The media companies affected by the initial attack all rent server space from Swedish IT service provider Basefarm. According to Baseform, the attack was specifically aimed at one of its clients, media IT development company Adeprimo.
“Normally, a website with relatively high traffic will receive around 800 requests per second,” said Basefarm CEO Sara Murby Forste in a statement.
“During the attack on Adeprimo, we were registering around 400,000 requests per second,” she added.
News websites affiliated with the Stampen media group, which uses Adeprimo’s media platform, were among those hardest hit. These include main Gothenburg newspaper Göteborgs-Posten, whose site was inaccessible from early morning until lunchtime on Thursday.
Basefarm said it did not receive any warning or threat prior to the attack. The company is preparing to submit a report to the police and is continuing an internal investigation into the attack.
“We know from the nature of the attack that they possess a lot of knowledge. This took place in a planned manner, outside Europe, and with serious force,” said Basefarm’s technical manager Stefan Månsby.
“There is much to suggest that the traffic came from Asia and the United States. It could well be Asian, bouncing via the US.”
A second attack later in the day knocked out the website of the Swedish police, which was down for a couple of hours hours in the late afternoon.
Police IT experts believe the two attacks are almost certainly linked.
“I don’t think it’s a coincidence,” said Ann-Marie Alverås, head of the national police’s web security division.
“The amount of traffic was exactly the same in both attacks and we too witnessed traffic from the United States. But the saboteur could be anywhere in the world,” she added.
In general, it is more common for attacks to come from abroad, said Alverås.
“Asia is over-represented, but a large proportion also come from the former Soviet Union. But it’s hard to judge where the people – there’s usually more than one – are located.”
Thursday’s attacks are to be investigated by the police’s IT crimes unit. Ann-Marie Alverås said the purpose of the attacks remained a mystery.
“But I can hazard a guess that it was to attract attention,” she said.