Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finnish Bank OP Under Persistent DDoS Attack

Posted by samzenpus on from the breaking-the-bank dept.

An anonymous reader writes The Finnish bank OP Pohjola Group has been a target of a dedicated DDoS attack for days. The attack, which investigators said was launched from both Finland and abroad, began on New Year's Eve. OP was forced to open a helpline for customers unable to confirm payments or transfer money because of jammed systems. On Saturday the firm said it would compensate people for any losses or late payment fees incurred as a result of attack. On Sunday morning the bank tweeted that its services were operating normally and even customers based outside Finland were able to access their accounts — and that it was still monitoring traffic carefully to try and ward off any renewed strikes. However, on Sunday afternoon further denial of service attacks took place delaying payments and preventing access to banking services for OP customers. A formal police complaint has been filed and OP says that KRP is looking into the case.

2 of 92 comments (clear)

  1. So get protection by Guspaz · · Score: 5, Insightful

    There are service providers that specialize in DDoS mitigation. Some of them already host banks (lots of them, in some cases), and have multiple terabits of bandwidth available to survive DDoS attacks with minimal impact. They're able to mitigate attacks in the hundreds of gigabits.

    They're not cheap, but they work, and banks tend to be able to afford it.

    1. Re:So get protection by Kiuas · · Score: 5, Insightful

      They're not cheap, but they work, and banks tend to be able to afford it.

      Well, 2 things here: The Finnish banks are rather tiny compared to large international banks and national banks in larger countries. There are only 5,4 million people in the entire country. Secondly, this is the first time to my knowledge that a DDoS attack has done anything to any bank here. All the banks use 2-step verification process, so even in a hypothetical worst case scenario in which somehow attackers would manage to get their hands into some login info, that would not compromise the funds of the customers. Not that that would be possible with a plain DDoS attack.

      In the end it comes down to the cost-benefit ratio: sure i'd be nice to have protection from DDoSing, but unless this starts to become so commonplace as to actually start costing them significant amounts of money/customers, I doubt it will happen.

      --
      "It is the business of the future to be dangerous" -Alfred North Whitehead