad) (Archer & Etzold 2010). Such “bolstering”
could therefore be viewed as an incentive for Kaliningrad’s inhabitants to enter Europe at the
cost of Russia’s presence in a more “Western” Europe.
Lithuania’s third action that Russia perceived as confrontation was its threat to veto a
commercial relationship between Russia and its oil industry and the EU (Grigas 2014).
Lithuania vetoed the EU-Russia oil talks regarding exploiting the full capacity of the
Druzhba line due to issues between itself, Belarus, and Russia (Bjørnmose et al 2009).
Lithuania’s contention about the Russian oil industry dates back to the Soviet era due to
Russia’s refusal to compensate Lithuanians coerced into Soviet labor camps. Furthermore,
Lithuania contended that Russia was using its oil resources as a “leveraging point” for other
Russian commodities in surrounding markets (i.e.: former Soviet states) (Ashmore 2009).
70
Russia responded by cutting Lithuania off from its oil reserves. By preventing
Lithuania from economic interactions with Russian oil industries, Russia was able to exert
regional influence to maintain compliance from Lithuania. Lithuania conceded its vote to
allow Russia to engage in oil and gas commerce with the EU on May 12, 2008 (DPA News
Agency 2008). However, Lithuania’s oil and gas infrastructure is not connected to the EU’s
oil network. Although Lithuania receives sufficient oil from Russia, connection projects
such as “Small Amber” between Poland and Lithuania could integrate Lithuania with the rest
of the EU. However, the project’s stagnation (Bjørnmose et al 2009) has resulted in Lithuania
being forced to buy exclusively from Russia (Economist 04/05/2014) at higher prices than if
they were part of the EU’s infrastructure.
Lithuania’s fourth action that Russia perceived as confrontational was its March 18,
2004, accession to the ECC (CETS No. 185 2014). Lithuania’s ratification of the ECC
allowed Lithuania to define what cyber-behaviors were criminally offensive and punish those
convicted of such behaviors (Archick 2006). Lithuania used the ECC in order to correct the
atrocities committed by the Soviets. Lithuania defined these “criminally offensive”
behaviors in the Criminal Code of the Republic of Lithuania, which had existed since 2000
and entered into force on May 1, 2003 (Sauliunas 2010). Article 198 of the Criminal Code,
expanded in 2008, states:
Article 198. Unlawful Interception and Use of Electronic Data 1. A person who unlawfully observes, records, intercepts, acquires, stores, appropriates,
distributes or otherwise uses the electronic data which may not be made public shall be
punished by a fine or by imprisonment for a term of up to four years. 2. A person who unlawfully observes, records, intercepts, acquires, stores, appropriates,
distributes or otherwise uses the electronic data which may not be made public and which are
of strategic importance for national security or of major importance for state government, the
economy or the financial system shall be punished by imprisonment for a term of up to six
years. (Seimas 2008 / 2010)
71
Article 198 meant that Soviet-era ephemera such as the National Anthem and symbols were
punishable in much the same way that hate crimes are increasingly becoming punishable
offenses in the United States. Moreover, such offenses were committed “without right”
(Sauliunas 2010), leaving open the possibility of persons being punished for merely
researching Soviet history or other academic endeavors.
Russia responded to Lithuania’s criminal code as an affront to its interests. Russian
President Dmitry Medvedev denounced the law as a “politicized approach to history” and
viewed the law as an “attempt to rewrite wartime history” (Tikk, Koska, and Vihul 2010, 51-
52). Although Russia largely ignored the changes to Lithuania’s Criminal Code and the
ascension to the ECC, the modifications made in 2008 to include Soviet symbols as offensive
(Sauliunas 2010) was the tipping point for an attack that, although smaller and shorter in
duration than Estonia’s, showed that Russia was unafraid to use cyberwarfare against any
NATO member-state that it could not engage in traditional warfare.
LITHUANIA’S CYBERATTACK
In the years after establishing and maintaining its independence from the Soviet
Union and Russia, Lithuania began enacting infrastructures within its borders. One such
infrastructure was the advent of statewide internet. However, whereas Estonia sought to
fully integrate government life into the digital domain (Kingsley – Guardian 4/15/2012;
AfriNIC 2010; and Lesk 2007), Lithuania sought to bring as many homes and businesses
online as possible. To this end, Lithuania has done the following to integrate as many
persons and businesses as possible to high-speed internet.
Provided 50 megabits per second (Mbps) for 11.6 EUR per month, up to 300 Mbps for 23.1 EUR
per month
72
Invested 329 million Lithuanian Litas (LTL) (roughly 95.3 Million EUR) to develop Fibre-to-the-
Home (FTTH) networks between 2007 and 2011; total investments for all infrastructure (core and
extending networks) is approximately 659 million LTL (190.9 Million EUR)
Connected over 714,000 households with ultra-fast internet (fibre-optic), or approximately 57% of
the population as of May, 2014
Result: the second fastest internet speed in the world (EC Digital Agenda for Europe – 2014)
Unfortunately, Lithuania’s devotion to high-speed internet was not met with an equal
devotion to cybersecurity, even in the aftermath of the 2007 Estonian Cyber War. In 2008,
Lithuania may have been a strong cyber-state in terms of infrastructure, but it was a digitally
weak state due to a lack of “lessons learned from Estonia.”
The modifying of Lithuania’s Criminal Code to include interpreting any association,
be it viewed, observed, etc., of Soviet ephemera resulted in a series of DDoS attacks against
approximately 300 Lithuanian websites on June 28, 2008 (Tikk, Koska & Vihul 2010).
Much like with Estonia, these sites were inundated with Soviet symbols. However, whereas
the Estonian Cyber War lasted for over three weeks and had several major waves of attacks,
the Lithuanian cyberattack lasted only 4 days. The lessons learned from the Estonian Cyber
War played a significant role in why the Lithuanian cyberattack was so quickly rectified.
The first major difference between the Estonian and Lithuanian attacks lies in the
attack methodology itself. Whereas with the Estonian Cyber War, the cyber-mercenary
group Nashi used a series of offshore bulletproof servers in small states as “proxy attackers”
to avoid detection (Bradbury 2014), Lithuania’s cyberattackers used TOR to carry out the
attacks (Tikk, Koska, & Vihul 2010). TOR not only allowed cyberattackers to cloak their
locations, but whereas the offshore servers used during the Estonian Cyber War could
potentially be traced back to their Russian owners (Springer 2015), the use of TOR during
made the ability to trace the attackers’ locations nearly impossible (Tikk, Koska, & Vihul
73
2010). This is due to TOR’s use of entry nodes, middleman computers, and exit nodes in
order to falsify sender (and recipient) IP addresses (Choucri 2012).
The second major difference between the attacks was the aid provided to reverse the
attack. Whereas Estonia used its sovereignty to shutter itself from any foreign internet traffic
(AfriNIC 2010) and only had their CERT to rectify the problem until Estonia was forced to
call on outside states such as Germany and Israel for help (Herzog 2011), Lithuania reversed
the attack through a public-private IT collaboration. This collaboration allowed for the ISP
to notify customers, government agencies, and private sector companies, of the attack in
progress (Tikk 2011). Additionally, Lithuania used its sovereignty to clean up after the
attack, but also was able to call on NATO’s CERT to fix much of the damage from the
cyberattack (Herzog 2011), although this may be less at Lithuania’s request, and more a
“lesson learned” from the Estonian Cyber War.
The final major difference between the Estonian and Lithuanian attacks is the
duration and magnitude of the attack itself. First, Estonia’s attack began April 26, 2007,
ended May 23, 2007 (AfriNIC 2010), and involved approximately $100,000 worth of botnets
time and quantity – a figure estimated to be between 50,000 and 70,000 bots (Lesk 2007),
whereas Lithuania’s attack lasted from June 28, 2008, ended July 2, 2008 (Tikk, Kaska, and
Vihul 2010), and due to the relative lack of attack intensity, probably had far fewer
participants. Much of the reason for the reduced intensity and duration lies in what would be
called “second-mover advantage,” an advantage that exists when uncertainty can be
mitigated as a result of studying the errors caused by the first mover (Hoppe 2000) – in this
case, Estonia. As a result, second-mover advantage allowed Lithuania to have lower time
costs in reversing the effect of Russia’s cyberattack.
74
Although Lithuania “enjoyed” the benefits of a less intense attack that endured over a
shorter period of time, Lithuania also benefitted from learning from Estonia’s isolationist
mistake and having its attack primarily focus on the private sector rather than Estonia’s
public sector attacks. Most importantly, Lithuania’s “second-mover advantage” allowed for
its ISPs and for private sector IT agencies to work together to mitigate the intensity of the
cyberattack. However, whereas Estonia became an epicenter for global cybersecurity,
Lithuania has faced its own cybersecurity problems in the aftermath of the 2008 cyberattack.
THE CYBERATTACK’S AFTERMATH: LITHUANIA GETS MORE ATTACKS
The 2008 Lithuanian cyberattack validated the use of cyberwarfare as a means of
attack when a state wishes to inflict damage upon another state while staying “below the
threshold of war” (Lewis 2011) that would incite a collective response under Article 5 of the
NATO charter, or allow a state to invoke Article 51 of the UN Charter. The cyberattack
validated this use because it was an attack by one state against another, where the presumed
attacker had previously launched attacks against smaller dissenting states. Lithuania became
active in cybersecurity organizations such as the CCDCOE (NATO Centres of Excellence
2015) in order to better protect itself from future attack. However, not all actions taken in the
aftermath of the cyberattack have been positive.
Lithuania began improving its cybersecurity practices in much the same way Estonia
began improving its practices; by engaging in various cyber-exercises such as “Baltic Cyber
Shield” and the 2014 Locked Shields cyber defense exercises (NATO CCDCOE 2015). In
“Baltic Cyber Shield,” teams from Latvia, Lithuania, Sweden, and NATO headquarters
defended an insecure virtual company from hostile attacks (NATO CCDCOE Baltic Cyber
75
Shield 2010). In the 2014 Locked Shields exercise, Lithuania was one of twelve countries
seeking to protect the fictional country of Berylia against two days of increasing cyberattacks.
