Widespread DoS attacks paralyse public broadcaster's website
Attack on other Finnish site apparently from domestic server
The website of the Finnish Broadcasting Company (YLE) was hit on Monday and Tuesday by at least three denial-of-service (DoS) attacks, which effectively paralysed the site's service for short periods.
First indications, according to F-Secure expert Mikko Hyppönen, were that the attempts were launched by a Romanian or East European group, who had made earlier threats of such attacks.
Speaking on TV on Wednesday morning, Hyppönen did not rule out the possibility that there might be Finnish members in the attacking group.
In the course of Tuesday it was possible to access the YLE site only intermittently, owing to the massive loading from a hostile attack.
A denial-of-service attack - DoS, or in the case of a co-ordinated series of attacks DDoS (for distributed denial-of-service - is when a website is "swamped" or saturated with malicious intent by external communications requests, such that the victim site is rendered unavailable to its intended, legitimate users.
The company was able to get the servers up and running again, but is apparently braced for further attempts. The head of security at the public broadcaster was unable to identify a motive for the attacks or their possible perpetrators, but the high profile accorded the company during the Eurovision Song Contest - YLE was host broadcaster for the competition in Helsinki - was offered as one reason. YLE has not been the target of such cyber-harassment in the past.
Other Finnish sites to be hit in the past two days have included Eniro and the Suomi24 discussion forums.
In the case of Eniro, it was reported on Wednesday that one such attack was routed through a Finnish server. The company is anticipating further trouble, and forecasts that the problem may trickle down to smaller companies with a web presence.
The Finnish Communications Regulatory Authority collected information on the attacks on Tuesday and passed this to the government.
According to a data security expert at the Authority, the attacks were carried out in an exceptional fashion, making use of peer-to-peer file sharing sites, such that all requests were directed to the YLE server. The logjam was released when YLE restricted all access to the site from foreign IP addresses. There was no intent to penetrate the system, only to cause annoyance and disruption.
Attacks against websites in Estonia continued on Tuesday, apparently an extension of the disturbances that sprang up in the wake of the dispute with Russia over the relocation of the bronze World War II memorial in Tallinn (see attached article).
No evidence has been found as yet to directly link the latest Finnish incursions to those on Estonian government sites in Tallinn and elsewhere, but the Finnish government is reportedly geared up to ward off any such attacks if they should occur.
Previously in HS International Edition:
Virtual harassment, but for real (8.5.2007)
Finnish Communications Regulatory Authority
YLE News in English