Mystery online attack briefly shuts down Helsingin Sanomat web pages Tuesday afternoon
When the web pages of the Finnish police, the Border Guard, Helsingin Sanomat, and the late-edition tabloid Ilta-Sanomat crashed early Tuesday afternoon, even the experts were initially astounded. There was a furore in the social media and the traditional media when it appeared that a number of Finnish institutions were targets of online sabotage.
Mikko Hyppönen, head of research at the internet security company F-Secure, said that the attacks might be part of a worldwide operation. One possible indication of this was an attack against the servers of the US server company Godaddy which caused the pages of thousands, and possibly millions of the company’s customers to crash.
However, it soon became apparent that Tuesday’s events were probably not a widespread operation targeting Finland, but rather a sum of strange coincidences, which reveals much about the chaotic nature of the internet and related fears.
There actually was an attack against the servers of Sanoma News, which has Helsingin Sanomat and Ilta-Sanomat among its publications. The pages crashed under the weight of massive amounts of traffic from computers in Eastern Europe and other parts of the world which had been hijacked for the purpose with the help of malware.
The apparent target was the online news service of Helsingin Sanomat. User information was not compromised.
It was a pure coincidence that a technical fault caused the web pages of the police and Border Guard to crash at about the same time. Both the Finnish Communications Regulatory Authority (FICORA) and the ICT Agency HALTIK said that there was a problem with a cable running between Helsinki and Rovaniemi.
HALTIK, which provides technical data and communication services as well as contact services required for maintaining internal security in Finland, has its main headquarters in Rovaniemi.
"There is no reason to suspect that these events would have anything in common other than the time at which they occurred", says Kauto Huopio, a senior data security expert at Cert-fi, the data security unit of FICORA.
The attack against Helsingin Sanomat Sanoma was strong, but not exceptional. These kinds of "denial of service" attacks against Finnish companies are an almost daily occurrence.
Such attacks can be motivated by mischief, a desire to impress, or blackmail. Usually the targets of such attacks stay silent. Responsibility for Monday’s massive attack on Godaddy was claimed by an individual hacker.
Tuesday’s attack against Sanoma was exceptional in that nobody had claimed responsibility for the action by the evening. The short duration of the attack was also unusual. The hacking could have involved some kind of contest, or even a systems test. Helsingin Sanomat has never experienced an attack like it before.
In any case, the events on Tuesday appeared to confirm warnings of many data security experts on the vulnerability of the information society. In some scenarios it has been suggested that online attacks could be capable of shutting down online banking, or interfering with the distribution of electricity.
The possibility of an online attack is a scenario that has been discussed so much that its threat seems to lurk in the same way that the threat of nuclear war used to. The fact that Tuesday’s events seem to be a sum of coincidences does not remove the threat.
The mess also shows how very difficult it is to prepare for online attacks and to clear them up once they occur.
The furore that emerged after Tuesday’s episode indicates how psychologically significant the most visible pages on the internet are, even though their crash did not cause Finland as a whole to grind to a halt.