Cyber ​​attacks Finland is also facing signs of cyber warfare – US administration security expert: “Traffic heuristics are confused”

Ukraine the war reflects the network where the cyber war is waged. Several HS sources say that exceptional palpation and denial-of-service attacks have also been observed in Finland recently.

The authorities have doubts about Russia.

Finnish authorities do not comment on suspicions under their own name, but US administration security expert following cyber war in US Harri Hursti says Russian denial-of-service attacks and other elements of cyber warfare have increased significantly globally in recent times.

“Traffic heuristics are confused at the moment. We cannot monitor the situation in the normal way. ”

One of the most prominent Finnish companies affected by the denial of service attack is Nordea, whose services were blocked on the last day of February.

According to several HS sources, the state administration has suspected Russia as the country of origin of Nordea’s denial of service attack.

HS has tried to find out the origin of the attack from several domestic sources, but no certainty has been found.

Read more: The banking supervisor urges Finnish banks to prepare for cyber risks due to the war launched by Russia

Read more: Financial Supervision Authority: Denial of service attack on Nordea was “exceptional and long-lasting”

Burlap is aware of the denial-of-service attack on Nordea, but has not followed the matter further from the United States. During the interview, however, Hursti becomes interested in the subject when asked why the origin is so difficult to study.

Hursti is one of Finland’s most legendary hackers, who rose to fame at the request of the United States by hacking federal voting systems, which has led to the renewal of the systems. HBO has done Hurst with the documentary.

Today, Hursti works on information security for the U.S. administration, among others, which gives him a good view of what’s going on online.

Anyone can monitor Finnish network traffic via the Finnish Communication and Internet Exchange (Ficix).

Hursti watches the traffic of the Russian internet company Yandex’s Finnish computer room during February. This is a kind of road that Russians can use in Finnish network traffic.

There is a clear discrepancy in the early and middle stages of the month. The security expert is pondering.

“Normally, Yandex’s traffic is one gigabit per second, but by mid-February the number is a multiple.”

“The number of packets is not growing at the same time, which means that is not normal communication traffic. Yandex may also be the target of an attack. “

Others for operators, one thing catches Hurst’s eye.

“It is strange that all Finnish operators had much more traffic in the first two weeks of February than in the third week of February onwards.”

In other words, something strange happened in Finnish online traffic with Hurst in February, but without further explanation it is impossible to say what it means.

Normal traffic volume may mean that Nordea’s denial of service attack was not carried out, at least with traffic congestion, but probably by attacking the company directly at the application and protocol level.

In this case, the protection mechanisms are the responsibility of the company, not the operators.

Burlap says companies and government should be prepared for the current cyber warfare because the United States has warned so clearly.

“A month ago, the White House announced that there is no such small kiosk that Russia’s attack on Ukraine could affect it. The week before the attack, the administration issued a message three times in one day Shields upthe point is rumbling. ”

Currently, the use of the Internet is restricted in Russia, Western actors have blocked Russian actors and various factions are hitting each other.

The entire global network is now in a certain state of emergency. Denial-of-service attacks, called side hits, can also target actors who were not originally targeted.

Nordea’s denial of service attack has also been suspected of a certain kind of side hit.

According to Hurst, it is easy to defend yourself and investigate attacks in Finland because the traffic is so small.

“For example, exactly two years ago, the net traffic at Netnod’s connection point in Sweden was 1712 gigabits per second, while in Finland it was 27 gigabits per second.”

“Finland is a backyard. There are no big computer rooms either, so even internal attacks can go through quickly. ”

Bridge the current cyber war, according to Hurst, has already revealed much about the background to the proliferation of phenomena on the Internet in recent years.

Hursti explains how the blocking of one network operator operating in Russia led to a surprising result.

“After this one blockade, anti-covid material destined for Canada was reduced by 95 percent. We got across the umbilical cord. ”

Anonymous, who has declared a cyber war in Russia, is a serious gambler in cyberspace, Hursti says. However, Anonymous is misunderstood in the public debate.

“There is no such faction, not even a loose alliance. But when an announcement is made in the name of Anonymous, hundreds of different groups listen. This can also mean state actors. ”

Read more: Volunteers take over Ukraine’s cyber war – Robbers and police jump to the same side

Hursti has browsed various databases that Anonymous has dug out of Russia. For example, the entire ecosystem of the Russian Ministry of Defense is now shared on the Internet.

Hackers acting on behalf of Anonymous are said to be targeting attacks around Russia at the moment.

“For example, all of Sberbank’s private money transactions have been published. There may be information of interest to Finns as well, ”Hursti suggests.

On the other side Russia’s famous “troll farms” have begun to distribute fake footage from Ukrainian journalists. Hursti says that shortly before the attack in the United States, various false memes began to spread, intended to cause divisions within the state.

So far, however, the attacks by pro-Russian factions have remained somewhat mild, according to Hurst.

An example is the case of Conty, a cyber gang that supports Russia.

“They immediately declared their attack on all those who support Ukraine. A few hours later, however, one of Cont’s members shared all of the group’s messaging traffic. ”

“Contin’s lines fell apart in a couple of hours. In this situation, there is an exceptional charge of emotion, when even professional criminals no longer remain professional criminals. ”