On Thursday, the Norwegian police have arrested and charged a 17-year-old in connection to the recent massive distributed denial-of-service (DDoS) attacks directed at major financial institutions and other businesses in the country.The teen, from the city of Bergen, on Norway’s west coast, claimed to be part of the hacktivist group Anonymous Norway, who, in a Twitter message, dismissed any connection to him or the DDoS incidents.
On the day of the attack, the teenager sent a letter to the media, claiming to be part of Anonymous and saying that “the motivation behind the current attacks and the next attacks in the future is to get the community to wake up. The number of major IT security attacks is increasing and there is nothing being done to prevent such events.”
Evidence that Anonymous Norway was not involved in the incidents is the fact that the boy joined the group’s Facebook page on the same day of the attack. Furthermore, the hacker outfit provided a Pastebin link in a new tweet, pointing to the identity of the perpetrator; they did not create the post, just scooped it up.
Initially, the youngster was charged with gross vandalism, which carries a maximum prison sentence of six years in Norway. However, since he has no record and is still a minor, this should be greatly reduced.
According to News in English, Frode Karlsen of the Bergen police told Norwegian Broadcasting that the authorities are taking the matter seriously because this sort of attack can have significant impacts on society, like individuals not being able to reach emergency services in case they needed help.
After his arrest, the teen cooperated in the investigation and clarified the nature of his actions. His defense lawyer stated that “he’s sorry for having caused all this and has laid his cards on the table.”
The DDoS attack, which occurred on Tuesday, was considered among the largest ever seen in Norway and leveraged the vulnerable “pingback” WordPress feature. Its increased significance is due to the fact that it targeted layers three (network) and four (transport) of the OSI model, as well as layer seven (application), at the same time.
Mitigating an application layer DDoS attack is not too easy, because the requests are directed at the application interface and mimic legitimate behavior, which makes filtering out the bad traffic more difficult.
The attack aimed at disrupting the online services of major financial institutions in Norway (Norges Bank, Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank), as well as other business, like Scandinavian Airlines (SAS) and Norwegian Air.
The website of the largest telecommunications company in Norway, Telenor, was also affected.