These attacks ranged from low-level hacktivist campaigns on the first day, to espionage and
sabotage attacks on the second day. The goal of this exercise was for NATO member-states
to not only devise the best methods for “winning the game,” but to share ideas with and
promote collective cybersecurity (NATO CCDCOE Locked Shields 2014).
On December 11, 2014 the Seimas approved the Lithuanian Ministry of National
Defence’s request to create a National Centre of Cyber Security. The Centre focuses on
securing information resources, information infrastructures, manage cybersecurity and
cyberthreats, and supervise leading officials in Lithuania desiring to implement cybersecurity
measures and investigate cyberincidents (DELFI 12/12/2014). In addition, the Centre
cooperates with the NATO CCDCOE, and will work with them rather than supersede the
CCDCOE’s cyber-collective security intent (Vaida 2014). However Lithuania must look at
its own relations with Russia in order to maximize the efficacy of these measures.
Lithuania has continued to face cyber-issues with Russia in the aftermath of the 2008
cyberattack. In 2013, Lithuania took the role of the EU Presidency for six months (E.L.
2013). During this time, DELFI, one of Lithuania’s primary news sites (BNS 2013), endured
a DDoS attack as a result of Lithuania’s refusal to join the Eurasian Economic Union (E.L.
2013), an economic union comprised of Russia, Kazakhstan, Armenia, and Belarus (EEC –
About 2015). Lithuania’s refusal is due to perceptions that the EEU threatens Lithuania’s
interests due to its pro-Russian nature (Martel 2014).
With its longstanding dedication to civil and political rights, Lithuania has made
instigating Russia a national sport. Lithuania’s history and politics explain why Lithuania
76
has devoted itself to distancing itself from Russia, the reality remains that Russia is the
region’s hegemon. As a small state that has been cyberattacked by Russia due to its anti-
Russian actions, and continues to be cyberattacked due to more recent actions, the question
becomes when do “political interests” become provocation? So long as Lithuania knows that
Article 5 affords all members collective security in the event the cyberattacks become actual
war, Lithuania will continue saber-rattling at Russia. Although, with March 16, 2015’s,
advancement of Russian troops to the Kaliningrad-Lithuania border (Cichowlas 2015),
Lithuania may find out whether Article 5 bites… or merely gums.
77
CHAPTER 6
CONCLUSIONS AND EPILOGUE:
CURRENT ATTACKS, NEW METHODS, AND A PROGNOSIS
This thesis argues that cyberattacks – often conducted by third party individuals or
groups – happen because of the ease with which states may claim plausible denial. There is
little international law regulating cyberattacks due to language that outlines land, air, sea, and
space as battlegrounds while omitting cyberspace. Current international law is also limited
because states have been unable to arrive at a consensus regarding what cyberwar is; one
state’s attack is another state’s national interest. Russia’s aggressive foreign policy towards
former Soviet states – a result of its long-standing interest in empire-building and its
contemporary politics – has made cyberattacks a weapon in Russia’s arsenal in attacking
NATO states. Actions by former Soviet states that Russia saw as anti-Russian were the last
straw, leading Russia to launch attacks against both Estonia and Lithuania.
The 2007 Estonian Cyber War and 2008 cyberattack on Lithuania legitimized the use
of cyberwarfare as a new and potentially dangerous form of warfare. These attacks
demonstrated the viability of causing extensive damage to state cyber-structures and media
interests while allowing the aggressor state to avoid retaliation due to the lack of “physical”
damage to buildings and human casualties (Lewis 2011). Additionally, whereas the attacks
this thesis analyzed were launched by Russia to punish NATO members’ anti-Russian
behavior, not all cyberattacks originate from Russia, nor are they exclusively against NATO
member-states, and nor do they all use the same mechanisms – off-shore servers, TOR, and
informal relations – to achieve the intended goal.
This chapter explains that cyberattacks are not exclusively a Russian weapon in
dealing with Western-aligned states. Western states employ similar tactics when dealing
78
with issues that go against their political interests as well. Additionally, new encryption
methods that better hide the attacker’s information and provide access to different sets of
hidden services have made it more difficult for states to track and dismantle the organizations
that function within these hidden service networks. Lastly, this chapter provides a viable –
albeit Hobbesian – solution that can serve as a stopgap until the international community can
come to a consensus about how to aspire to manage cyberwarfare.
RUSSIAN CYBERATTCKS vs. NON-NATO MEMBER-STATES
Since 2007, Russia has added cyberwarfare to its traditional arsenal in non-NATO
states, using cyberattacks to augment conventional warfare. Two such states that endured
cyberattacks as a supplement to traditional warfare are Georgia in 2008 (Hollis 2011), and
the Ouroboros attack against Ukraine in 2014 (Jones FT 3/7/2014). The cyberattacks were
not the primary methods of attack, but they still influenced the conflicts in both states.
In 2008, Russia used cyberattacks as a supplement to conventional warfare in Georgia
(Hollis 2011). DDoS attacks against Georgia occurred in two phases: A July 19, 2008 attack
against the website of Georgia’s President, Mikheil Saakashvili, and a subsequent attack on
August 8, 2008. The latter cyberattack was used in conjunction with traditional Russian
military movements into South Ossetia (Korns and Kastenberg 2009). The second Georgian
cyberattack exploited military and government networks so that the Georgian military could
not access instructions on how to operate its military machinery, and attacked 54 Georgian
websites that provided communications and finance information (Hollis 2011). The intensity
of these cyberattacks were such that Georgia had to relocate the President’s website host to
79
the United States, Poland, and Estonia, in order to reduce the effects of Russia’s cyberattacks
upon Georgia’s cyber-infrastructure (Korns and Kastenberg 2009).
The relocation of the Georgian President’s website to American servers ultimately
failed. As Russia continued its advances into South Ossetia, Russian hackers discovered that
many of Georgia’s websites were already served from the United States, and simply
redirected their through American servers through the MachBot DDoS system; a commonly
used Russian cyberattack weapon (Korns and Kastenberg 2009). However, whereas Estonia
shut itself off from the world in a vain attempt to reverse the cyberattack, and Lithuania had
private-public IT teams working to fix the problem, Georgia struck back.
Georgia’s cyberattack is significant because its cyber-military forces launched
retaliatory attacks against the Russian government. Hollis (2011) calls these “hacker wars,”
in which hackers (typically amateur hackers, cyber-militias not unlike Nashi, and organized
criminal gangs) from both the aggressor and aggrieved state battle each other in cyberspace
in much the same way that traditional armies fight each other in land, air, and sea. Hacker
wars are cause for concern because although they may simply be between hackers seeking to
show off their skills, hackers could potentially use their cyber-skills to attack essential
infrastructures such as hospitals and power facilities (Gady 2014). The extent of these attacks
has resulted in speculation that the next major war will include cyberattacks as part of
military strategy (Gjelten 2010).
In 2014, Russia launched a cyberattack against Ukraine as part of its intervention in
Eastern Ukraine (Jones FT 3/7/2014). The cyberattack, named Ouroboros after a serpent in
Greek mythology (Sanger and Erlanger NYTimes 3/8/2014), gained full remote access of
Ukraine’s servers by searching for selected hosts to infect and spread through a series of
80
queries and commands from command-and-control servers until a server could directly infect
a computer with one or more domains that possessed Ouroboros. Once the computer is
infected, the virus stayed dormant until the computer connected to the internet. Once the
computer was connected to the internet, Ouroboros would travel along with regular internet
traffic searching for its next victim (BAE Systems 2014).
Giving its Russian handlers access to Kiev’s networks, Ouroboros allowed its
handlers to spread through computers by telling the user to upgrade his or her Adobe
Shockwave Player software, and then targeting those groups and organizations with desired
IP addresses with a “wipbot.” A “wipbot” determines the seniority of the infected
computer’s end-user, and then uses a heuristic to determine if the individual’s computer was
sufficiently sensitive and valuable to the deployer’s interests (Jones FT 8/7/2014).
Ouroboros’ ability to adapt and heuristically discern the value of the attacked
computer allowed it to behave like a DDoS attack while its malware-like structure allowed it
to deface government and business cybernetworks for potentially months. Kiev’s inability to
counter Ouroboros, combined with Ouroboros’ adaptive abilities and covert dissemination,
played a role in Russia’s ability to annex Crimea as business and government cybernetworks
were unable to communicate with one another (Heber 2014). But the difficulty in stopping
Ouroboros – it has existed in one form or another since 2008 (Ouroboros is an evolution of
the Agent.BTZ malware, Jones FT 3/7/2014), and the close timing of its attack and the
annexation of Crimea demonstrated the effectiveness of the use of cyberwarfare to the world.
While Georgia at least attempted to fight back against the Russian cyberthreat,
Ukraine fell victim to a cyberattack (Gady 2014) that contributed to the loss of Crimea
(Nemtsova 2015). Both the Georgian cyberattack and the Ukranian cyberattack
81
demonstrated the continued use of cyberattacks as supplements to traditional attacks. With
aggrieved states retaliating against cyber-aggressors, cyberattacks are becoming a part of a
state’s weapons arsenal. As such, states need to be aware of the increased likelihood that
future conflict will possess cyber elements.
THE UNITED STATES (AND ISRAEL) vs. IRAN: A BRIEF ON STUXNET
Russia is not the only state to have engaged in cyberwarfare. The 2010 Stuxnet
cyberattack launched presumably by the United States and Israel (Milosevic 2013) against
Iran aimed to compromise the Natanz Nuclear Facility’s ability to produce and refine
weapons-grade uranium (Langner 2011). Stuxnet primarily contaminated facilities by being
disseminated through corrupted USB drives (Shamah 2013), thereby allowing it to easily
compromise Iranian nuclear infrastructure. Stuxnet’s significance is that while it was
intended to be used to compromise Iranian nuclear facilities, the ease of its dissemination
raised issues regarding whether cyberwarfare was strictly for terrestrial and digital targets, or
whether it could be used to detrimental effect in space.
