WASHINGTON (Reuters) - It started with hactivists defacing websites and a e-mails pointing users to links that stole data.
Soon, Ragnar Rattas and his team of Estonian computer security experts were battling the heaviest and most sophisticated cyber attacks they had ever encountered.
As the situation worsened, they abandoned some networks - including a major public facing website - to protect the networks that kept vital data and industrial systems running in the research center they were defending.
Meanwhile, they faced a growing media storm as they raced to discover where the assault had come from.
It was, fortunately for them, just an exercise - a major game dubbed “Locked Shields” run on March 21-22 by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.
With more than 300 participants and teams from 17 nations, organizers said it was the largest international cyber maneuver yet mounted, simulating an attack on a fictional nation called “Berylia” by a 50-strong team of computer experts.
Companies and nations are pouring ever greater resources into cyber security, including sophisticated simulations, as they worry over data and intellectual property theft as well as attacks causing physical damage.
In 2012, the world’s largest oil producer Saudi Aramco suffered a cyber attack that damaged some 30,000 computers while experts believe the United States - and perhaps Israel - used the Stuxnet worm to make some of Iran’s nuclear centrifuges tear themselves apart.
Despite rising tensions since Russia’s annexation of Ukraine’s Crimea region, organizers said “Locked Shields” was not directly aimed at simulating any action by Russia.
The increasing sophistication of recent exercises, experts say - and the murky overlapping mix of criminal, state and other forces - point to the ever-growing complexity of confrontation.
“It was very challenging,” team leader Rattas, who runs the critical infrastructure protection team at the Estonian Information System Authority, told Reuters. “They were very sophisticated attacks. There were times when you just wanted to close the computer and walk away.”
Estonia is no stranger to electronic warfare. During a diplomatic dispute with Russia in 2007 over the movement of a Soviet-era war memorial, many of its essential computer systems failed after a major attack widely blamed on Russia.
Moscow denied the charge although it said it could not control the actions of independent patriotic hackers.
Analysts said Russian hackers - state-linked or otherwise - were probably also responsible for a similar but much smaller attack that temporarily crashed the NATO website in March.
One of the key challenges set for participants in Locked Shields was “digital forensics”.
Those with the right skills would discover a rival nation - the fictitious “Crimsonia” - was behind the some of the attacks originally suspected to come from the hacktivist and criminals.
Tensions between Western states and both Russia and China over cyber security have been quietly rising for years.
Last week, Washington indicted five Chinese military officials it said were involved in electronic espionage, while Western officials privately blame Russia for other attacks including a major 2008 breach of U.S. military systems.
Western officials say both states have invested heavily in cyber attack capabilities and would probably use them to disrupt essential networks in any serious face-off.
NATO states too have dramatically increased their spending. The Pentagon’s Cyber Command budget for 2014 reached a record $447 million, not including the separate budget for the eavesdropping National Security Agency (NSA).
Russian and Chinese officials say revelations from former NSA contractor Edward Snowden - now given asylum by Moscow - show Washington is distinctly hypocritical on the issue.
Criminals are also raising their game. Last week, online auction site eBay was forced to tell customers to change their passwords after the largest customer data breach so far recorded.
Estonia’s team was in Tallinn but others took part remotely from Finland, Italy, Spain, Germany, Holland, Turkey, Poland, Latvia, the Czech Republic, Hungary, France, Austria, Lithuania in addition to NATO’s own dedicated cyber response unit.
The Estonian competition was won by Poland.
Major cyber powers such as the United States and Britain conduct their own exercises, current and former officials say, including use of their own highly classified offensive cyber weaponry to attack enemy systems.
Defensive simulations such as the NATO drill, however, are particularly useful for smaller states.
In November 2013, the Bank of England coordinated “Exercise Waking Shark 2”, a test of the British banking system when attacked by a foreign nation that wiped data from computers.
In 2012, some U.S. banks suffered website and other failures blamed on cyber attacks from Iran. Tehran denied involvement.
The United States and China, those involved in discussions say, have even experimented with basic tabletop war games and scenario planning to examine how they might work together to contain dangerous malware neither state was responsible for. Such semi-formal discussions - which had engaged current and former officials from both nations - may now be on hold.
“Cyber exercises have really come into their own,” said Jim Lewis, a former U.S. foreign service officer and now senior fellow at the Centre for Strategic and International Studies in Washington.
“A few years ago, they were purely technical. Now they involve policy specialists too and are on a whole different level.”
Editing by Alister Doyle/Mark Heinrich