Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Finnish Bank OP Under Persistent DDoS Attack 92

An anonymous reader writes The Finnish bank OP Pohjola Group has been a target of a dedicated DDoS attack for days. The attack, which investigators said was launched from both Finland and abroad, began on New Year's Eve. OP was forced to open a helpline for customers unable to confirm payments or transfer money because of jammed systems. On Saturday the firm said it would compensate people for any losses or late payment fees incurred as a result of attack. On Sunday morning the bank tweeted that its services were operating normally and even customers based outside Finland were able to access their accounts — and that it was still monitoring traffic carefully to try and ward off any renewed strikes. However, on Sunday afternoon further denial of service attacks took place delaying payments and preventing access to banking services for OP customers. A formal police complaint has been filed and OP says that KRP is looking into the case.
This discussion has been archived. No new comments can be posted.

Finnish Bank OP Under Persistent DDoS Attack

Comments Filter:
  • Too OP (Score:3, Funny)

    by buckfeta2014 ( 3700011 ) on Monday January 05, 2015 @02:55AM (#48734849)
    That traffic be too OP for OP to handle...
  • So get protection (Score:5, Insightful)

    by Guspaz ( 556486 ) on Monday January 05, 2015 @03:23AM (#48734915)

    There are service providers that specialize in DDoS mitigation. Some of them already host banks (lots of them, in some cases), and have multiple terabits of bandwidth available to survive DDoS attacks with minimal impact. They're able to mitigate attacks in the hundreds of gigabits.

    They're not cheap, but they work, and banks tend to be able to afford it.

    • by Kiuas ( 1084567 ) on Monday January 05, 2015 @04:19AM (#48735049)

      They're not cheap, but they work, and banks tend to be able to afford it.

      Well, 2 things here: The Finnish banks are rather tiny compared to large international banks and national banks in larger countries. There are only 5,4 million people in the entire country. Secondly, this is the first time to my knowledge that a DDoS attack has done anything to any bank here. All the banks use 2-step verification process, so even in a hypothetical worst case scenario in which somehow attackers would manage to get their hands into some login info, that would not compromise the funds of the customers. Not that that would be possible with a plain DDoS attack.

      In the end it comes down to the cost-benefit ratio: sure i'd be nice to have protection from DDoSing, but unless this starts to become so commonplace as to actually start costing them significant amounts of money/customers, I doubt it will happen.

      • Re:So get protection (Score:5, Interesting)

        by TapeCutter ( 624760 ) on Monday January 05, 2015 @04:49AM (#48735161) Journal

        In the end it comes down to the cost-benefit ratio

        The DDOS attack is likely to have a ransom attached to it, so it boils down to two options; spend money on honest and reliable uptime protection, or submit to the attackers dishonest and fickle protection racket. I'm pretty sure the first option would be cheaper in the long run, sure it's a relatively expensive line item on an IT budget but not enough to seriously damage the total budget of a small bank.

      • Re:So get protection (Score:5, Informative)

        by Guspaz ( 556486 ) on Monday January 05, 2015 @05:01AM (#48735197)

        That "tiny" finish bank has US$3.23 billion in revenues, around US$900 million in net income, and nearly 13 thousand employees. They can afford to pay a bit more for their servers.

        • by Kiuas ( 1084567 )

          Of course they can afford to pay more, I wasn't implying that. I was just saying that unless this starts to become a regular issue I doubt they'll do it whereas larger banks really have no choice.

        • right, so that makes denial-of-service and extortion ok?

          One day they might attack a service you use, then I'm sure you'll be singing a different tune.

      • by jhol13 ( 1087781 )

        It seems that they have not done even the most basic preventions, like traffic shaping. The ATM's should certainly have higher priority than internet traffic (and dedicated guaranteed throughput channel), but alas, they failed too. Same with shops, other banks, etc.

    • by tlhIngan ( 30335 )

      There are service providers that specialize in DDoS mitigation. Some of them already host banks (lots of them, in some cases), and have multiple terabits of bandwidth available to survive DDoS attacks with minimal impact. They're able to mitigate attacks in the hundreds of gigabits.

      They're not cheap, but they work, and banks tend to be able to afford it.

      Though it makes you wonder if companies like CloudFront and all aren't also behind paying some money to LizardSquad and such to do DDoS attacks to promote t

  • by Anonymous Coward on Monday January 05, 2015 @04:18AM (#48735041)

    In addition to OP (Osuuspankki), Nordea has also been attacked, and even Danske Bank is having troubles at the moment, though it's not known if they're being DDOSed or if it's just the usual incompetence.

  • Finland, like other countries that have had security incidents, seeks to protect itself ....

    Supo wants expanded net surveillance powers [yle.fi] - 20.6.2013

    The head of the Finnish Security Intelligence Service (Supo) has told the business daily Talouselämä that his organization wants increased funding and expanded powers to carry out surveillance of internet traffic.

    Five years ago, the Swedish Defence Radio Authority (FRA) was authorized to warrantlessly wiretap all telephone and internet traffic that crosses Sweden's borders. According to Supo chief Antti Pelttari, Finland should consider introducing the Swedish model here as well.

    "Our legal mandate is to ensure the security of the State of Finland and its social system from both internal and external threats," said Pelttari. "There must be means available to monitor what is transmitted through data networks, and the capacity to identify and evaluate anomalies," he added.

    I wonder who is attacking the Finns, and who would have reason to? Russia has been menacing Finland and its neighbors in the Baltics with incursions by aircraft and submarines. There is concern that Russia may turn on Finland after Ukraine. The Baltic states and other targets of Russia have suffered similar attacks coming from Russia.

