The teens admitted to the attacks via a website on Friday, according to Sweden’s TV4 news. The hacks, believed to be in the form of DDOS attacks, shuttered the websites of train operators SJ, as well as those of south Swedish public transit operator Skånetrafiken, Region Skåne, and Sweden’s alcohol retail monopoly Systembolaget.
A DDOS attack entails a website being bombarded with communication requests so that the servers become overloaded and the site crashes.
Lars Förstell, a spokesman at the Malmö police, chose not to comment on whether the teenagers’ claims were credible.
“Right now we’re putting a lot of resources into this so we can get to the bottom of it quickly,” he told TV4.
“It’s serious criminal activity to go after societal functions such as Region Skåne, so we are working intensively on this,” he added.
Region Skåne is self-governing authority of Skåne, the southernmost county of Sweden, and is responsible for managing the region’s public health system.
The attacks also took down government-owned rail operator SJ on Wednesday and through Thursday, making it impossible for passengers to purchase train tickets online or at ticket machines at stations around the country.
Lars-Göran Emanuelson, an expert at the Swedish Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap, MSB), said on Thursday that such attacks are “not uncommon” and that the goals of the attackers can vary.
“I could only speculate about the reason behind this specific attack,” he told the TT news agency after SJ was hit. “But it’s usually based on some kind of displeasure.”