Stuxnet aimed to compromise Natanz’s centrifuges by exploiting the Siemens S7-417
computer controller to overpressurize the centrifuges, damaging the isolation and exhaust
valves by either exploiting the Siemens S7-417 computer controller, or exploiting the
Siemens S7-315 rotor controllers in order to overpower the rotors and compromise the rotor
drives in the IR-1 first generation centrifuges (Langner 2013). Natanz’s facility, being
disconnected from the internet, could not be attacked in the same way the attacks against
Estonia and Lithuania occurred. Infecting Natanz with Stuxnet required gaining the source
82
codes to swipe the security certificates from the Natanz facility before Stuxnet could
sabotage the centrifuges (Fingas 2014).
Stuxnet’s destruction of Natanz’s centrifuges and rotors through overpressure and
overpowering resulted in a cascading effect where rotors would crack, and centrifuges and
their exhausts would fail. Iranian engineers burdened with reversing Stuxnet’s damage had
to fix approximately ten years of nuclear-derived economic progress that had been effectively
reversed in a matter of months (Langner 2013). Langner (2013) calls Stuxnet a “low-yield
weapon” because although the attackers (presumably the United States and Israel) could have
completely demolished Iran’s nuclear infrastructure, Stuxnet merely reduced the lifespan of
the affected components. But who leaked Stuxnet?
Kaspersky Labs, run by cyber-silovik Eugene Kaspersky, found that Foolad Technic
Engineering Corporation (FIECO), the Behpajooh Co., Electrical and Computer Engineering,
the NEDA Industrial Group, Control-Gostar Jahed Company, and either Kala Naft or Kalaye
Electric (Kaspersky Labs is uncertain of which Kala), all Iranian companies, were
compromised As a result source code was exposed and collected for exploitation by
“interested states” such as the United States. Furthermore, Kalaye Electric Company and the
NEDA Industrial Group are both of interest to the U.S. Ministry of Justice due to their
contributions to Iran’s military operations (Kaspersky / SecureList 2014).
Stuxnet’s prolific sabotaging is the byproduct of both networking weaknesses and the
ability of ground-level personnel to infect an initial computer (Fingas 2014). However,
Stuxnet’s ability to weaponize USB Drives (Shamah 2013 and Langner 2013) allowed it to
easily travel to places that UN Conventions been exempted from any form of military
83
conflict (Treaty of Principles UN GA 1967, Article IV), but had no provisions for digital
attacks. The ISS nearly became the unintended target of a cyberattack.
On November 12, 2013, reports came that the Stuxnet attack had been found on a
USB drive in the International Space Station (Shamah 2013). Although Stuxnet was
ultimately rendered benign due to a lack of appropriate uranium-refining mechanisms and the
ISS’s isolated computers (O’Neill 2013), Stuxnet’s presence raises concerns about the
probability of future cyberattacks affecting space operations. With no provisions in the
United Nations’ various space conventions regarding cyberwarfare, and the ease in which a
cyberattack can be sent into space, the question must be raised as to whom should be
burdened with ensuring that cyberweapons are kept in check. Should states, individuals,
cyber-NGOs, or a combination, be in charge of regulating darknet, the origination point of
many of these attacks?
PREEMPTIVE CYBERWARFARE
The issue with tracing the origins of cyberattacks is the difficulty governments and
international organizations have in investigating them (Bradbury 2014), as well as the ease in
which states can claim plausible denial (Marchetti 1989) based on available tracking
information. Further exacerbating this issue is that states are subjective in defining a
cyberattack (Talliharm 2013). States such as the United States have engaged in technological
methods in order to crush attacks at the root. These methods range from the technologically
crude to Google-like methods that can preemptively find threats before they happen.
The United States’ primary method to dismantle attacks (or other forms of activities
that go against the interest of a state) is a brute-force attack on TOR. The brute-force attack
84
on TOR is done by simply renting as many entry and exit nodes as possible in order to
increase the likelihood that both the entry node and exit node are nodes rented by the same
government agency (i.e.: Central Intelligence Agency, National Security Agency,
Department of Homeland Security). In order to intercept a cyberattack a TOR-based attack,
the state agency must be both the entrance node immediately after the sender, and the exit
node immediately before the recipient (TOR Project 2013). Increasing the amount of entry
and exit nodes within TOR, TOR becomes more accessible, but also more susceptible to
attacks, in particular if nodes are rented out by a single organization or entity. For example,
if a TOR network has 10 entry and exit nodes, and an agency rents out 100 entry and exit
nodes for the purpose of surveillance, there are now 110 entry and exit nodes, but 100 of
those nodes are now malicious (Bauer et al 2007).
The Defense Advanced Research Project Agency (DARPA) is the United States
government agency credited with the formation of the modern internet. The original purpose
of the ARPAnet, as it was known from 1958 through 1989, was to connect various military
bases, think tanks, and technological universities in a network that would allow
correspondences through discrete packets without fear of compromise due to becoming “lost
in transit” (Waldrop 2008). On February 9, 2014, DARPA announced a search engine
named MEMEX that would fight human trafficking through domain-specific indexing,
domain-specific searching, and Department of Defense-based parameters in forums and
hidden services (DARPA 2014). In actuality, MEMEX has been used to chronical an
estimated 30,000 to 40,000 hidden services (TOR-accessible .onion top-level domain sites in
darknet) using data points such as geolocation to find the point of origin for traffickers
85
(Zetter 2015), Thus, MEMEX could be used as a means of locating where cyberattacks may
originate from before they happen.
Whereas the United States has used various technology-based means to attempt to
break cyberwars before they have the chance to form, Russia put a bounty on TOR itself. In
July 2014, Russia’s Interior Ministry offered a reward of 3.9 million rubles (approximately
$110,000 USD) to whomever could find a way to obtain technical information about TOR’s
users and their equipment (Khrennikov 2014). A bounty for cracking a program that
encrypts user information is in line with the increasingly authoritarian Putin “hybrid” regime
that exists within Russia. In order to circumvent the security afforded through TOR, Russia
has required bloggers with readerships of over 3,000 per day to register their home addresses
with the Russian government. The Kremlin contends this will help de-anonymize the
internet, while news outlets state that independent voices could be punished for voicing true,
but unsustainable, claims (Stone IBT 8/1/2014). If Russia cannot crack “The Onion,” then it
feels it should control those who either use TOR or engage in behaviors where TOR can be a
justifiable protection against the state.
Hacker groups with informal relations to the Kremlin also continue Nashi’s legacy.
Network, a pro-Kremlin group in the spirit of Nashi, has several former Nashi members in its
ranks. Network trains young, middle-class, professionals on traditional Russian values such
as masculinity through mnemonics based indoctrination (i.e.: B is for Berkut, P is for Putin)
(Balmforth 2014). Section 3 of Network’s “Father Manifesto” emphasizes “power-sharing”
with the father (masculine figure presumably representing Putin) and the importance of
“inner strength” and “communal support… and dignity” (Network – Father Manifesto 2015).
Network furthers their “traditionalist” agenda through the need to maintain and strengthen
86
traditions beyond mere “biological life.” That is, the state should promote masculinity and
other traditional Russian values and perceive “contrary” behaviors such as same-sex families
as detrimental to Russian culture (Network – Spiritual Ties Of 2015).
States’ methods range from brute-force attacks and heuristics-based searches in
darknet to bribery and gaining blogger information, and promoting the formation of new
informal groups that promote state’s interests in order to either prevent cyberwarfare from
happening, or promote cyberwarfare as a “national interest. Where states fail is in
consistently “cracking the onion” and prevent the formation of cyberwars from forming.
Moving away from a states-only control of “permissible internet” may not only reduce the
outbreak of cyberwars, but also provide a “policing force” to control the activities that occur
within darknet’s hidden services.
NON-ALIGNED CYBER-NGOs: AN IMPERFECT IDEA
Chapter 1 introduced cyber-NGOs as an informal means for governments to engage in
cyberattacks while keeping the actual attackers at arm’s reach (Tikk, Kaska, and Vihul 2010).
Chapter 3 expanded the function of cyber-NGOs to include cyber-mercenary groups that are
paid by states and oligarchs to launch attacks against various targets while using offshore and
bulletproof servers to indemnify the state and the oligarchs who hire cyber-mercenary groups
from reprimand (Dipert 2010, Bradbury 2014, Sakwa 2013, Shachtman 2012, and others).
Cyber-NGOs need not arbitrarily be mercenaries in nature, and can be a compelling force in
policing domains that traditional methods cannot reach. This section explains how non-
aligned cyber-NGOs, or cyber-NGOs that do not work with any particular state, can be
87
effective in policing against cyberwars by displaying their abilities to combat cyberissues,
albeit with potential costs to states that engage in undesirable legal behaviors.
The primary non-aligned cyber-NGO is Anonymous. Anonymous is a darknet-based
cyber-NGO / hacking ring that launches attacks against governments, government agencies,
and international organizations that oppress human rights. Anonymous also attacks those
who engage in behaviors that exploit those deemed weak, such as women and children
(Coleman 2013). Cyber-NGOs can therefore compromise governments that seek to protect
their own interests as well as break networks that governments and international
organizations have been unable to break. This ability to break otherwise unbreakable-by-
government exploitation rings (Gallagher 2011) means that there are methods possessed by
cyber-NGOS to break a hidden service without the need for brute-force (Bauer et al 2007) or
search engine-based (DARPA 2014 and Zetter 2015) attacks that states do not possess.
The issue states have with building working relationships with non-aligned cyber-
NGOs in the same way that traditional NGOs have built relationships with states is the
predisposition for cyber-NGOs to attack states as a punitive response to laws and
investigations. On July 25, 2012, Anonymous attacked 10 Australian government websites
as a result of the Queensland, Australia government proposing a law that would infringe on
small businesses, education departments, students and private individuals right to security
(Connelly 2012). The attacks included impairing and modifying restricted data, and
modifying computer networks to impair web servers in Australia (A.A.P., The Guardian
5/21/2014). Anonymous used “blame-and-shame” tactics, actions that raise awareness at the
local level, in order to coerce the Queensland government to retract its proposed law
88
(Johnson 2009). Consequently, the relationship between Anonymous and other non-aligned
cyber-NGOs towards governments can be described as acrimonious.