    • Well, it is a "surprise" in the sense that the connection between intelligence agencies sniffing wire traffic and stopping DDoS attacks is tenuous at best and non-existent at worst. I do not recall any intelligence agency stopping a DDoS attack, ever. That's up to the companies and network operators handling the traffic.

      • I do not recall any intelligence agency stopping a DDoS attack, ever

        they'll be the DDoS attacks that were stopped, no wonder you didn't hear of them.

    • I knew it. Something was a-miss this morning, some hidden urge or itch was there. I am sure you know this feeling, you know something is wrong but do not know exactly what. You took cover away and then the difficult to identify feeling becomes a full blown itch and burn - this big monster is called Putin sending his proles to do their dirty deeds.

      But seriously - I know there are technical means to mitigate such attacks but they are still an annoyance and the only way to combat those is to go after the atta

    • by AmiMoJo ( 196126 ) *

      Seems like Supo has a pretty good motive to launch a DDOS attack on a Finnish bank. As long as they don't get caught and can blame it on some bad guys (Russia/North Korea/hackers) it looks like a good way to increase their budget.

    • I wonder who is attacking the Finns, and who would have reason to? Russia has been menacing Finland and its neighbors in the Baltics with incursions by aircraft and submarines. There is concern that Russia may turn on Finland after Ukraine. The Baltic states and other targets of Russia have suffered similar attacks coming from Russia.

      Russia has a complicated history with Finland. It conquered it in the early 1800s and until the time of the last tsar, it was granted a very high degree of autonomy within

  • by blind biker ( 1066130 ) on Monday January 05, 2015 @04:44AM (#48735151) Journal

    I see no other reason for this DDoS attack but vandalism of some sort. The attackers have no political agenda (this is a small Finnish bank, not one of the big tax-haven transfer banks like UBS. It also has no political connections/owners.
    The attack also has no way of obtaining any useful info, as all banks in Finland use one-time passwords for login.

    • russians

      it doesn't take much to mount a DDoS, and one or a handful of ultranationalist douchebags felt slighted by something innocuous someone in finland did or said recently

      they had to prove something about glorious russia, so down went a finnish bank

      it makes sense in some propagandized loser's head

    • by jafiwam ( 310805 )

      I see no other reason for this DDoS attack but vandalism of some sort. The attackers have no political agenda (this is a small Finnish bank, not one of the big tax-haven transfer banks like UBS. It also has no political connections/owners. The attack also has no way of obtaining any useful info, as all banks in Finland use one-time passwords for login.

      That part in bold is irrelevant.

      Often these are a distraction to get the manpower (management in a tizzy, IT busy) doing lots of stuff while they break in somewhere else. Customer accounts are not the target. The infrastructure NOT under attack at the time IS.

      It also could be as simple as "no particular reason" sometimes it is random boredom. They chose this target because they thought the logo looked stupid, or they figured they could actually accomplish something over larger perhaps "more deserving"

  • by bytesex ( 112972 ) on Monday January 05, 2015 @04:53AM (#48735173) Homepage
    • by symes ( 835608 )

      Illarionov is a bit crazy and paid (by American think tank iirc) to spout this sort of stuff. I think the chance that Putin would seriously threaten Finland is about the same that Putin would threaten Sweden. Also, Finland is very different to Ukraine in that pretty much everyone in Finland thinks Putin is crazy. In Ukraine there was and still is very strong support for Putin in some areas.

  • by msobkow ( 48369 ) on Monday January 05, 2015 @05:32AM (#48735275) Homepage Journal

    It's time we started charging those who launch DDOS attacks with "terrorism". They impact the entire public community of their target, with widespread damages and effects to both the user and provider of the DDOS'd services. Lock the bastards up when they're caught for far, FAR longer than happens now. :(

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I kind of think terrorism is not the correct tag here. Other crimes can have the same punishments etc as terrorism, so no need to put everything under terrorism. I already hate it when all kinds of stupid laws and punishments are given under the terrorism flag, even though they have nothing to do with terrorism.

    • Are you nuts? Just because it happened a few times in the past couple days we throw out common sense and sensible thinking and jump the "terrrrrism" bandwagon? Get a grip, a handful of isolated incidents with no connection whatsoever is hardly a reason to go into headless chicken mode.

      Also, why not target those that make it possible in the first place? Sure, the people who execute these attacks are criminals, but what they do is abusing an infrastructure established by people who carelessly allow them to ab

      • by msobkow ( 48369 )

        If you think DDOS attacks have only been "in the past couple days", you haven't been paying attention to the tech news for oh, maybe FIFTEEN YEARS.

        And that happens to have included government sites, hospitals, and other important infrastructure that is life threatening, not just having a financial impact.

        • OK, let me rephrase this, a few have surfaced to the public attention in the past couple days. Yes, there have been quite a few in the past. The question is, why do they just now become a public spectacle? If I was a conspiracy nut I'd probably wonder whether there is some legislation already on the horizon and we need some sort of excuse for it.

          And, again, even a death penalty for DDoSing is worth jack shit. What we need to worry about is not the petty crap of some self styled crusaders of some nebulous ca

    • It's time we started charging those who launch DDOS attacks with "terrorism".

      No, just denial of service and extortion. It's not terrorism. These things are already illegal.

  • Could be a customer of the disgruntled kind. At least that was my first thought.

  • Unlike ecommerce sites that are open to any new customers, it seems a bank could easily have warded off such an attack with a Bayesian or other learning algorithm. Assuming two-factor auth, you have a list of all of your clients most common authenticated IP addresses. Add those to an allow or positive factor list. Then take all unknown IPs and add them to a negative list. When you are being overwhelmed by a DDOS, the negative list can simply be discarded while the positive list has priority at the router. W
  • Anyone checking the back door while the front one is being DDoSd?

    It's a great distraction to take eyes of a real attack via more profitable and less visible vectors.

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...