NATO website hit hard by denial-of-service attack as Crimean tension rises

NATOThis weekend a number of websites belonging to NATO, including its main website at www.nato.int, struggled to remain online as online criminals launched a distributed denial-of-service (DDoS) attack.

A group of pro-Russian hackers called “Cyber Berkut” claimed responsibility for the attack, which came on the eve of a controversial referendum in Crimea which saw over 90% of voters choose to quit Ukraine for Russia.

DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time.

Typically, DDoS attacks use compromised computers to flood a website with traffic, but it’s also known for the owners of computers to be willing participants in an attack, intentionally running tools like the Low Orbit Ion Cannon to help those behind the attack to achieve their goals.

Sign up to our free newsletter.
Security news, advice, and tips.

NATO website, struggling to stay online

NATO spokesperson Oana Lungescu confirmed via Twitter that some NATO websites had suffered from a DDoS attack, and reassured internet users that the integrity of NATO data and systems was not affected.

The attack came after NATO’s secretary general published a statement on the website, claiming that the referendum would have “no legal effect or political legitimacy.”

NATO statement on Ukraine referendum

Of course, clogging up a website is very different from hacking a website – and although still malicious, it’s a lot less serious than a security breach that could have stolen information or planted malware.

Although DDoS attacks can be initiated for the purposes of blackmailing companies (imagine, for instance, the not uncommon scenario of a gambling website being threatened with a DDoS attack if it doesn’t wire money to the attackers), this incident is another reminder that attacks can often also be perpetrated for political hacktivist reasons or through the desire to curb freedom of speech.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “NATO website hit hard by denial-of-service attack as Crimean tension rises”

  1. Nirmal

    There is a small typo in the 5th paragraph. "… the integrity of NATO data and systems was affected." "not" is missing.

    1. Graham CluleyGraham Cluley · in reply to Nirmal

      And an important typo at that. Thanks, now fixed!

  2. Coyote

    On the subject of typos, there is a word that sort of breaks the flow of the sentence it is in:

    "DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time."

    Referring of course to the word 'manage'. That's the real point of my response, even though it is hardly important. I am however a stickler and can be very nitpicky. Also, since it has been a while since I've written anything even semi technical, anywhere, I'll go along with it and submit this:

    Otherwise (and I Graham knows this as do some other readers but maybe some don't) – a DDoS attack (or a DoS attack for that matter) does not have to involve web traffic at all in order to make it next to (if not completely) impossible to reach the victim. It of course does not have to involve TCP at all. To the uninformed: there are unfortunately many gateways (networking pun very much intended) to attacks of all kinds and this includes denial of service attacks; such attacks need only disable a service and that includes by crashing the server, the service running on the server or simply overwhelming it with traffic so that no legitimate traffic can reach it. To be strictly technical there are other ways too but the point is the same: it is named very appropriately but there are many methods and more complexities involved, just like everything else in this universe. Semi related: DoS attacks have also been employed in other kinds of attacks that allow a person to compromise a server.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.