D66 MP Alexander Hammelburg has asked Defense Minister Kajsa Ollongren and State Secretary for Digitization Alexandra van Huffelen for clarification about the DDoS attack last Tuesday. At that time, a Dutch server is said to have played a coordinating role in an attack on Ukrainian websites.
Hammelburg wants to know how many cyber attacks have been carried out against Ukraine since 2014. He also wants to know how many of these passed through the Netherlands. He also wants an answer to the question of what the risks are for the Netherlands if cyber-attacks run via Dutch servers. Another question he asks is what the Netherlands is doing to stop the attacks.
The D66 MP is also curious whether a link can be made between the cyberattack and the support that the Netherlands offered Ukraine in the digital war against Russia. Finally, he asks: “In addition to cyberattacks on Ukraine via the Netherlands, are there other countries that are periodically attacked via the Netherlands?”
Ollongren and Van Huffelen have three weeks to respond.
DDoS attack via the Netherlands
Hammelburg asks these questions on the basis of an analysis by BNR last Tuesday. They found that the ‘Distributed Denial of Service (DDoS)’ attack was carried out from a command-and-control server in Amsterdam. With this, hackers shut down a large part of the websites of the Ukrainian ministry and banking system.
Cybersecurity expert Rickey Gevers tells BNR that the attack resembled a so-called DNS amplification DDoS attack. This means that attackers don’t necessarily use an army of individual computers to bring down the network. They send many requests through one or more servers, which in turn coordinate the computers. In this case servers from the Netherlands. The result, according to Gevers: “From the perspective of the victims, a lot of traffic comes from the Netherlands.”
However, the Netherlands is not the only country where servers have been misused for this purpose. The cybersecurity expert also points to servers in Russia, China, the Czech Republic and Uzbekistan. However, these attacks have been repulsed, Ukraine’s Digital Transformation Minister Michaelo Fedorov reported on Telegram.
Ukrainian bank accuses the Netherlands
Immediately after the attacks, the founder of one of the affected banks raised the alarm on Facebook on Tuesday: “Our bank, and many others, have been attacked, with different outcomes. We are continuously receiving attacks from the Netherlands.”
The cybersecurity consultant of the Ukrainian Black Trident also does not rule out that a server from the Netherlands was deliberately chosen to carry out the attack. “You recently offered cyber support. It could be that this is being referred to.” However, Gevers states that this is absolutely impossible to prove, because “this looks like a ‘normal’ DDoS attack. One that is accessible to countries as well as, unfortunately, to kids.”
However, the chance that the attack was set up by a teenager is very small. Ukrainians also received text messages about ATMs that were said to be out of order, while this was not true. This combination of disinformation and a DDoS attack seems to indicate a larger conspiracy.
Unprecedented big attack
Ukrainian authorities reported that they were able to fend off the attack well. According to them, it was the largest cyberattack in the country ever. BNR reporter Geert Jan Hahn doubts this because not everything is known about this yet. “They call it an unprecedented attack themselves. Specifically, the intensity at which the attacks took place, so it was quite intense. They don’t really know what the damage is yet.”
It is also still unknown whether it was an attack by a nation or by a collective of hackers. The attackers are known to have used the Mirai botnet. This is a botnet that uses Internet of Things ( IoT ) devices to carry out the attack. Think of all devices that are connected to the internet, such as your smart fridge.
Dutch server now offline
The Dutch server that the criminals used for the attack has been taken offline at the request of the police. Two companies involved confirm this to BNR.
One of these companies, SKB Enterprise, has previously been involved with the far-right Visor on the Left. This organization intimidated ‘left-wing’ people. In doing so, it ‘unmasked’ politicians, scientists and teachers, among others, by publishing addresses and contact details. However, if doxing wasn’t enough, people were also intimidated at the door.
Catch up on more articles here
Follow us on Twitter here