Threat Management, Incident Response, TDR

Student fined 1,100 euro for DoS attack on key sites in Estonia

A 20-year-old Estonian student has been fined 1,100 euro ($1,626) by a regional court for launching a wave of denial of service (DoS) attacks against the websites of numerous businesses and high-ranking politicians in Estonia, including the website for the political party of Estonia's prime minister, in April and May of last year.


The student, Dmitri Galushkevich, reportedly admited to initiating the attacks from his own computer. After Galushkevich's DoS took place, the Estonia government claimed that Russia was either directly or indirectly involved, which the Russian government denied.


However, a report posted on Friday by Heise Security in the United Kingdom said that last year's attack on the Estonian websites deployed parts of a botnet that had been previously used to mount attacks on servers hosting sites for opponents of the Russian government and the former world chess champion Gary Kasparov, now an outspoken critic of Russian President Vladimir Putin.


Galushkevich, a native Estonian reportedly of Russian ethnic origin, was said to be angry over his government's controversial plans to move a World War II-era memorial known as the Bronze Soldier from the center of Tallin in Estonia to the outskirts of the city and initiated the attacks as a protest.


The proposed move of the statue – erected by a Communist government when Estonia was part of the Soviet Union – and a decision by the Estonian government to relocate the graves of several Soviet soldiers who died in World War II – ignited a variety of protests, most often led by members of the country's ethnic Russian minority.


Galushkevich attacks, which not only took down a wide range of websites, including banks and schools as well as those for political organizations.


While some reports expressed surprise that a single individual could create so much disruption, it came as no major shock to Jose Nazario, a senior security researcher with Arbor Network's ASERT team, which investigates web-based threat activity.


 "Bear in mind that many of these attacks appeared to be coming from botnets, or compromised personal computers, which grow organically, then wait for commands to send traffic," Nazario told


"We track thousands of these a day, and it's a very effective mechanism for an individual to have thousands and even hundred of thousands individual PCs doing their bidding," he said. "With just a couple of keystrokes, one individual can tell tens of thousands of computers around world to send traffic to one computer," generating a DoS attack.


What's not so effective, Nazario pointed out, is controlling one of the key elements in denial of service attacks: the independent server used by attackers to control their botnets. These are typically servers at third-party web hosting sites that have been taken over by individuals such as Galushkevich.


"We see [co-opted servers] all over the place," Nazario said. "A hosting site makes a good choice because the servers there are generally up and running as long as possible."


Nazario said he isn't pleased with the relatively small fine Galushkevich paid.


 "I'd like to see the punishment upscaled, but I'm not sure of [the] extent of law in Estonia in regard to this kind of crime," he said. "There clearly were real damages associated with the attack, including lost productivity for the people who use the networks and loss of productivity to protect the networks by the people who run the networks."


He noted that the U.S. "has stricter penalties and more case law for this kind of attack, and the U.K. has even more significant laws with regard to this kind of computer abuse

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.