Anonymous and other non-aligned cyber-NGOs are capable of using tools not privy
to state governments that can succeed in regulating darknet activities. Two of Anonymous’
greatest successes were in the dismantling of child pornography rings LolitaCity and
HardCandy, pedophile rings prominently featured on the Hidden Wiki (Gallagher 2011). The
Hidden Wiki is darknet’s equivalent of Wikipedia (Hidden Wiki 2014). Anonymous
succeeded where bureaus such as the FBI had failed by collaborating with the Mozilla
Foundation, the producer of Firefox, to build a TOR browser plugin named TheHoneyPawt.
TheHoneyPawt revealed and logged the unencrypted IP addresses and other forensic
information of approximately 190 pedophiles. After gathering this information, Anonymous
turned the information over to the FBI, who then arrested the persons involved and
dismantled the rings (Gallagher 2011).
The ability for non-aligned cyber-NGOs to both attack states involved in passing
legislature that hinders the right to privacy as well as aid states in protecting the rights of
those considered “most vulnerable” in society when governments cannot do so themselves
makes for an awkward situation on controlling cyberwarfare. How can states maintain their
respective security interests regarding individual privacy and arresting members of non-
aligned cyber-NGOs for attacking state infrastructure (A.A.P., The Guardian 5/21/2014)
while acknowledging that these cyber-NGOs may be better suited at mitigating cyberwarfare
in a proactive fashion? The answer may lie in states’ compromises with cyber-NGOs over
who controls darknet.
89
Anonymous’ propensity to attack states understandably makes it difficult for states to
trust such organizations in policing an underground digital domain. At the same time, the
ability for these non-aligned cyber-NGOs to break networks in a way that government
agencies cannot puts such organizations in a very powerful bargaining position. While states
may have to make concessions regarding individual privacy rights and other social, political,
and economic rights in order to reduce the likelihood of attacks by non-aligned cyber-NGOs,
these concessions may facilitate further collaborations not unlike the ones between
Anonymous and the FBI that brought down two child pornography rings.
Anonymous’ ability to decrypt encrypted IP addresses and other cyber-forensic
information (Gallagher 2011) and turn them over to government agencies makes them a
darknet leviathan. Continued collaborations between non-aligned cyber-NGOs and
governments in similar fashions would be instrumental in solving the issue of plausible
denial insofar as cyberwarfare is concerned. Anonymous’ decrypting the IP addresses used
by cyber-mercenaries would allow states afflicted by cyberattacks to be better prepared to
confront their aggressors either as individuals or as part of a collective security organization
such as NATO. With the ability for states to exclaim plausible denial through offshore
servers and cyber-mercenary organizations gone, international organizations such as the UN
will become better suited to make states aspire to, and ultimately adhere to, much the same
legalities that exist in land, air, sea, and space.
90
PRINTED WORKS CITED
10 Years of Fibre to the Home Council Europe. "10 Years of Fibre to the Home Council
Europe." Fibre to the Home. Stockholm, Sweden: Council Europe, May 7, 2014. 26.
Archer, Clive, and Tobias Etzold. "The European Union and Kaliningrad: Taking the Low
Road." Geopolitics 15, no. 2 (April 2010): 329-330, 332.
Archick, Kristin. Cybercrime: The Council of Europe Convention. Report outlining the
ramifications of the European Convention on Cybercrime. Order Code RS21208, U.S.
Department of State, Washington, D.C.,: Congressional Record Services, 2006, CRS-
2.
Areng, Liina. "Lilliputian States in Digital Affairs and Cyber Security." (NATO Cooperative
Cyber Defence Centre of Excellence) 2014, no. 4 (2014): 2-5, 7-8.
Arias-King, Fredo. "Soviet Domestic Politics and Collapse of the Outer Empire, 1989."
Demokratizatsiya, no. 7 (1999): 279.
Ashmore, Maj. William C. Impact of Alleged Russian Cyber Attacks: A Monograph. Ft.
Leavenworth, Kansas: School of Advanced Military Studies: US Army Command
and General Staff College, 2009.
Barany, Zoltan. "Europe Moves Eastward: NATO's Peaceful Advance." Journal of
Democracy 15, no. 1 (January 2004): 63-64.
Bauer, Kevin, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker.
"Low-Resource Routing Attacks Against TOR." Presentation, Department of
Computer Science, University of Colorado, Boulder, 2007, 13-14.
Beissinger, Mark R. (2009a). "The Intersection of Ethnic Nationalism and People Power
Tactics in the Baltic States, 1987-1991." In Civil Resistance and Power Politics: The
Experience of Non-Violent Action from Gandhi to the Present, edited by Sir Adam
Roberts, & Timothy Garton, 1-3 (Chapter 14). New York: Oxford University Press,
2009.
Beissinger, Mark R. (2009b). "Nationalism and the Collapse of Soviet Communism."
Contemporary European History 18, no. 3 (August 2009): 333-334.
Bjørnmose, Jens, Ferran Roca, Tatsiana Turgot, and Dinne Smederup Hansen. Gas and Oil
Pipelines in Europe. An assessment of the Gas and Oil Pipelines in Europe, Brussels,
Belgium: EU Parliament: Directorate General for Internal Policies, 2009, 13, 22, 40.
Blainey, Geoffrey. The Causes of War. Third. New York: Simon & Schuster, 1988.
91
Bradbury, Danny. "Testing the Defences of Bulletproof Hosting Companies." Network
Security 2014, no. 6 (2014): 8-11.
Brandenberger, D.L., and A.M. Dubrovsky. "'The People Need a Tsar': The Emergence of
National Bolshevism as Stalinist Ideology, 1931-." Europe-Asia Studies 50, no. 5
(Jul., 1998): 882.
Brenner, Susan W. Cyberthreats and the Decline of the Nation-State. New York, New York:
Routledge, 2014.
Brzechczyn, Krzysztof. "On the Process of Liberation of the Baltic Countries from the Soviet
Domination in Years 1985-1991: Attempt at a Model." In Relacje nowych krajów
Unii Europejskiej z Federacją Rosyjską (w aspekcie politycznym, ekonomicznym,
kulturowym i społecznym), edited by Marek Rutkowski, 169. Bialystok: ydawnictwo
WSFiZ w Białymstoku, 2008.
Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Underworld. 2nd. Edited by Mike
Loukides. Sebastopol, CA: O'Reilly Press, 2012.
Cashman, Greg, and Leonard C. Robinson. An Introduction to the Causes of War: Patterns of
Interstate Conflict from World War I to Iraq. Edited by Greg Cashman, & Leonard C.
Robinson. Plymouth, UK: Rowman & LIttlefield, 2007.
Choucri, Dr. Nazli, and Mina Rady. "Who Controls Anonymity? Control Point Analysis of
the Onion Routing Anonymity Network (TOR)." Presentation, Massachusetts
Institute of Technology, Cambridge, MA, 2012.
Clark, David, Thomas Berson, and Herbert S. Lin. At the Nexus of Cybersecurity and Public
Policy: Some Basic Concepts and Issues. Washington, D.C.: National Academies
Press, 2014.
Clark, Terry D., and Jovita Praneviciute. "Perspectives on Communist Successor Parties: The
Case of Lithuania." Communist and Post-Communist Studies, no. 41 (Dec. 2008):
451.
Coleman, Gabrielle. Internet Governance Paper: Paper No. 3. Report on the General
Behaviors of Anonymous and their Methodologies, Waterloo: International
Governance Innovation, 2013, 6, 10-11.
Corum, James S. Development of the Baltic Armed Forces in Light of Multinational
Deployments. Carlisle Barracks, PA: U.S. Army College Press, 2013.
Council of Europe. Convention on Cybercrime. Convention on Cybercrime Passed by the
Council of Europe, Budapest: Council of Europe, November 23, 2001, 2-7.
92
Croxton, Derek. "The Peace of Westphalia of 1648 and the Origins of Sovereignty." The
International History Review 21, no. 3 (Sep., 1999): 570.
Demidov, Oleg. "Cyberwarfare and Russian Style of Cyberdefense." Security Index: A
Russian Journal on International Security, September 2013: 68-70.
Diamond, Larry Jay. "Thinking About Hybrid Regimes." Journal of Democracy 13, no. 2
(April 2002): 22, 25.
Dipert, Randall R. "The Ethics of Cyberwarfare." Journal of Military Ethics 9, no. 4 (2010):
404.
Dittmer, Jason, and David A. Parr. "Mediating sovereignty: A comparative latent semantic
analysis of US newspapers and Conflicts in Kosovo and South Ossetia." Media, War
& Conflict 4, no. 2 (August 2011): 132.
Dobriansky, Paula J. "The Baltic States in an Era of Soviet Reform." Department of State
Bulletin (United States Department of State) 89, no. 2147 (June 1989): 35.
Dunlop, John B. "The August 1991 Coup and its Impact on Soviet Politics." Journal of Cold
War Studies 5, no. 1 (Winter 2003): 97, 101-102, 104, 116.
Eidman, Christopher R, and Gregory Scott Green. Unconventional Cyber Warfare: Cyber
Opportunities in Unconventional Warfare. Master's Thesis, Monterey, California:
Naval Postgraduate School, June, 2014, 31.
Elliott, John E. "Gorbachev's Perestroika." Contemporary Policy Issues 7, no. 1 (Jan., 1989):
35.
Estonia Ministry of Defense. Cyber Security Strategy. State Proposal for Improved Cyber-
Security, Ministry of Defense, Tallinn: Ministry of Defense, 2008, 12-35.
EU-Russia Center; EU-Russia Forum. The Bilateral Relations of EU Member States With
Russia. Profile of varous EU Member-States' relations with Russia, EU-Russia
Centre, Brussels,: The Herald of Europe, 2009, 28-29, 34.
Farwell, James P., and Rafal Rohozinski. "Stuxnet: Global Politics and Strategy." Survival:
Global Poliics and Strategy 53, no. 1 (February-March 2011): 32-35.
Fendius-Elman, Miriam. "The Foreign Policies of Small States: Challenging Neorealism in
its Own Backyard." British Journal of Political Science 25, no. 2 (Apr., 1995): 174-
175.
Frank, Peter. "Perestroika in Crisis." The World Today 45, no. 11 (November 1989): 185.
