The attack was carried out by “Anonymous”, the hacktivist group which has previously claimed responsibility for cyber attacks against Sweden and which on Tuesday issued a video warning of new attacks.
Internet users who attempted to use the health board’s website on Tuesday night were met with a message from the group:
“We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us,” together with a final refrain which read: “Fuck Swedish,” the Nyheter24 news website reported.
Furthermore, Sweden’s Courts Administration (Domstolsverket) website, domstol.se, was also crippled on Wednesday morning, in an attack similar to those which left several Swedish websites inaccessible on Monday.
“We’re looking into it. There’s definitely a disturbance but have no details yet about what’s lying behind this,” Courts Administration spokesperson Håkan Sonesson told the TT news agency.
Anonymous posted a video on YouTube on Tuesday warning of future attacks.
In the video, a masked spokesperson claiming ties to Anonymous warns:
“Swedish government; you know our capabilities and what we want! The choice is yours.”
Anders Nilsson, technology head for security company Eurosecure, explained that attacks like the one that hit the health board’s website aren’t especially dangerous.
“The worst is if there’s a login service and they can succeed in luring a logged-in person to click on something they’ve built in there. When you’re logged in, you have particular cookies, and then the hacker can steal them and thereby be logged in themselves,” he told Nyheter24.
On Monday, a series of Distributed Denial of Service (DDOS) attacks occurred in Sweden which paralyzed the websites of several banks, Sweden’s main news agency TT, as well as a number of Swedish government agencies.
During a DDOS attack, a website is bombarded with communication requests so that the servers become overloaded and the site crashes.
Anders Hansson, head of the Computer Security Incident Response Team with the Swedish Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap – MSB), explained there was little organizations could do to protect themselves against DDOS attacks.
“If those who lie behind the attack have decided to bring a website down, then it’s going down. The challenge is to shorten the time the side is down by filtering and softening the attack,” he told the TT news agency.
Hansson’s agency is currently attempting to inform companies and government agencies about the threat of potential attacks.
“When there are threats, we take them very seriously and try to assess what the targets might be,” he said.
The identities behind Anonymous, as well as their motives, remain unknown.
By late Wednesday morning, the websites for the health board and the Courts Administration were functioning normally again.