Swedish sites targeted in new internet attack

The websites of several Swedish companies and organizations were crippled on Monday by a cyber attack which left internet servers overloaded in what experts say is an increasingly common phenomenon for websites in Sweden.

Swedish sites targeted in new internet attack

The attacks, which affected the Swedish Armed Forces (Försvarsmakten), several large banks and media outlets, come roughly a month after a similar attack hit Sweden.

“We learned our lesson from the last time around. Then we were down for two hours, now we were back after only 20 minutes,” Niklas Englund, head of Swedish Armed Forces digital media, told The Local.

“We noticed that we were generating more traffic than normal and that our firewall had stopped working.”

Anders Ahlqvist, IT expert at the National Police Board (Rikspolisstyrelsen) told the TT news agency that Swedish websites appear to have become increasingly popular targets of such Distributed Denial of Service (DDOS) attacks.

During a DDOS attack, a website is bombarded with communication requests so that the servers become overloaded and the site crashes.

“It does seem as if Swedish sites have been targeted on a large scale recently,” he said.

The attack or attacks, which began on Monday morning, also targeted Swedish banks, news agency Tidningarnas Telegrambyrå (TT), as well as The Local’s pan-European news network.

The websites of all organizations affected by the attack were left inaccessible for several hours as servers were overloaded with access requests.

Swedish national rail operator SJ also had trouble with its online booking system between 10.30am and 11.50am on Monday, but a spokesperson told The Local they didn’t think the problem was due to an attack.

According to experts, the logs from the TT servers indicated the agency was hit by a so called botnet attack, where a large number of hijacked computers are connected in a targeted attack.

Swedish banks Swedbank and SEB as well as the internet realtor Nordnet, also experienced the effects of the attack.

“They managed to keep us down for a while but we seem to be up again now,” said Swedbank spokesperson Anna Sundblad to newspaper Aftonbladet.

Sweden’s Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap – MSB) was also targeted in Monday’s attack, as was the Swedish military, which continues to try to improve its defences against cyber attacks.

“We keep developing our systems and we get better and better,” said Englund.

The Armed Forces and The Local were also both affected by an attack which took place about a month ago and was directed at several Swedish sites.

The attack was reported to the police by the Armed Forces, which suspected it may have been carried out by supporters of WikiLeaks-founder Julian Assange.

“Attacks of this kind have always been carried out against government agencies, organizations and companies. There doesn’t seem to be a plan behind it. If they are firing against the police or the prosecution authority it is a bit more understandable, but attacking the Swedish National Council for Crime Prevention (Brottsförebyggande rådet – Brå) and the Swedish Courts is more inexplicable,” said Ahlqvist.

When media companies are being targeted it is often presumed that it is because of something that they have published, but according to Ahlqvist this is not necessarily the case.

“If you look at the spread of the attacks it really doesn’t follow a rational pattern. They will test where it might work – who has good protection and who will find it difficult to get back up again,” Ahlqvist said.

It is almost impossible to find out who is in control of these botnets if they don’t choose to claim the responsibility.

“These are technically gifted people. And it spans the whole spectrum from individuals, to groups to states,” Ahlqvist told TT.

TT/Rebecca Martin

Follow The Local on Twitter

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.


US blames Russia for huge 2016 cyberattack on Swedish media: report

The United States believes Russian hackers were behind a massive cyberattack on Sweden’s biggest news sites in 2016, Buzzfeed News has reported.

US blames Russia for huge 2016 cyberattack on Swedish media: report
Photo: hacker/Depositphotos

Buzzfeed News – a branch of the American media giant that distinguishes itself for its more serious, investigative journalism – published Friday a report that claims to shed light on suspicious glitches experienced by at least nine of Sweden's largest media sites in March 2016. 

Based on a partially released cable Buzzfeed News obtained through a Freedom of Information Act lawsuit, Russia is allegedly suspected of the attacks that blacked out the major news sites in an alleged attempt to dissuade Sweden from cooperating with NATO.

The cyberattack came at a time when the Swedish government was debating whether to approve a cooperation treaty with NATO, which Sweden is not a member of but has worked with more closely in recent years.

“Russia has focused significant resources on specific Partners, like Sweden and Finland,” the cable reportedly reads.

“Russian actors are suspected of being behind recent efforts to infiltrate Sweden with distorted and false information about NATO in the Swedish press, at think tank events and on social media.”

Russian military intelligence operatives are also reported to have carried out the attack on Sweden at the same time as they penetrated Hillary Clinton’s presidential campaign.

According to Buzzfeed News, “the attacks (on Swedish news sites) weren’t sophisticated — they were merely a Distributed Denial of Service (DDoS), which overloads a network with too much traffic, keeping it from being able to load — but they were powerful enough to keep readers from accessing at least nine of the country’s biggest news sites”.

The attacks began on March 19 and continued against at least some of these Swedish sites for five days.

They either partially or totally shut down the sites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad.

Sweden’s government has never publicly blamed Russia for the media attacks.

Swedish police said at the time that some of the suspected IP addresses were Russian, but that wasn’t enough to pinpoint the true culprits. 

Internet traffic to Sweden from Russian users increased significantly during the time of the attacks.