The Netherlands became the first European country to have the vulnerability of its critical online infrastructure exposed this week when cyber attackers crippled its main government websites.
Back-up safeguards that should have kicked in automatically proved completely ineffective.
The hackers' success comes as a major embarrassment for the Dutch authorities – given that France has warned of a significant increase in attacks since the Charlie Hebdo killings in January, and the United States has just created a special unit to gather intelligence and analyse live cyber threats.
Security services are concerned that although the US attacks on Sony and Home Depot and the French attacks on a number of army regiments have so far been harmless, they could be a precursor to more serious disruption to electricity supplies or air traffic control systems, for example.
It’s now clear that the attack on the Netherlands began at 10am local time on Tuesday and continued for at least seven hours, during which all the main government websites were out of action.
Phone lines down
Even the telephone lines to Prolocation, the company that hosts the sites, were knocked out.
News of the attack began to leak out the following day, forcing the government finally to concede that it had been the victim of a DDoS (distributed denial of service) attack, in which servers are flooded with enormous quantities of traffic, saturating access to the sites.
More worrying than the attack itself, say cyber experts, is the fact that neither the government information service, which owns the sites, nor their host, Prolocation, appear to have realised what they were dealing with in the first crucial hours.
“The initial symptoms pointed to a technical problem – but it then emerged that we were facing an attack from outside,” said a Prolocation statement, sounding its own alarm bells in the security community, not just in terms of preparedness but in terms of expertise.
“If you’re facing a DDoS, you know it,” replied cyber security specialist, Dr Christian Doerr, at the world-renowned Delft University of Technology.
The attack is being investigated by the National Cyber-Security Centre, but the likelihood is that the attackers will be untraceable, and that without forensic evidence it’s difficult to determine whether they were a hostile foreign country or a group of disaffected teenagers.
‘Internet street protests’
What is known is that the ease with which they can be mounted has made DDoS attacks a favourite for “groups with a grudge”, said a survey by US experts Arbor Networks last month. Activist and programmer Richard Stallman, for instance, has described them as “internet street protests”.
The report showed that the attacks are regularly staged using insecure home routers that are “hijacked” and enrolled into large groups of devices whose combined power is then used to stage the attacks – which have grown dramatically in recent years.
In 2011, Arbor said, the biggest attacks had thrown about 100 gigabits of data per second at their targets – while in 2014 the largest had increased to some 400 gigabits of data per second. In 2014 there were four times as many attacks of more than 100 gigabits per second as in the previous year.
Almost 40 per cent of the global organisations contacted by Arbor for their report said they were being hit by more than 21 attacks every month.
Interestingly though – perhaps ominously – the largest attacks tend not to be random.
“If you look at DDoS attacks and try to tie them in with geopolitical events in the past few years”, says Darren Anstee, a senior analyst with Arbor, “you will always see those events echoed in cyberspace.”