93
Georgieva, Emilia. "The Economies of the BELL Countries (Bulgaria, Estonia, Lativa, and
Lithuania) after their EU Accession." Review of European Studies 4, no. 5 (2012):
196-198.
Gidadhubli, R.G. "Expansion of NATO: Russia's Dilemma." Economic & Political Weekly,
May 8-14, 2004: 1885-1886.
Giles, Keir, and William Hagestad II. "Divided by a Common Language: Cyber Definitions
in Chinese, Russian, and English." 5th International Conference on Cyber Conflict.
Tallinn: NATO CCD COE Publications, 2013. 5.
Girnius, Kestius K. "The Collectivisation of Lithuanian Agriculture, 1944-1950." Soviet
Studies 40, no. 3 (Jul., 1988): 461-462.
Government of the Republic of Lithuania. Resolution 796. Programme on the Development
of Electronic Information Security (Cyber-Security) 2011-2019, Vilnius: Government
of the Republic of Lithuania, 26 July, 2011, 2-11.
Guitton, Clement. "A review of the available content on Tor hidden services: The case
against further development." Computers in Human Behavior 29, no. 6 (November,
2013): 2807-2808.
Hale, Henry. "Eurasian polities as hybrid regimes: The case of Putin’s Russia." Journal of
Eurasian Studies 1, no. 1 (January 2010): 35-36.
Hale, Henry. "The Makeup and Breakup of Ethnofederal States: Why Russia Survives where
the USSR Fell ." Perspectives of Politics 3, no. 1 (March 2005): 55.
Herzog, Stephen. "Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational
Responses." Journal of Strategic Security 4, no. 2 (Summer 2011): 49-50, 54.
Hobbes, Thomas. Leviathan or the Matter, Forme, and Power of a Common-Wealth
Ecclesiasticall and Civill. London: Andrew Crooke, at the Green Dragon in St. Pauls
Church-Yard, 1651.
Hoppe, Heidrun C. "Second-Mover Advantages in the Strategic Adoption of New
Technology Under Uncertainty." International Journal of Industrial Organization 18,
no. 2 (February 2000): 316.
Hough, Jerry F. "Gorbachev's Endgame." World Policy Journal 7, no. 4 (Fall, 1990): 639.
Ilmjärv, Magnus. "International Reverberation to Incorporation of Baltic States by Soviet
Union in Summer 1940 and Later." Acta Historica Tallinnensia, 2005: 31-33, 38, 45-
46.
94
Jackson, Robert H., and Carl G. Rosberg. "Sovereignty and Underdevelopment: Juridical
Statehood in the African Crisis." The Journal of Modern African Studies 24, no. 1
(Mar., 1986): 3.
Jasiewicz, Krzysztof. "From Solidarity to Fragmentation." Journal of Democracy, April
1992: 58.
Jellenc, Eli, and Kimberly Zenz. Global Threat Research Report: Russia. iDefense Security
Report, New York: Verisign, January 10, 2007, 13.
Johnson, Janet Elise. Gender Violence in Russia: The Politics of Feminist Intervention.
Bloomington, Indiana: Indiana University Press, 2009.
Johnson, Janet Elise. "Pussy Riot as a feminist project: Russia's gendered informal policies."
Nationalities Papers 42, no. 4 (2014): 584-585, 587-588.
Johnson, Janet Elise, and Jean C. Robinson. Living Gender after Communism. Bloomington,
Indiana: Indiana University Press, 2006.
Kalotay, Kalman. "The Crimean crisis and the future of Russian outward foreign direct
investment." Baltic Rim Economies – Bimonthly Economic Review 2014, no. 4
(October 2014): 24.
Kelley, Judith. "The More the Merrier? The Effects of Having Multiple International
Election Monitoring Organizations." Perspectives on Politics 7, no. 1 (Mar., 2009):
62.
Kononenko, Vadim. ""Normal Neighbours" or "trouble-makers"? The Baltic States in the
Context of Russia-EU Relations." The Estonian Foreign Policy Yearbook, no. 2006
(2006): 70.
Kopaliani, Irene. "Analysis of State-Backed Cyber Attacks." International Scientific Journal
- Georgian Scientific News 2, no. 6 (2010): 20-22.
Korns, Stephen W., and Joshua E. Kastenberg. "Georgia's Cyber Left Hook." Parameters 38,
no. 4 (2008): 60, 64-65.
Kotkin, Stephen. Armageddon Averted: The Soviet Collapse 1970-2000. New York: Oxford
University Press, 2008.
Krupavicius, Algis. "Lithuania." European Journal of Political Research 43, no. 7-8 (2004):
1064.
Laitin, David D. "The National Uprisings in the Soviet Union." World Politics 44, no. 1
(Oct., 1991): 161.
95
Langner, Ralph. To Kill A Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried
to Achieve. Arlington, VA: The Langner Group, 2013.
Leder, Mary. "The Factory and the Commune." In My Life in Stalinist Russia, by Mary
Leder, 45. Bloomington, IN: Indiana University Press, 2002.
Lesk, Michael. "The New Front Line: Estonia under Cyberassault." Edited by Michael Lesk,
Martin R. Stytz, & Ronald L. Trope. IEEE Security and Privacy 5, no. 4 (July /
August 2007): 76-79.
Lewitter, L.R. "The Apocryphal Testament of Peter the Great." The Polish Review 6, no. 3
(Summer 1961): 28-29.
Libicki, Martin C. Cyberdeterrence and Cyberwar. Santa Monica, California: RAND
Corporation, 2009.
Lowry, Anna U. "Saving Private Sychev: Russian Masculinities, Army Hazing, and Social
Norms." Berkeley Journal of Sociology 52, no. Violence (2008): 76, 78-85.
Lysenko, Dr. Volodymyr, and Barbara Endicott-Popovsky. "Hackers at the State Service:
Cyberwars Against Estonia and Georgia." Edited by Dr. Volodymyr Lysenko.
Proceedings of the 7th International Conference on Information Warfare and
Security. Seattle, WA: Academic Conferences Limited, 2012, Conference held March
22-23, 2011. 405.
Martin, Jeremy. The Beginner's Guide to the Internet Underground. Colorado Springs,
Colorado: Information Warfare Center, 2013.
Mastny, Vojtech, and Malcolm Byrne. A Cardboard Castle? An Inside History of the
Warsaw Pact, 1955-1991. Budapest: Central European University Press, 2005.
McNally, Raymond T. "Chaadaev's Evaluation of Peter the Great." Slavic Review 23, no. 1
(Mar., 1964): 32-34.
Millward, Robert. "An Economic Analysis of the Organization of Serfdom in Eastern
Europe." The Journal of Economic History, Sept., 1982: 519.
Mincyte, Diana. "Everyday Environmentalism: The Practice, Politics, and Nature of
Subsidiary Farming in Stalin's Lithuania." Slavic Review 68, no. 1 (Spring 2009): 34-
35.
Misiunas, Romauld J. "Fascist Tendencies in Lithuania." The Slavonic and East European
Review 48, no. 110 (Jan., 1970): 93.
Misiunas, Romauld J., and Rein Taagepera. The Baltic States, Years of Dependence, 1940-
1990. Berkeley, California: University of California Press, 1993.
96
Mölder, Holger. "NATO's Role in the Post-Modern European Security Environment,
Cooperative Security and the Experience of the Baltic Sea Region." Baltic Security &
Defence Review 8 (2006): 8.
Morgenthau, Hans. Politics Among Nations: The Struggle for Power and Peace. Updated.
Vol. A Realist Theory of International Politics. New York, New York: McGraw Hill
Higher Education, 1948.
Muiznieks, Nils R. "The Influence of Baltic Popular Movements on the Process of Soviet
Disintgration." Europe-Asia Studies 47, no. 1 (1995): 3.
Németh, Ádám, and Áron Léphaft. "Ethnic Structure and Minority Rights in the Interwar and
post-Soviet Estonia and Latvia." Conference on Minority Representation and
Minority Language Rights. Cluj-Napoca (Kolozsvár, Klausenburg), Romania: The
Romanian Institute for Research on National Minorities, October 11-14, 2012. 2-3.
North Atlantic Treaty Organization. Protocol to the North Atlantic Treaty on the Republic of
Estonia. Washington, DC: NATO, 2003.
North Atlantic Treaty Organization. The North Atlantic Treaty. Treaty / Convention,
Washington, D.C.: NATO, April 4, 1949, Article 5.
North Atlantic Treaty Orgnaization. Protocol to the North Atlantic Treaty on the Republic of
Lithuania. Washington, DC: North Atlantic Treaty Organization, 2003.
North, Michael. "The Sea as Site of Memory: The Danish Sound and the Dardanelles in
Comparison." The Romanian Journal for Baltic and Nordic Studies 6, no. 1 (2014):
73.
Olcott, Martha Brill. "The Lithuanian Crisis." Foreign Affairs 69, no. 3 (Summer 1990): 32.
Olcott, Martha Brill. "The Soviet (Dis)Union." Foreign Policy, no. 82 (Spring 1991): 122.
Olson, James Stuart, Lee Brigance Pappas, and Nicholas Charles Pappas. An Ethnohistorical
Dictionary of the Russian and Soviet Empires. Westport, CT: Greenwood Publishing
Group, 1994.
Peterson, D.J. Russia and the Information Revolution. An Overview of Russia's Activities
through 2004 Regarding the Information Revolution, Santa Monica, California: Rand
Corporation - National Security Research Division, 2005, xiii.
Putinaité, Nerija. "The Good vs. 'The Own': Moral Identity of the (Post-) Soviet Lithuania."
Studies in East European Thought 60, no. 3 (Sep., 2008): 262-263, 266.
Radnitz, Scott. "Informal Politics and the State." Comparative Politics 43, no. 3 (April 2011):
366.
97
Sakwa, Richard. Return to Putin's Russia. Fifth. Edited by Stephen K. Wegren. Vol. Political
Leadership. New York, New York: Rowman & Littlefield, 2013.
Sato, Keiji. "The Molotov-Ribbentrop Commission and Claims of Post-Soviet Secessionist
Territories to Sovereignty." Demokratizatsiya 18, no. 2 (April 2010): 148-149.
