In the last week, the websites of several financial institutions, media outlets and telephone service providers in the Czech Republic have become the target of sophisticated and coordinated cyber attacks. While the attacks, believed to have come from abroad, have overwhelmed and briefly paralyzed the sites in question, they have reportedly not caused significant damage. Nevertheless they have raised major concerns about the security of the Czech internet – which is something we discussed with Ondřej Filip, the CEO of CZ.NIC, the body that oversees the Czech web.
“We had a series of four attacks last week from Monday to Thursday. Currently, the attack that a bank is facing is an attack of a completely different kind and is completely unrelated to those previous attacks. The motive for the attacks from last week is quite unclear. And nobody published any messages or has claimed responsibility.
“The attack this week was made by a group called Czechurity and they really wanted to be visible. They wanted to show that the DDoS attacks from last week are less important, that they can do a much better job.”
The attack this week, what exactly did they want, and why did they carry it out now, in the wake of last week’s attack?
“I think it was a reaction, they wanted to show people that last week’s Denial of Service attacks blocked some pages, but no personal data was stolen. They wanted to show that they penetrate a system, they can modify data – which is a much more dangerous type of an attack. So, the Czechurity group wanted to use the media attention to get much better visibility than they would have if the had carried it out at another time.”
Was it possible to trace where the DDoS attacks were coming from?
“Sort of. We were able to trace that the core of the attack from outside of the Czech Republic, from a Russian internet service provider. And we are currently trying to communicate with our Russian partners to find out more and to find the real origin of the attacks. It could be from somewhere inside that network, or it could be coming from somewhere else.”
Do you know what the losses are for the companies whose sites were attacked?
“The losses from these attacks were really minimal. The attackers were able to stop their services for a few hours, but no data was stolen. So, probably the major problem was that they were able to disable online banking for some of the banks and of course the media image of the Czech [internet] infrastructure was seriously damaged. But there was no real impact that we could measure in monetary terms.”
Is it possible to preempt or prevent these kinds of attacks, particularly the DDoS type?
“Generally, it’s not so easy. Probably the easiest way of preventing those types of attacks is to build much higher capacity to be able to absorb those kinds of attacks. We were able to find some patterns in the attacks that we experienced last week that helped us increase the level of protection. For example, on Thursday, the last day of the attacks, some of the networks were able to eliminate the attack earlier, before it finished.”
“I think, yes, there is. To be honest, the scale of the attack was really not massive. It was more of a mid-size attack. We drew a lot of lessons from these weeks and we are not preparing for a similar type of attack but rather for a much bigger and broader attack, and this will be a very serious topic of discussion in the next few days.”