When internet systems in the Marshall Islands went on the blink in mid-March, it wasn't immediately clear what was causing the rolling outages.
Home, business and government DSL and dedicated lines as well as mobile 4G services became intermittent or non-functional, forcing the National Telecommunications Authority (NTA) to repeatedly issue messages updating customers about "intermittent disruptions" and "urgent maintenance" needed to restore service.
Information technology and security staff at NTA responded by working long nights to fix and reboot the systems.
"But then in the morning, we were getting the same error messages," said NTA CEO Tommy Kijiner, Jr. Friday.
"After several days, it became apparent that NTA systems were shutting down as the result of a large-scale "distributed denial of service" (DDoS) attack, he said.
Kijiner said that in his 10 years with the Marshall Islands telecom, this is the second big cyber attack he's seen on NTA's systems.
Who was behind it? Kijiner said they will probably never know.
But past experience shows when countries are at war, cyber attacks - particularly aimed at government and business systems in the United States - increase dramatically.
"The only conclusion we arrived at is that the attack was probably related to the Russian invasion of Ukraine," he said.
Last week, the White House warned government agencies and businesses to be on high alert for possible Russian cyber intrusions.
Russian government hackers have been tied to big hacking incidents of US government and Fortune 500 corporations' online operations over the past several years.
But in today's increasingly dangerous internet environment, there are dozens of governments engaged in hacking - the US, China, N. Korea, Iran and others - along with thousands of individuals around the globe.
A DDoS attack is normally engineered by hackers who infect thousands - sometimes millions - of computers with malware that responds to command computers, receiving orders as part of what is known as a "botnet."
The intent of a DDoS cyber attack is to prevent legitimate internet traffic by flooding the targeted machine or system with an overwhelming volume of requests that overload systems.
NTA services were disrupted on and off over a 10-day period. But Kijiner said late this past week that NTA technicians believe they have now fixed the system and "there was no new sign that anything has jumped our firewall," he said.
"Several years ago, a NTA board member asked if we worried about cyber attacks," said Kijiner.
"Yes, we worry about it." Possibly because NTA is a small operation they haven't been targeted often for malicious attacks. But, he said, "if hackers can hack into the US Defense Department and the CIA, our firewalls are nothing."
He added, too, that a key challenge to safely using devices linked to the internet is awareness of the users to the potential dangers.
"At NTA, we probably haven't done enough education for customers to understand they shouldn't click and open malicious emails," he said, adding that the vast majority of NTA users skip all security steps when they are online.
"If ever there was a 'right place' for hacking to happen, the Marshall Islands is it," Kijiner said.
People will click links that immediately lead to infecting their devices and networks they are connected to.
This is one of the most efficient methods hackers use for "phishing" in order to infect computers that become part of a larger botnet for malicious activity on the internet.