The Swedish police’s website was down late on Thursday afternoon as it became inundated with external requests.
“We’re the victims of an ongoing DDoS attack,” said spokesperson Linda Widmark, shortly before the site, polisen.se, became accessible again at around 5pm.
The Swedish Civil Contingencies Agency (MSB) is on full alert following a twelve hour period in which news organizations and police have both been targeted.
“There’s good reason to take things up a notch. We at MSB are keeping ourselves informed as regards what’s happening,” said MSB analyst Svante Nygren.
“Agencies implement measures independently. We at MSB are in charge of coordination, and if we adjudge something in the field of information security to be of a very serious nature we call in a coordination committee,” he added.
Early on Thursday morning, a client of IT service provider Basefarm fell victim to what appeared to be a deliberate hacker attack. Since then, many of the company’s other clients have also been targeted in a series of attacks which took several major Swedish news sites out of operation during the morning.
“It seems to be some form of overload attack,” Basefarm spokesperson Jan Fredriksson told the Svenska Dagbladet (SvD) newspaper.
Amongst Basefarm’s list of clientele is Swedish company Stampen, owner of Göteborgs-Posten, Nerikes Allehanda newspaper, Södertälje’s Länstidning and several other local papers.
Most of the news sites associated with these publications were back up and running again by lunchtime, but Fredriksson warned that additional work remained.
“The problem is solved, however, we still have to get all the sites up and running again. They’re not all functioning yet, but we’re getting closer,” he told SvD.
Johan Lundman of the internet communications consulting company Adeprimo added that it was still too early to declare the incident closed.
“I don’t know how things might look in half an hour,” he told the TT news agency.
Mittmedia, a media company which owns several newspapers in central Sweden, and Sundvalls-Tidning were also affected, as was Basefarm client TV4 as well as several newspapers owned by the Bonnier publishing house.
Mittmedia head Jan Cahling said all of the company’s own news websites had been affected, as well as other news sites associated with the Mittmedia-owned Mktmedia – a total of 32 news sites.
“Hackers have penetrated Basefarm’s server park in Stockholm. It shows how vulnerable society is. We chose this solution to ensure security of operations, but we now have to get to the bottom of how the operator is prepared to address security problems. This is surely not going to be the last hacking this country will see,” Cahling told TT.
Government authority, Sitic (Sveriges IT incidentcentrum), views the attack very seriously. The authority has now contacted Basefarm, offering to lend a hand.
“If they can successfully pinpoint where the attacks originate from, we can pass that information on to our international contacts and request help in those countries, so that attacks can be prevented at the source,” Sitic IT-security technician, Kristian Borryd, told SvD.
Lennart Rosqvist, head of IT at Göteborgs-Posten (GP), one of the Mktmedia newspapers hit by the attack, said part the common web platform used by the papers explains part of the reason why so many news websites were affected.
He added, however, that security at Basefarm should probably have been stronger.
“It’s obvious that you can’t protect against everything. But my understanding is that Basefarm should have had some form of protection against this. DDoS-attackers aren’t an unknown phenomenon,” Rosqvist told GP.
He added that the incident should serve as a lesson to webmasters about the dangers of having a centralized system rather than a decentralized system.
“There’s a lot to learn from this. Security must of course be reviewed,” he said.
“Something like this is completely unacceptable. There must be consequences for how service providers react in the future.”