Someone knocked out Sweden's major newspapers for three hours

  • Liam Tung (CSO Online)
  • 21 March, 2016 08:53

Swedes are reflecting on the implications of an attack that levelled nearly every major news website for three hours on Saturday evening.

News sites targeted in the distributed denial of service (DDoS) attack that began at around 8pm on Saturdayincluded (Svenska Dagbladet),(,, (Dagens Nyheter), (Goteborgs Posten), (Dagens Industri), (Helsingborgs Dagbladet) and The sites are the online properties of Sweden’s largest daily newspapers.

The incident left a significant portion of the nation's main new sites unreachable for three hours. However the website of Sweden’s national radio broadcaster Sveriges Radio remained online throughout the apparent coordinated attacks.

Prior to the incident, someone using a Twitter profile “notJ” threatened the Swedish government and media for “spreading false propaganda”. A link between the coordinated attacks and the tweet has not been established.

Sweden’s Interior Minister Anders Ygeman said the “deeply troubling” incident was an “attack on free speech”. The minister has now invited media companies to discuss the attacks as part of Sweden’s national cyber security review.

Swedish police have launched a preliminary investigation into the incident.

It’s not clear who was responsible for the attack, however reports point to traffic originating from Russian IP addresses. That may however merely reflect infected computers used in the attack rather than who instigated it.

Suspicion that Russia was behind the attack isn't unfounded. The Georgian Prime Minister’s website was knocked offline prior to the nation’s military conflict with Russia in 2008. More recently, DDoS attacks on Russian and NATO websites have been tensions in Crimea.

However, DDoS attacks are now a commodity with so-called "stresser" or "booter" services promising to cripple a targeted domain for fees that are far smaller than the cost of operating a website.

The Swedish news outage follows a December DDoS attack on the BBC which left its online properties, including its iPlayer app, unavailable for several hours. A person or group that claimed responsibility for the attack said the traffic it sent to the BBC breached 600Gbps, which if true would exceed all previously recorded DDoS attacks.

Security firm Arbor Networks in January reported that DDoS attacks had climbed from 400 Gbps in 2014 to 500 Gbps in 2015. Content delivery network provider CloudFlare in March reported a correlation between DDoS attacks reaching 400Gbps and the weekend, suggesting that attackers are employed and launching the attacks in their spare time.

High Consequence Cyber Crime: The Crime of the Century

Organised criminals : Harness the power of analytics to detect breaches early and minimize their exposure.

Download NOW

Take this 5 minute survey on The State of Cloud Storage & Collaboration 2016 and go in the draw to win a $500 Visa credit card.Start Survey NOW