| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article mentions that in 2007, Estonia suffered a massive cyberattack by hackers suspected of having links with the Kremlin. The hackers crippled email servers and forced a major bank to halt its online services for more than an hour. This incident in 2007 was the first known example of a major nation-on-nation cyberattack. The attacks in 2007 also occurred after Estonia relocated a Soviet-era World War II monument. This historical incident within Estonia demonstrates a previous occurrence of a software failure incident within the same organization [131181].
(b) The software failure incident having happened again at multiple_organization:
The article mentions that Killnet, a pro-Russian hacking group, claimed responsibility for the recent cyberattacks against Estonia. In June, Killnet also sought to overwhelm Lithuanian public services websites after that country began enforcing E.U. sanctions on a Russian exclave. The cyberattack in Lithuania undermined access to more than 130 websites that month. This indicates that similar cyberattacks have occurred at multiple organizations, in this case, both in Estonia and Lithuania, involving the same hacking group [131181]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in the article is related to the design phase. The cyberattack on Estonia's websites, including government offices, banks, and health-care providers, was a result of a high-intensity and short-term campaign by a pro-Russian hacking group called Killnet [131181]. This attack involved distributed denial of service (DDoS) attacks, where hackers attempted to flood websites with more users than they could handle. The attack was aimed at cutting off access to hundreds of websites in various sectors, indicating a failure due to contributing factors introduced during the system development or updates to the system.
Additionally, the article mentions that in 2007, Estonia suffered a massive cyberattack by hackers suspected of having links with the Kremlin. This attack occurred after Estonia relocated a Soviet-era World War II monument, indicating a connection between the software failure incident and actions taken during the development phases [131181]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in Estonia, where Russia-aligned hackers attempted to launch a cyberattack on government offices, banks, and health-care providers, can be categorized as a within_system failure. The distributed denial of service (DDoS) attacks were aimed at flooding websites with more users than they could handle, indicating a direct attack on the system's infrastructure and services [131181]. Additionally, the incident in 2007 where hackers suspected of having links with the Kremlin crippled email servers and forced a major bank to halt its online services also falls under within_system failure, as it directly impacted the functionality and availability of online services within Estonia [131181]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in Estonia, where a major cyberattack was launched by Russia-aligned hackers attempting to take down government websites, banks, and health-care providers, was due to non-human actions. The attack involved distributed denial of service (DDoS) attacks, where hackers flooded websites with more users than they could handle [131181].
The incident was described as a high-intensity and short-term campaign, with efforts that were "generally lower in sophistication," indicating a scale-focused approach by the attackers [131181].
Estonia had previously experienced a massive cyberattack in 2007, suspected to have links with the Kremlin, which also involved non-human actions by hackers targeting email servers and online services of major banks [131181]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is not attributed to hardware issues. The incident involved a cyberattack launched by Russian-aligned hackers targeting the websites of government offices, banks, and health-care providers in Estonia. The attack was a distributed denial of service (DDoS) attack, where hackers attempted to flood websites with more users than they could handle, causing disruption [131181].
(b) The software failure incident in the articles originated from software-related factors. The cyberattack on Estonia's websites was carried out by a pro-Russian hacking group called Killnet. The group claimed responsibility for the attacks, stating that they tried to cut off access to hundreds of websites in various sectors such as finance, health care, education, government services, and utilities. The attack was described as a high-intensity and short-term campaign, with lower sophistication, aimed at sending a message rather than causing destruction [131181]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in the articles is malicious in nature. The incident involved a cyberattack launched by a pro-Russian hacking group named Killnet, which attempted to take down the websites of government offices, banks, health-care providers, and other sectors in Estonia [131181]. The attack was described as a distributed denial of service (DDoS) attack, where hackers tried to flood websites with more users than they could handle, with the objective of cutting off access to these websites [131181].
Additionally, the article mentions that the attack was claimed by Killnet via its Telegram channel, indicating a deliberate and malicious intent behind the cyberattack [131181]. The incident is part of a larger geopolitical context involving tensions between Estonia and Russia, further highlighting the malicious nature of the software failure incident. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The intent of the software failure incident reported in the articles is related to poor_decisions. The incident involved a cyberattack launched by a pro-Russian hacking group, Killnet, against Estonia's government offices, banks, and health-care providers. The attack was in response to Estonia relocating a Soviet-era World War II monument, which stirred controversy among the ethnic Russian population in the country. The attackers attempted to disrupt access to websites in various sectors, including finance, health care, education, government services, and utilities [131181]. This cyberattack was a deliberate action taken as a form of protest or retaliation, indicating poor decisions made by the hacking group to target critical infrastructure and services. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in the news article is not attributed to development incompetence. The cyberattack on Estonia's websites was carried out by a pro-Russian hacking group, Killnet, which attempted to disrupt various sectors such as finance, health care, education, government services, and utilities through distributed denial of service (DDoS) attacks [131181].
(b) The software failure incident in the news article is categorized as accidental. The cyberattack on Estonia's websites was described as a high-intensity and short-term campaign by the pro-Russian hacking group Killnet. The attacks were noted to be generally lower in sophistication, with the attackers trading precision for scale. The attacks were interpreted as messaging rather than campaigns designed to destroy [131181]. |
| Duration |
temporary |
The software failure incident reported in the articles is temporary. The distributed denial of service (DDoS) attacks launched by the pro-Russian hacking group Killnet against Estonia's government offices, banks, and health-care providers were unsuccessful in taking down the websites. The government's chief information officer mentioned that "websites remained fully available throughout the day" with only "brief and minor exceptions" [131181]. This indicates that the failure was temporary and did not result in a permanent disruption of the websites' availability. |
| Behaviour |
other |
(a) crash: The articles do not mention any specific instance of a system crash where the software completely loses its state and fails to perform any intended functions [131181].
(b) omission: There is no direct mention of the software omitting to perform its intended functions at a specific instance in the articles [131181].
(c) timing: The incident described in the articles does not involve the system performing its intended functions either too late or too early [131181].
(d) value: The software failure incident in the articles does not involve the system performing its intended functions incorrectly [131181].
(e) byzantine: The incident does not describe the system behaving erroneously with inconsistent responses and interactions, which would align with a byzantine failure [131181].
(f) other: The behavior of the software failure incident in the articles can be described as a distributed denial of service (DDoS) attack, where hackers attempted to flood websites with more users than they could handle, leading to a temporary disruption in services but ultimately not causing a complete failure of the websites [131181]. |