Among those affected are Altinn, the Norwegian Labor Inspection Authority and BankID. The hacker group writes on their website that they will attack the police, UDI, BankID, the ID gate at Difi, Nav and several other Norwegian websites and online services, writes NTB.
IT expert: – Classic denial of service attack
Torgeir Waterhouse, adviser to Otte, calls the attack and “classic denial of service attack”. Such an attack is designed specifically to prevent services from working, by generating traffic to such a level that the service becomes congested. The situation can be compared to restricting traffic on school roads, where people continuously lose their way, so that car traffic stops.
It is reasonable to assume that there are more people who notice the warning than the attack itself. Waterhouse says that what we see is an “attack on the outside”. This means that the large traffic that generates prevents the user from reaching the “door”. Attacks of this kind usually aim to create mistrust between us and the authorities.
It later does not appear that there is cause for concern that this particular attack will lead to a leak of personal data.
– With the information we have at the moment, there is no reason to believe that the information inside is lost, Waterhouse says.
– Attacks on the entire functioning of our society
In an e-mail to Dagsavisen, Lars-Henrik Gundersen, CEO of NorSIS, writes as follows:
– This is an attack on the entire functioning of our society. The attackers outsource services that both individuals and companies depend on for society to function. It is particularly critical that services such as Altinn and the ID port are affected. These are services we must have high confidence in and which we expect to work when we need them. This stops access to important correspondence between companies, papers and forms used by both individuals and companies every day. This can cause production and progress in a company to stop, e.g. in that it is not possible to submit a large tender before the deadline expires. Affecting a financial institution, for example, can have enormous financial consequences.
Gundersen continues the same as Water, that there is no reason to believe that data will go astray:
– There is no reason to believe that data is going astray in this attack. This is a so-called denial-of-service attack, which means that the websites receive so much “garbage traffic” that they are unable to handle it. The measures that are put in place are to try to limit this traffic, for example by only allowing Norwegian IP addresses to reach the website. Equal attacks can last from minutes to many hours. It must be expected that more websites will be affected during the day.
Such an attack is also a desire from the attackers to show what they are capable of, and often comes as a reaction to something the attackers disagree with, Gundersen writes.
Keep yourself updated. Receive a daily newsletter from Dagsavisen
Denial of service is a data attack which means that information, resources or services become completely or partially unavailable (denial of service), and which then threatens the security service availability.
(Source: Store Norske Leksikon)