Dutch Government Goes Offline
Government.nl (Dutch rijksoverheid.nl) and numerous other official Dutch government websites were offline Tuesday thanks to a massive, sustained, 10-hour distributed denial of service attack. The source of the attacks remains undisclosed and the specifics of the attack have been vague thus far.
What We Know
The attack began around 0900GMT and lasted well into the evening. It made all official government websites all but inaccessible but did not stop there. Popular satire portal GeenStijl.nl as well as major telecommunications service Telford were also under siege during the same time. Their wounds could be attributed to residing on the same servers by contracting with Prohosting.
The government has back-up servers, but it turns out the complexity and number of Dutch governmental sites have grown so much since their installation that now the back-up servers aren’t capable of doing their job. This fact led members of parliament to outraged demands that measures be taken to withstand such attacks in the future.
The BBC spoke to two security researchers who did not buy the source being unable to trace. “If you face a DDoS, you know it,” said Christian Doerr, a specialist at Delft Technical University.
What We Don’t Know
- Motive. While often enough these sorts of attacks are done simply for fun by young people with a decreased understanding of the consequences of their actions, taking down governmental websites usually isn’t considered much fun. When that motive is the case, things that enemies enjoy like gaming networks are the target. The Dutch government recently extradited Russian-born hacker Vladimir Drinkman, but there is not yet any indication that the two actions are linked. Also recently an alleged member of a hacker collective demanded airtime from major broadcaster NOL using a pistol. Given that many hackers work in groups toward goals, it is entirely possible that friends of either of these are the source of retribution.
- Culprit. Politically motivated attacks are generally claimed by the attacker and explained for maximum effect. In the two days since the attack, nothing of the kind has surfaced.
- Actual impact. The Dutch government hasn’t been forthcoming about how much of its communications were effected by the attacks. They say that their other communications worked during the siege, yet their host claims that during the attack their phone lines were also out for various periods.
Since the attack, no further problems have arisen. In the past, DDoS attacks have been used as diversion tactics in order for attackers to gain access to other areas of a system they are actually interested in. No one should be too surprised if a breach is discovered before very long which in one way or another dumps data the government has not published. The preceding statement is purely speculative, of course.
The Cyber Threat Intelligence Integration Center in the United States was launched on the same day as the DDoS attack. The new agency, founded in the wake of last year’s brazen and thorough Sony Pictures hack, is meant to function similarly to the way Joint Terrorism Task Forces do, except digitally.
Images from Shutterstock.