Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finnish Bank OP Under Persistent DDoS Attack

Posted by samzenpus on from the breaking-the-bank dept.

An anonymous reader writes The Finnish bank OP Pohjola Group has been a target of a dedicated DDoS attack for days. The attack, which investigators said was launched from both Finland and abroad, began on New Year's Eve. OP was forced to open a helpline for customers unable to confirm payments or transfer money because of jammed systems. On Saturday the firm said it would compensate people for any losses or late payment fees incurred as a result of attack. On Sunday morning the bank tweeted that its services were operating normally and even customers based outside Finland were able to access their accounts — and that it was still monitoring traffic carefully to try and ward off any renewed strikes. However, on Sunday afternoon further denial of service attacks took place delaying payments and preventing access to banking services for OP customers. A formal police complaint has been filed and OP says that KRP is looking into the case.

12 of 92 comments (clear)

  1. Too OP by buckfeta2014 · · Score: 3, Funny

    That traffic be too OP for OP to handle...

    --
    Buck Feta. You know what to do.
  2. Re:This is a good thing by davester666 · · Score: 3, Funny

    God prefers stone tablets. They last longer, at least if you don't intentionally smash them...

    --
    Sleep your way to a whiter smile...date a dentist!
  3. So get protection by Guspaz · · Score: 5, Insightful

    There are service providers that specialize in DDoS mitigation. Some of them already host banks (lots of them, in some cases), and have multiple terabits of bandwidth available to survive DDoS attacks with minimal impact. They're able to mitigate attacks in the hundreds of gigabits.

    They're not cheap, but they work, and banks tend to be able to afford it.

    1. Re:So get protection by Kiuas · · Score: 5, Insightful

      They're not cheap, but they work, and banks tend to be able to afford it.

      Well, 2 things here: The Finnish banks are rather tiny compared to large international banks and national banks in larger countries. There are only 5,4 million people in the entire country. Secondly, this is the first time to my knowledge that a DDoS attack has done anything to any bank here. All the banks use 2-step verification process, so even in a hypothetical worst case scenario in which somehow attackers would manage to get their hands into some login info, that would not compromise the funds of the customers. Not that that would be possible with a plain DDoS attack.

      In the end it comes down to the cost-benefit ratio: sure i'd be nice to have protection from DDoSing, but unless this starts to become so commonplace as to actually start costing them significant amounts of money/customers, I doubt it will happen.

      --
      "It is the business of the future to be dangerous" -Alfred North Whitehead
    2. Re:So get protection by TapeCutter · · Score: 4, Interesting

      In the end it comes down to the cost-benefit ratio

      The DDOS attack is likely to have a ransom attached to it, so it boils down to two options; spend money on honest and reliable uptime protection, or submit to the attackers dishonest and fickle protection racket. I'm pretty sure the first option would be cheaper in the long run, sure it's a relatively expensive line item on an IT budget but not enough to seriously damage the total budget of a small bank.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    3. Re:So get protection by Guspaz · · Score: 5, Informative

      That "tiny" finish bank has US$3.23 billion in revenues, around US$900 million in net income, and nearly 13 thousand employees. They can afford to pay a bit more for their servers.

    4. Re:So get protection by Gaygirlie · · Score: 3, Informative

      Actually, it seems the attackers are mostly just a loose bunch of youngsters trying to emulate the big groups, ie. Lizard Squard and Anon et.al. I certainly have not heard anything hinting towards any ransom. F-Secure already has identified and knows from before of several of the attackers, so we can expect arrests soonish.

  4. More than one bank under attack by Anonymous Coward · · Score: 5, Funny

    In addition to OP (Osuuspankki), Nordea has also been attacked, and even Danske Bank is having troubles at the moment, though it's not known if they're being DDOSed or if it's just the usual incompetence.

  5. OP customer here: this must be pure vandalism by blind+biker · · Score: 4, Informative

    I see no other reason for this DDoS attack but vandalism of some sort. The attackers have no political agenda (this is a small Finnish bank, not one of the big tax-haven transfer banks like UBS. It also has no political connections/owners.
    The attack also has no way of obtaining any useful info, as all banks in Finland use one-time passwords for login.

    --
    "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    1. Re:OP customer here: this must be pure vandalism by circletimessquare · · Score: 4, Interesting

      russians

      it doesn't take much to mount a DDoS, and one or a handful of ultranationalist douchebags felt slighted by something innocuous someone in finland did or said recently

      they had to prove something about glorious russia, so down went a finnish bank

      it makes sense in some propagandized loser's head

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. I'll just leave this here by bytesex · · Score: 4, Interesting

    http://www.independent.co.uk/n...

    --
    Religion is what happens when nature strikes and groupthink goes wrong.
  7. Re:Getting out of hand by Anonymous Coward · · Score: 3, Interesting

    I kind of think terrorism is not the correct tag here. Other crimes can have the same punishments etc as terrorism, so no need to put everything under terrorism. I already hate it when all kinds of stupid laws and punishments are given under the terrorism flag, even though they have nothing to do with terrorism.