Sauliunas, Darius. "Legislation on Cybercrime in Lithuania: Development and Legal Gaps in
Comparison with Convention on Cybercrime." Jurisprudence 122, no. 4 (2010): 208-
209.
Shetty, Shatabhisha, Ian Kearns, and Simon Lunn. The Baltic States, NATO, and Non-
Strategic Nuclear Weapons in Europe. Occasional Paper, London: Royal United
Services Institute for Defence and Security Studies, 2012, 6.
Singh, Shruti, and Manasi Gyanchandani. "Analysis of Botnet Behavior Using Queuing
Theory." International Journal of Computer Science and Communications 1, no. 2
(July-December 2010): 239-241.
Skocpol, Theda. "France, Russia, China: A Structural Analysis of Social Revolutions."
Comparative Studies in Society and Hisotry 18, no. 2 (April 1976): 466.
Slezkine, Yuri. "The USSR as a Communal Apartment, or How a Socialist State Promoted
Ethnic Particularism." Slavic Review 53, no. 2 (Summer 1994): 415.
Snyder, Jack. "The Myth of Security Through Expansion." In Myths of Empires: Domestic
Politics and International Ambition, by Jack Snyder, 2, 8. Ithaca, New York: Cornell
University, 1991.
Springer, Paul J. Cyber Warfare: A Reference Handbook. Santa Barbara, California: ABC-
CLIO LLC, 2015.
Steel, Chad M. "IDIOGRAPHIC DIGITAL PROFILING: BEHAVIORAL ANALYSIS
BASED ON DIGITAL FORENSICS." Journal of Digital Forensics, Security, and
Law 9, no. 1 (2014): 8-9.
Tammaru, Tiit. "Suburban Growth and Suburbanisation under Central Planning: The Case of
Soviet Estonia." Urban Studies 38, no. 8 (2001): 1343-1344.
Tikk, Eneken. "Ten Rules for Cyber Security." Survival: Global Politics and Strategy 53, no.
3 (May 2011): 128.
Tikk, Eneken, Kadri Kaska, and Liis Vihul. International Cyber Incidents: Legal
Considerations. Tallinn: Cooperative Cyber Defence Centre of Excellence, 2010.
98
Tsai, Katherine. "How to Create International Law: the Case of Internet Freedom." Duke
Journal of Comparative and International Law - Internet Fredom in China 21, no. 2
(2011): 404, 407-408.
Tsygankov, Andrei P. Return to Putin's Russia. Edited by Stephen P. Wegren. Vol. Foreign
Policy. New York, New York: Rowman and Littlefield, 2013.
United Nations. "Charter of the United Nations." 24 October, 1945, 1 UNTS XVI.
—. "Convention on International Liability for Damage Caused by Space Objects. November
29, 1971 UNTS XXVI, no. 2777." n.d.
—. "Treaty on Principles Governing the Activities of States in the Exploration and Use of
Outer Space, including the Moon and Other Celestial Bodies. October 10, 1967.
UNTS 21, no. 2222." n.d.
Valeriano, Brandon, and Ryan Maness. "A Theory of Cyber Espionage for the Intelligence
Community." EMC Chair Conference Paper. Newport, Rhode Island: U.S. Naval
War College, 2013. 1.
Vardys, Stanley. "The Partisan Movement in Postwar Lithuania." Slavic Review 22, no. 3
(Sep., 1963): 500-501, 503-504.
Venclova, Tomas. "Lithuania: The Opening and the Hand of the Past." Salmagundi 90/91
(Spring-Summer, 1991): 2-3.
Waldrop, Mitch. "DARPA and the Internet Revolution." In 50 Years of Bridging the Gap, by
DARPA, 78-85. Washington, DC, 2008.
Waltz, Kenneth. "Structural Realism after the Cold War." International Security, Summer
2000: 13-14.
—. Theories in International Relations. Reading, MA: Addison-Wesley, 1979.
Woodruff, David M. "It's Value That's Virtual: Bartles, Rubles, and the Place of Gazprom in
the Russian Economy." Post-Soviet Affairs 15, no. 2 (1999): 131-132.
99
DIGITAL WORKS CITED
Australian Associated Press. “Two Anonymous Hackers Arrested Over Attacks Targeting
Government Sites.” The Guardian. May 21, 2014. Accessed April 18, 2015.
http://www.theguardian.com/technology/2014/may/22/two-anonymous-hackers-
arrested-over-attacks-targeting-government-sites.
Babich, Dmitry. “The Day the Soviet Union Let the Baltic Countries Go.” September 6, 2011.
Accessed October 15, 2014. http://en.ria.ru/analysis/20110906/166479394.html.
BAE Systems. Snake Campaign. Boston, MA: BAE Systems, 2014. Accessed April 12, 2015.
http://info.baesystems.com/rs/baesystems/images/snake_whitepaper.pdf. (NOTE: one
must register with BAE systems to gain access to the document).
Baltic News Service. “Lithuanian Online Media Ask Government for More Effort in Fighting
Cyber Attacks.” 15min.lt. May 29, 2013. Accessed March 28, 2015.
http://www.15min.lt/en/article/in-lithuania/lithuanian-online-media-ask-government-
for-more-effort-in-fighting-cyber-attacks-525-339955.
Balmforth, Tom. “Network, Son of Nashi: New Youth Group Seeks to Woo Russia's Middle
Class.” Radio Free Europe Radio Liberty. July 3, 2014. Accessed April 18, 2015.
http://www.eturabian.com/turabian/school_Website.html.
Beaton, Sam. “On This Day 9/8/1940 – Estonia Is Incorporated Into the Soviet Union.”
International Socialist Group. August 8, 2013. Accessed March 2, 2015.
http://internationalsocialist.org.uk/index.php/2013/08/on-this-day-981940-estonia-is-
incorporated-into-the-soviet-union/.
Centre for the Study of Public Policy - University of Strathclyde. “Estonia: The
Constitutional Framework.” December 14, 2011. Accessed March 5, 2015.
http://www.balticvoices.org/estonia/estonian_government.php.
CERT.LT. “Cert.lt.” October 9, 2014. Accessed October 12, 2014. https://www.cert.lt/.
CIA World Factbook. “Estonia - Transnational Issues.” Last modified June 22, 2014.
Accessed March 7, 2015. https://www.cia.gov/library/publications/the-world-
factbook/geos/en.html.
Cichowlas, Ola. “Lithuania Prepares for a Feared Russian Invasion.” Reuters. March 16,
2015. Accessed March 21, 2015. http://blogs.reuters.com/great-
debate/2015/03/15/lithuania-prepares-for-a-feared-russian-invasion/.
The Cold War Museum. “Fall of the Soviet Union.” Accessed April 26, 2015.
http://www.coldwar.org/articles/90s/fall_of_the_soviet_union.asp.
100
Connelly, Claire “Anonymous Hackers Cripple Aussie Government Websites.” News.com.au.
July 25, 2012. Accessed April 18, 2015.
http://www.news.com.au/technology/anonymous-hackers-cripples-aussie-
government-websites/story-e6frfro0-1226433788501.
Council of Europe. “Convention on Cybercrime CET 185.” Last modified December 30,
2014. Accessed December 30, 2014.
http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CL=ENG.
Council of Europe. European Convention on Cybercrime. July 1, 2004. TIAS 185, pt. II-VI
(2004). http://conventions.coe.int/Treaty/en/Treaties/Word/185.doc
Council of the European Union. “EU Monitoring Mission in Georgia Extended for Two
Years.” December 16, 2014. Accessed December 27, 2014.
http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/EN/foraff/146309.p
df.
DARPA. “MEMEX Aims to Create a New Paradigm for Domain-Specific Search.” February
9, 2014. Accessed April 15, 2015.
http://www.darpa.mil/newsevents/releases/2014/02/09.aspx.
DELFI. “Lithuania Sets up National Centre of Cyber Security.” December 12, 2014.
Accessed March 28, 2015. http://en.delfi.lt/lithuania/defence/lithuania-sets-up-
national-centre-of-cyber-security.d?id=66650624.
Department of Homeland Security. “United States Computer Emergency Readiness Team.”
Last modified January 8, 2015. Accessed January 10, 2015. https://www.us-cert.gov/.
Dungan, T. “V2rocket.com.” V2Rocket.com. Accessed January 7, 2015.
http://www.v2rocket.com/.
E.L. “Greetings to the President.” The Economist. June 1, 2013. Accessed March 28, 2015.
http://www.economist.com/blogs/easternapproaches/2013/06/lithuania-under-cyber-
attack.
EEC: Eurasian Economic Commission. “The Eurasian Economic Union the Republic
Armenia, the Republic of Belarus, the Republic of Kazakhstan and the Russian
Federation.” Accessed March 28, 2015.
http://www.eurasiancommission.org/en/Pages/ses.aspx.
The Economist. Conscious Uncoupling. April 5-11, 2014. Accessed March 28, 2015.
http://www.economist.com/news/briefing/21600111-reducing-europes-dependence-
russian-gas-possiblebut-it-will-take-time-money-and-sustained.
“Estonia Cyber Attacks 2007.” Presentation Presented at the 12th AfriNIC conference,
Kigali, Rwanda, May 23, 2010. Accessed October 12, 2014.
http://meeting.AfriNIC.net/AfriNIC-
101
11/slides/aaf/Estonia_cyber_attacks_2007_latest.pdf.
Estonian Embassy in Moscow. “Consular Section.” Accessed March 7, 2015.
http://www.estemb.ru/eng/consular_information.
Estonian War Museum. “World War I.” Accessed February 21, 2015.
http://www.esm.ee/11419/?id=11419&album_id=11403.
Euractiv. “Lithuania Looks for Alternatives to Counter Russia's High Gas Price.” Last
modified July 9, 2013. Accessed March 28, 2015.
http://www.euractiv.com/energy/lithuanian-minister-gazprom-know-news-529127.
EUROPA. “Estonia.” Last modified March 6, 2015. Accessed March 18, 2015.
http://europa.eu/about-eu/countries/member-countries/estonia/index_en.htm.
EUROPA. “Lithuania.” Last modified March 6, 2015. Accessed March 24,
2015. http://europa.eu/about-eu/countries/member-countries/lithuania/index_en.htm.
