Confusion over a hashtag over an arrested member of the hacker group led to denial of service (DoS) attacks against banks in Finland.
The Helsinki Times reported on Monday of a series of DoS attacks against Finnish banks, with one running intermittently from New Year’s Eve until the afternoon of Sunday 4th January. This was followed by a second attack which began only a couple of hours after the first attack had ended.
Attacks were targeted at banks including OP-Pohjola and Nordea, and according to Finnish security firm F-Secure, there were two other banks involved also and it came under a minor attack that it measured at 100Mb/s.
Speaking to IT Security Guru, F-Secure security advisor Sean Sullivan said that the banks that were hit faced ransom demands between ten and 100 Bitcoins, and some of the attackers were taunting the banks by posting messages on Facebook saying “thanks for paying”.
According to F-Secure’s Mikko Hypponen, the hackers were from the group calling themselves “CoreSec”. However Sullivan explained that the Finnish banks were caught in the crossfire after a confusion regarding the arrest of members of Lizard Squad.
He said: “This is related to the PSN DdoS. The UK 22 year old ‘Vinny’, who was picked up by the authorities in the UK, and the Finnish teenager ‘Ryan’, who was interviewed by the authorities here. Brian Krebs remarked on the arrest of Ryan, but that was a poor Google translation and a friend of Ryan called ‘Comrade’ who created the hashtag ‘#freeryan’ and used that as an excuse to go after Finnish banks and driving publicity to ‘#freeryan’.
“Nordea and another bank dealt with it by limiting banking to Finland and encouraged users outside the country to use a VPN. OP-Pohjola was in the news as the attackers found a weak point that they were able to DdoS in the API in one of the servers that operates the cash machines. That choke point is why this is a big deal, as they were able to find that choke point, as it is not that common.”
Asked where the confusion was, Sulliva
n said that the hashtag was created to create their own news feed and the parent of one of the Finnish banks, Danske Bank, was also hit.
Jonas Falck, CEO of Halon Security, said: “Unfortunately these attacks are very common and perhaps as one could gather relatively simple to perform, in words of mass computing power or even knowledge base, as they occur very frequently.
“The importance for any companies being a target for attack, is to carefully monitor traffic and data via network/service operations from well established providers, that are able to perform this service at a large scale. There are many ways to stop single attacks, but there are only one way to prevent attacks from succeeding – take security to the next level and scale your solutions properly with smart logics to suit your infrastructure”.