Posted on October 16, 2017 at 4:49 PM
During last week DDoS caused train delays on two separate occasions in Sweden.
Two separate DDoS attacks managed to infiltrate the Swedish train IT network last week, which caused train delays on 11 and 12 October.
The first attack, which occurred last week Wednesday morning, managed to infiltrate the Sweden Transport Administration (Trafikverket) using two of its internet service providers, TDC and DGC. According to reports, the DDoS attacks managed to crash the IT system which is responsible for monitoring locations of active trains and communicating with operators. This attack also managed to shut down the federal agency’s email network, website, and live road traffic maps.
According to the Swedish press, during this time public transport users were unable to reserve tickets on any public transport or receive an update pertaining to the delay. In addition, Trafikverket used social media to update travelers on the events.
A spokesperson from Trafikverket’s press department, Sven Lindberg stated that the DDoS bombardment affected Trafikverket’s entire system, including the system designated for trains, as well communication systems such as email and Skype. Lindberg confirmed that Trafikverket’s department is currently conducting an investigation regarding the events, and reviewing their policies on protecting a similar attack in the future.
Spokespersons from the agency also confirmed that while the attacks were mainly directed at their service providers, TDC and DGC, the attack was constructed in a such a way that it affected the transport systems directly.
During this attack and for a short while afterward, all train traffic control and other affected services had to manage manually by utilizing backup processes.
While the systems were restored within a few hours, the delays caused by the crash affected the entire day’s schedule, not to mention the thousands of travelers who rely on public transport in their day-to-day lives. At this point, the agency’s road traffic maps are still experiencing issues.
The following day, a second DDoS ensued which affected the Swedish Transport Agency’s, Transportstyrelsen’s, website. The Swedish Transport Agency is separate from Trafikverket and is a governmental agency which regulates and inspects public transport systems. The second DDoS attack also infiltrated the systems of the Western Sweden public transport system, Vasttrafik. The attack managed to crash their reservation system as well as the online planning service.
While the attacks themselves were diffused within a few hours and did not cause detrimental harm, the targets of the attack, as well as the nature of the attack, has hinted at cyberwarfare implications.
The attack in question has caused both Swedish officials and security experts to believe that the attack could possibly be a probe into a prominent sector of Sweden’s infrastructure. Ostensibly, to see how Swedish officials and citizens might react in the event of such an attack.
So far, some have speculated that Russia might be responsible for these attacks. Two weeks ago, reports surfaced which confirmed that Russia is currently involved in testing cyber-weapons in the Baltic Sea region.
This is also not the first time that Sweden has experienced cybercrimes, perhaps at the hands of the Russian Federation. During April 2016, Swedish Officials placed the blame on Russia for cybersecurity attacks which affected their air traffic control systems which caused flights to remain grounded for an entire day during November 2015.