“We don’t really view yesterday’s incident as a fully-fledged ‘cyber-attack’ as it didn’t affect any agencies critical for the running of Swedish society” said Anders Hansson of CERT-SE, Sweden’s Computer Security Incident Response Team, to The Local on Tuesday.
CERT-SE is part of the Swedish Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap, MSB), which supports societal capacities for preparedness for and prevention of emergencies and crises.
According to Hansson, Sweden is well prepared for cyber-attacks.
“But we thought yesterday’s incident was of smaller importance as most of the sites were able to deal with the problem themselves and therefore we didn’t see the need to act,” Hansson said.
The hacktivist DDOS attack on Swedish sites on Monday knocked out a number of official agencies and agents, including the Armed Forces, the main government website, the Courts Administration and national broadcaster Sveriges Television (SVT). The Local’s pan-European news network was also affected for a few hours during the afternoon.
The government sites affected mainly provide general information to the public and press, but are not generally used for the provision of services. The attacks therefore had a limited effect on the public.
Hacktivist group Anonymous later claimed responsibility for the attack, writing in an email that they had only taken out some of the Swedish government’s resources this time but that they are planning to “initiate new more powerful operations” in the future.
Hansson also thought the hacktivist action could have been a test of how much damage could be achieved.
“If something is being tested it is of course likely that it will be deployed on a larger scale in the future, but on the other hand it may just be a group – or groups – of people who want to make a political stand and get some media attention,” Hansson said.
“Before, you had to go outside with placards to show your views on larger issues, today you can take a stand from your sofa while watching your favourite TV-show.”
Swedes can be “naive” over internet security, Hansson said:
“There is a certain tendency to think ‘why would people be mean to us – we haven’t done any harm’ in many organizations here.”
“Many think ‘why pay to be protected against something that hasn’t been an issue so far?” .
However these kinds of attacks are likely to occur more often in the future:
“It is becoming easier to join these kinds of actions, both for individuals and groups. Also if you scale it up a little and talk about botnets, anyone could have placed malware on my computer, using it to stage an attack just like this,” Hansson told The Local.