European Commission - Migration and Home Affairs. “Schengen Area.” Last modified April
29, 2014. Accessed March 24, 2015. http://ec.europa.eu/dgs/home-affairs/what-we-
do/policies/borders-and-visas/schengen/index_en.htm.
European Network - Remembrance and Solidarity. “Molotov-Ribbentrop Pact.” Accessed
October 12, 2014. http://www.enrs.eu/images/23august/The%20Molotov-
Ribbentrop%20Pact_en%20text.pdf.
European Network and Information Security Agency: http://www.enisa.europa.eu/
EUROPOL. “Global Action Against Dark Markets On TOR Network.” November 7, 2014.
Accessed January 10, 2015. https://www.europol.europa.eu/content/global-action-
against-dark-markets-tor-network.
Federal Bureau of Investigations. “Dozens of Online ‘Dark Markets’ Seized Pursuant to
Forfeiture Complaint Filed in Manhattan Federal Court in Conjunction with the
Arrest of the Operator of Silk Road 2.0.” November 7, 2014. Accessed January 10,
2015. http://www.fbi.gov/newyork/press-releases/2014/dozens-of-online-dark-
markets-seized-pursuant-to-forfeiture-complaint-filed-in-manhattan-federal-court-in-
conjunction-with-the-arrest-of-the-operator-of-silk-road-2.0.
Fingas, Jon. “Stuxnet Worm Entered Iran's Nuclear Facilities through Hacked Suppliers.”
Engadget. November 13, 2014. Accessed April 12, 2015.
http://www.engadget.com/2014/11/13/stuxnet-worm-targeted-companies-first/.
Flook, Kara. “Russia and the Cyber Threat.” Critical Threats. May 13, 2009. Accessed
October 12, 2014. http://www.criticalthreats.org/russia/russia-and-cyber-threat.
Gady, Franz-Stefan. “Cyberwar in the Crimea?” U.S. News & World Report. March 7, 2014.
102
Accessed April 7, 2015. http://www.usnews.com/opinion/blogs/world-
report/2014/03/07/russias-cyberwar-restraint-in-ukraine.
Gat, Azar (2007b). “The Return of Authoritarian Capitalists.” The New York Times. June 14,
2007. Accessed November 2, 2014.
http://www.nytimes.com/2007/06/14/opinion/14iht-edgat.1.6137311.html?_r=0.
Gat, Azar. (Gat 2007a) “The Return of Authoritarian Great Powers.” Foreign Affairs. August,
2007. Accessed November 2, 2014.
http://www.foreignaffairs.com/articles/62644/azar-gat/the-return-of-authoritarian-
great-powers.
Gallagher, Sean. “Anonymous Collects, Publishes IP Addresses of Alleged Pedophiles.”
ArsTechnica. November 3, 2011. Accessed October 26, 2014.
http://arstechnica.com/business/2011/11/anonymous-collects-publishes-ip-addresses-
of-alleged-pedophiles/.
Gjelten, Tom. “Cyberattack: U.S. Unready for Future Face of War.” National Public Radio.
April 7, 2010. Accessed April 7, 2015.
http://www.npr.org/templates/story/story.php?storyId=125598665.
Grigas, Ph.D, Agnia. “The EU’s Unresolved Issue of the Russian Embargo Against
Lithuania’s Oil Refinery.” Euractiv. October 31, 2014. Accessed March 28, 2015.
http://www.euractiv.com/sections/energy/eus-unsolved-issue-russian-embargo-
against-lithuanias-oil-refinery-309661.
Heber, Alex. “Not Only Is the Ukraine Dealing with Separatist Fighters On the Ground It
Also Has Cyber Threats to Battle.” Business Insider (Australia). August 6, 2014.
Accessed April 12, 2015. http://www.businessinsider.com.au/fighting-on-the-ground-
in-the-ukraine-isnt-the-countrys-only-problem-2014-8.
The Hidden Wiki – http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page
Hoffman, JD, Allan. “Deep Web.” DeepDotWeb. December 16, 2014. Accessed December
17, 2014. http://www.deepdotweb.com/2014/12/16/deep-web-law-enforcement-
buyer-perspective-part-2/.
Hollis, David. “Cyberwar Case Study: Georgia 2008.” Small Wars Journal (Jan 6, 2011): 2-3.
Accessed April 4, 2015. http://smallwarsjournal.com/blog/journal/docs-temp/639-
hollis.pdf.
Izbirkom. “Information About Ongoing Elections and Referendums -.” Accessed April 29,
2015. http://www.vybory.izbirkom.ru/region/region/izbirkom?action=show&root=1&
tvd=100100022249920&vrn=100100022176412®ion=0&global=1&sub_region=0&
prver=0&pronetvd=null&vibid=100100022249920&type=227.
Jarvenpaa, Pauli. “Special Summit Series: Estonia, Latvia, Lithuania, and NATO.” Atlatnic
103
Council. August 19, 2014. Accessed October 24,
2014 .http://www.atlanticcouncil.org/blogs/natosource/special-summit-series-estonia-
latvia-lithuania-and-nato.
Jones, Sam. “Cyber Snake Plagues Ukraine Networks.” Financial Times. March 7, 2014.
Accessed April 12, 2015. http://www.ft.com/intl/cms/s/0/615c29ba-a614-11e3-8a2a-
00144feab7de.html#axzz3X8u9wiAm.
Jones, Sam. “Ukraine PM’s Office Hit by Cyber Attack Linked to Russia.” Financial Times.
August 7, 2014. Accessed April 12, 2015. http://www.ft.com/intl/cms/s/0/2352681e-
1e55-11e4-9513-00144feabdc0.html#axzz3X8u9wiAm.
Kaitseliit - Estonian Defence League. “Centre, Estonian Defence League Sign Cooperation
Agreement.” Last modified February 12, 2015. Accessed March 12,
2015. http://www.kaitseliit.ee/en/centre-estonian-defence-league-sign-cooperation-
agreement.
Kaitseliit - Estonian Defence League. “Estonian Defence League's Cyber Unit.” Last
modified March 11, 2015. Accessed March 12,
2015. http://www.kaitseliit.ee/en/cyber-unit.
Kaitseliit - Estonian Defence League. “History of the EDL CU.” Last modified March 11,
2015. Accessed March 12, 2015. http://www.kaitseliit.ee/en/history-of-the-edl-cu.
Kaspersky Labs - SecureList. “Stuxnet: Zero Victims.” November 7, 2014. Accessed April
12, 2015. https://securelist.com/analysis/67483/stuxnet-zero-victims/.
Kaszeta, Daniel J. “Lithuanian Resistance to Foreign Occupation 1940-1952.” Lituanus:
Lithuanian Quarterly Journal of Arts and Sciences 34, no. 3 (Fall, 1988): under
“Paragraph 3,” “German Occupation – 1941 to 1944,” “The Second Soviet
Occupation – 1944 to the Present.” Accessed March 16, 2015.
http://www.lituanus.org/1988/88_3_01.htm.
Khrennikov, Ilya “Putin Sets $110,000 Bounty for Cracking TOR as Anonymous Internet
Usage in Russia Surges.” Bloomberg Business. July 29, 2014. Accessed April 15,
2015. http://www.bloomberg.com/news/articles/2014-07-29/putin-sets-110-000-
bounty-for-cracking-tor-as-anonymous-internet-usage-in-russia-surges.
King, Charles. “The Five-Day War: Managing Moscow After the Georgia Crisis.” Foreign
Affairs, Nov-Dec 2008. Accessed February 14, 2015.
http://www.foreignaffairs.com/articles/64602/charles-king/the-five-day-war.
Kingsley, Patrick. “How Tiny Estonia Stepped Out of USSR's Shadow to Become an Internet
Titan.” The Guardian. April 15, 2012. Accessed March 18, 2015.
http://www.theguardian.com/technology/2012/apr/15/estonia-ussr-shadow-internet-
titan.
104
Krickus, Dick. “Kaliningrad: Russia's Own Breakaway Region?” The National Interest.
March 21, 2014. Accessed March 24, 2015.
http://nationalinterest.org/commentary/kaliningrad-russias-own-breakaway-region-
10094.
Langner, Ralph. “Cracking Stuxnet: A 21st Century Cyberweapon” (TED Talk). Lecture,
TED2011, Long Beach, California, February 2011. Accessed April 12, 2015.
http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberwea
pon/transcript?language=en#t-9277.
Lewis, James Andrew. “Cyber Attacks, Real or Imagined, and Cyber War.” CSIS: Center for
Strategic and International Studies. July 11, 2011. Accessed March 28, 2015.
http://csis.org/publication/cyber-attacks-real-or-imagined-and-cyber-war.
Lietuvos Respublikos Seimas. “Republic of Lithuania Law On the Approval and Entry Into
Force of the Criminal Code.” Last modified February 11, 2010. Accessed March 22,
2015.http://www3.lrs.lt/pls/inter3/dokpaieska.showdoc_l?p_id=366707.
MacFarquhar, Neil. “After Annexing Crimea, Euphoric Russia Turns Thoughts to Ukraine.”
The New York Times. June 15, 2014. Accessed February 14, 2015.
http://www.nytimes.com/2014/06/15/world/europe/after-annexing-crimea-euphoric-
russia-turns-thoughts-to-ukraine.html?_r=0.
Marchetti, Victor. "Propaganda and Disinformation: How the CIA Manufactures History.”
Fall 1989. http://www.ihr.org/jhr/v09/v09p305_Marchetti.html (accessed November
29, 2014).
Martel, Frances. “PUTIN SEEKS TO CREATE POST-SOVIET 'EURASIAN' ECONOMIC
UNION.” BreitBart. January 9, 2014. Accessed March 28, 2015.
http://www.breitbart.com/national-security/2014/01/09/putin-seeks-to-create-post-
soviet-eurasian-economic-union/.
Massachusetts Institute of Technology – Explorations in Cyber International Relations:
http://ecir.mit.edu
Medvedev, Dmitry “Statement by President of Russia Dmitry Medvedev.” President of
Russia - Statement on Major Issues. August 26, 2008. Accessed February 25, 2015.
http://archive.kremlin.ru/eng/speeches/2008/08/26/1543_type82912_205752.shtml.
