• Choose a category
• All
• Classic-Fiction

On 3rd July 2007 he walked into Wembley Park police station and gave himself up. The easy part of Operation DarkMarket was complete.

Interlude

THE LAND OF I KNOW

NOT WHAT AND I KNOW

NOT WHERE

Tallinn, Estonia

Four days before the official voting day of its general election in the spring of 2007, the tiny Baltic country of Estonia, with a population of just 1.25 million, offered its citizens a world first: the opportunity to cast their ballots in a parliamentary election without getting up from their PC. If the experiment worked, the ultimate aim would be to instigate a full ‘virtual election’ four years later in 2011.

Much was at stake if Estonia were to make this significant leap towards a digital future – not only did the systems have to work, but they had to be secure from outside attack as well. A year earlier Estonia had officially inaugurated its Computer Emergency Response Team (CERT), whose main job was to react to any breaches (whether accidental or malicious) in the Internet domain that bears the country’s suffix: .ee. That involves constantly monitoring the flow of Internet traffic in, around and out of the country for any abnormal patterns.

The man responsible for the entire country’s computer security is the quietly spoken Hillar Aarelaid, sporting the look of someone who has only recently got out of bed, and that unwillingly. He may appear distracted, but Aarelaid has a single-mindedness that saw him rise through the ranks of Estonia’s police force, where he started as a simple traffic cop in the sticks. ‘But I loved computers, so first I got a transfer here to Tallinn and eventually I was appointed Chief Information Officer for law enforcement throughout the country.’ Just as well – he definitely looks like a geek. He definitely does not look like a cop (except, at a pinch, an undercover narcotics officer from the 1980s), so perhaps it was for sartorial reasons as much as anything else that he left to run CERT in 2006.

On the day of the virtual election in 2007, CERT and Hillar’s former colleagues in law enforcement were on high alert. ‘And sure enough,’ he explained, ‘we spotted somebody had launched a botscan on the electoral system.’ Somebody, it seems, had sent out an automatic probe, which was instructed to search for any ports on the electoral servers that might have been left open by mistake. ‘This was not very serious, as botscans are pretty easy to detect,’ Hillar continued, ‘but nonetheless it was a genuine security threat.’

He then puffed himself up – as much as somebody as laid-back as Hillar can – to announce proudly that ‘Fifteen minutes after we first spotted the botscan a policeman was knocking on the door at an address in Rapla, fifty kilometres south of Tallinn, enquiring of the inhabitant, “Why are you running a botscan against the electoral computers?” ’

In the world of cyber security, fifteen minutes from the detection of mischief to an officer arriving at the location of the mischief-making computer is more than impressive – it’s brilliant. ‘It was lucky for us that we had done such a good job,’ Hillar said, ‘because when the first big attack came at the end of April, we were well prepared.’

That ‘big attack’, two months after the election, marked another cyber ‘first’ for Estonia as it was subject to a sustained assault on its networks, which eventually forced it to close down its Internet links with the outside world. Some argue that this was the first-ever incidence of cyber warfare.

I had sought out Hillar a month after my visit to Google in Silicon Valley. My eastward journey led me to Tallinn, the picturesque capital of the most northerly Baltic state. The wall of the old town protects a rich mix of Scandinavian, Germanic and Slavic architectural styles. These reflect how the past imperial aspirations of Estonia’s neighbours to the north, the east and the west finally gave way to Estonia’s primary indigenous culture just over twenty years ago, after the collapse of communism