Background information
EU police want access to encrypted communication – a detailed look
by Florian Bodoky
DDoS attacks in Switzerland – what’s behind them?
16.6.2023
Translation: Patrik Stainbrook
Since last week, there have been numerous DDoS attacks on Swiss companies and authorities. Who’s behind them and why do they happen at all?
Since the beginning of June, you hear about it almost daily: DDoS attacks. Among the most prominent victims are the SBB and the federal administration. But hackers are also targeting numerous other government agencies. Since June 14, the intensity has even increased. In a Telegram channel, a group called NoName057(16) names new targets they have attacked almost every hour (or so they claim). Sometimes, however, they announce that an attack was «successful». Usually, «successful» means that the target website is down or a service has stopped working.
Source: Florian Bodoky
Take the website for the city of Zurich, it’s currently down (as of 16 June, 2:02 p.m.). A few days ago, the SBB ticket store was hit. By the way: Digitec Galaxus AG is also in the crosshairs. It’s why you couldn’t access Galaxus.ch for a short time on 15 June. However, it’s also important to note that not all reports posted by NoName are actually confirmed. If you want to know whether a website is currently really unreachable, you can enter the URL at check-host.net, for example, and start a query.
Who or what is NoName057(16)?
NoName057(16) claims it’s a pro-Russian hacker group. On various Telegram channels, the group also explain their intentions and motivations.
Source: Florian Bodoky
They also make threats and state that they’re an independent group of volunteers. There’s now also a Wikipedia article about them. However, it still has gaps and unverified information.
Why is the group doing this?
NoName also candidly share their motivations. The hackers carry out these attacks to support Russia in the war against Ukraine. Apparently, they’re intended to hit, if possible, all states that they view as supporting Ukraine in this conflict. Targets therefore aren’t only in Switzerland, but also in many EU member states such as Germany, France and Italy.
In recent days, Switzerland has been hit particularly hard. A probable reason for this is the virtual appearance of Volodymyr Zelenskyy in the Federal Parliament. The Ukrainian president addressed the Swiss parliament in a video message on 15 June, thanking it for its support. Interesting: NoName is apparently very well informed about what’s going on in Swiss politics. Not only did they know about Zelenskyy’s speech, but they also praised SVP members of parliament, most of whom stayed away from Zelenskyy’s address.
However, this probably isn’t the only reason for the attacks. Some happened earlier, for example, on 12 June, a national holiday in Russia. We also can’t say whether DDoS attacks will stop any time soon. Currently, they haven’t ceased.
Source: Florian Bodoky
For the sake of completeness, it should be noted that there are also Ukrainian groups that carry out such attacks. So far, they seem to have exclusively targeted Russian systems.
Who supports sNoName057(16)?
I’ve looked at the NoName Telegram channels. Reading through the posts (that is, the DeepL translations), it appears the group is primarily Russian-speaking, though not exclusively so. So, no general conclusions can be draw about their affiliations.
Interestingly, NoName also offers «DDoS lessons». In an ad, the criminals mention it: «DDosia Project is a hacker community where you will be shown and told how to carry out DoS attacks of different classes, for example L7. L7 – Degradation of the Web application (extraction of specific information from the database, memory or disk, banal exhaustion of server resources). Come in, they’ll teach you everything…»
Source: Florian Bodoky
In this ad, NoName is looking for supporters. New members receive the necessary software to participate in DDoS attacks. Potential supporters don’t need previous knowledge. In addition to online help, NoName also offers written step-by-step instructions. Particularly diligent helpers and assistants may even be paid. Rewards flow into a crypto wallet, created beforehand.
Source: Florian Bodoky
What even is a DDoS attack?
DDoS stands for Distributed Denial of Service. This involves flooding targets, such as websites, with queries from as many different places as possible. If the flood of requests is large enough, it overloads the server hosting the attacked website. It can then no longer handle ordinary requests. This means that the page becomes slower or is no longer accessible at all.
Source: Florian Bodoky
One possible tactic for such an attack is to create a botnet. This defines an attempt to smuggle malware onto a computer or smartphone and then take over the device. From then on, it can also be used for DDoS attacks.
The more computers are interconnected, the more effective the DDoS attack is. This is exactly what happens when people follow the DDosia call and install the offered software on their computers.
In general, DDoS attacks aren’t an exact, targeted hit. However, they can be intimidating to laypeople. Attackers can use them to make a good show of themselves and, last but not least, they cost the affected company money and resources.
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
Security
Follow topics and stay updated on your areas of interest
10 comments
later