Mitchell, Lincoln. “Is NATO Still Relevant?” The New York Observer. February 10, 2015.
Accessed February 14, 2015. http://observer.com/2015/02/natos-relevance-the-view-
from-georgia/.
NATO. “NATO Member Countries.” Last modified March 27, 2014. Accessed February 14,
2015. http://www.nato.int/cps/en/natohq/nato_countries.htm.
NATO Cooperative Cyber Defence Centre of Excellence. “About Us - History.” Accessed
105
March 11, 2015. https://ccdcoe.org/history.html.
NATO Cooperative Cyber Defence Centre of Excellence. “Locked Shields 2014.” Accessed
March 28, 2015.https://ccdcoe.org/locked-shields-2014.html.
NATO Cooperative Cyber Defence Centre of Excellence. “NATO Centres of Excellence.”
Accessed March 28, 2015. https://ccdcoe.org/nato-centres-excellence.html.
NATO Cooperative Cyber Defence Centre of Excellence. “News - 03 May 2010 - Baltic
Cyber Shield to Train Technical Skills for Countering Cyber Attacks.” May 3, 2010.
Accessed March 11, 2015. https://ccdcoe.org/baltic-cyber-shield-train-technical-
skills-countering-cyber-attacks.html.
NATO. “The North Atlantic Treaty.” Last modified December 9, 2008. Accessed May 1,
2015. http://www.nato.int/cps/en/natohq/official_texts_17120.htm?selectedLocale=en.
NEC - Information Management. “What Constitutes a Cyber Attack?” Accessed October 24,
2014.http://www.nec.com/en/global/solutions/safety/info_management/cyberattack.ht
ml.
Nemtsova, Anna. “Putin’s Secret Ukraine Plan ‘leaked’.” The Daily Beast. February 25,
2015. Accessed February 26, 2015.
http://www.thedailybeast.com/articles/2015/02/25/russia-s-great-ukraine-conspiracy-
revealed.html.
Network. “Father Manifesto.” Accessed April 18, 2015. http://xn--e1aaooegkhc4h.xn--
p1ai/manifest.
Network. “Spiritual Ties Of.” Accessed April 18, 2015. http://xn--e1aaooegkhc4h.xn--
p1ai/cramps.
NSD - European Election Database. “Estonia - Background.” Accessed March 5, 2015.
http://www.nsd.uib.no/european_election_database/country/estonia/introduction.html.
NSFocus. “Introduction to DDoS Attack.” Accessed October 24, 2014.
http://en.nsfocus.com/uploadfile/Product/ADS/DDoS%20FAQ/What%20is%20DDoS
%20Attack.pdf.
O'Neill, Ian. “No Stuxnet Infection, but Space Station Is Vulnerable.” Discovery News.
November 12, 2013. Accessed April 12, 2015. http://news.discovery.com/space/no-
stuxnet-infection-but-space-station-is-vulnerable-131112.htm.
Organization for Security and Cooperation in Europe. “OSCE Mission to Georgia (Closed).”
Accessed February 25, 2015. http://www.osce.org/georgia-closed/.
Organization for Security and Cooperation in Europe. “Participating States.” Accessed
February 25, 2015. http://www.osce.org/states.
106
Pauliukonis, Pranas. “Mykolas Krupavičius and Lithuanian Land Reform.” Lituanus:
Lithuanian Quarterly Journal of Arts and Sciences 16, no. 4 (Winter, 1970): under
“Paragraph 5.” Accessed March 14, 2015.http://www.lituanus.org/1970/70_4_03.htm.
“Port of Arkhangelsk.” Accessed February 7, 2015.
http://www.worldportsource.com/ports/review/RUS_Port_of_Arkhangelsk_1532.php.
RadioFreeEurope / Radio Liberty. “Kremlin: Putin Denies Russian Role in Ukraine Unrest.”
April 14, 2014. Accessed February 26, 2015. http://www.rferl.org/content/ukraine-
russia-putin-anxiety/25333073.html.
Republic of Estonia - Ministry of Justice. “Citizenship Act - Passed January 19.” Last
modified June 15, 2006. Accessed March 5, 2015.
http://www.legaltext.ee/text/en/X40001K6.htm.
RFC 2350 Description for Cert Ee (Estonian Cert). Tallinn, Estonia: Republic of Estonia -
Information Security Authority, 2013. Accessed October 12, 2014.
https://www.ria.ee/public/CERT/CERT-EE_rfc2350.pdf.
Robinson, Matt. “U.N. monitors leave Georgia, OSCE mission shuts.” June 30, 2009.
Accessed February 26, 2015. http://www.reuters.com/article/2009/06/30/us-georgia-
monitors-idUSTRE55T3OR20090630.
Sanger, David E., and Steven Erlanger. “Suspicion Falls On Russia as ‘snake’ Cyberattacks
Target Ukraine’s Government.” The New York Times. March 8, 2014. Accessed
April 12, 2015.http://www.nytimes.com/2014/03/09/world/europe/suspicion-falls-on-
russia-as-snake-cyberattacks-target-ukraines-government.html?_r=0.
Seimas of the Republic of Lithuania. “16 February – Day of Restoration of Lithuania’s
Independence.” Accessed March 14, 2015.
http://www3.lrs.lt/pls/inter/w5_show?p_r=5691&p_k=2.
Shachtman, Noah. “Russia’s Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals.” Wired,
July 23, 2012. Accessed December 28, 2014.
http://www.wired.com/2012/07/ff_kaspersky/all/.
Shamah, David. “Stuxnet, Gone Rogue, Hit Russian Nuke Plant, Space Station.” Times of
Israel. November 11, 2013. Accessed November 29, 2014.
http://www.timesofisrael.com/stuxnet-gone-rogue-hit-russian-nuke-plant-space-
station/
Soldatov, Andrei “Vladimir Putin's Cyber Warriors.” Foreign Affairs, December 9, 2011.
Accessed May 2, 2015.https://www.foreignaffairs.com/articles/russia-fsu/2011-12-
09/vladimir-putins-cyber-warriors.
Stone, Jeff. “Russian 'law On Bloggers' Forces Putin Critics Online to Provide Home
Address.” International Business Times. August 1, 2014. Accessed April 15, 2015.
107
http://www.ibtimes.com/russian-law-bloggers-forces-putin-critics-online-provide-
home-address-1646766.
Talliharm, Anna-Maria. “Towards Cyberpeace: Managing Cyberwar through International
Cooperation.” UN Chronicles, August, 2013. Accessed December 22, 2014.
http://unchronicle.un.org/article/towards-cyberpeace-managing-cyberwar-through-
international-cooperation/.
TOR Project. “Normal Users.” Accessed October 24, 2014.
https://www.torproject.org/about/torusers.html.
United Nations. “Member States.” Accessed May 1, 2015.http://www.un.org/en/members/.
United Nations Treaty Collection. “Treaty on Principles Governing the Activities of States in
the Exploration and Use of Outer Space, Including the Moon and Other Celestial
Bodies.” Accessed May 1, 2015.
https://treaties.un.org/Pages/showDetails.aspx?objid=0800000280128cbd.
U.S. Department of State - Office of the Historian. “Milestones: 1961–1968 Soviet Invasion
of Czechoslovakia, 1968.” Accessed February 24, 2015.
https://history.state.gov/milestones/1961-1968/soviet-invasion-czechoslavkia.
United States Naval Research Laboratory Center for High Assurance Computing Systems –
Online Accomplishments – TOR:
https://www.nrl.navy.mil/itd/chacs/accomplishments
Vaida, BC, Petras. “National Centre of Cyber Security Will Start Functioning as of 2015 in
Lithuania.” The Baltic Course. December 12, 2014. Accessed March 28, 2015.
http://www.baltic-course.com/eng/Technology/?doc=100048.
Valeriano, Brandon, and Ryan Maness. “The Fog of Cyberwar: Why the Threat Doesn't Live
up to the Hype.” Foreign Affairs. November 21, 2012. Accessed October 26, 2014.
http://www.foreignaffairs.com/articles/138443/brandon-valeriano-and-ryan-
maness/the-fog-of-cyberwar.
Verkhovna Rada of Ukraine. “On Declaration of Independence of Ukraine.” Accessed
February 26, 2015.
http://static.rada.gov.ua/site/postanova_eng/Rres_Declaration_Independence_rev12.ht
m.
Vladimir Putin - Personal Website. “Interests.” Accessed April 29, 2015.
http://eng.putin.kremlin.ru/interests.
Walker, Shaun, Harriet Salem, and Ewan MacAskill. “Russian 'invasion' of Crimea Fuels
Fear of Ukraine Conflict.” The Guardian. February 28, 2014. Accessed February 26,
2015. http://www.theguardian.com/world/2014/feb/28/russia-crimea-white-house.
108
The Washington Post. “Transcript: Putin Says Russia Will Protect the Rights of Russians
Abroad.” March 18, 2014. Accessed April 26, 2015.
http://www.washingtonpost.com/world/transcript-putin-says-russia-will-protect-the-
rights-of-russians-abroad/2014/03/18/432a1e60-ae99-11e3-a49e-
76adc9210f19_story.html.
Wasser, Alan. “LBJ’s Space Race: What We Didn’t Know Then.” Space Settlement Institute.
June 26, 2005. Accessed December 19, 2014. http://www.space-settlement-
institute.org/Articles/LBJSpaceRaceHistory.pdf.
Winogradow, Jegor. “Young, Educated, and Unemployed in Russia.” DW.DE. February 28,
2013. Accessed December 30, 2014. http://www.dw.de/young-educated-and-
unemployed-in-russia/a-16635170.
The World Bank. “Russian Federation.” Accessed December 28, 2014.
http://data.worldbank.org/country/russian-federation.
The World Bank. “Science & Technology.” Accessed December 28, 2014.
http://data.worldbank.org/topic/science-and-technology.
Zetter, Kim. “DARPA Is Developing a Search Engine for the Dark Web.” Wired. February
17, 2015. Accessed April 15, 2015. http://www.wired.com/2015/02/darpa-memex-
dark-web/.
