[HN Gopher] DDoS attacks slow down Citizens' Initiative signing ...
___________________________________________________________________
DDoS attacks slow down Citizens' Initiative signing in Finland
The recent dramatic policy shift in Russia has brought out two
Citizens' Initiatives in the Finnish government's net portal. Both
are about NATO membership in the country which is traditionally
militarily non-aligned. First initiative (open Feb 21) proposes a
NATO membership referendum, the other (open Feb 28) proposes that
parliament should go ahead to membership procedures without
referendum, because of expected Russian harrasment and influence on
the referendum procedures. The government portal for initiatives
has been very slow today. The authentication to sign any of the
initiatives is done either by a person ID smartcard, or bank-based
identification. Most people use the bank authentication (in most
cases 2FA using mobile phone) because they don't bother with smart
card readers. The first of the initiatives has already passed the
threshold (50 000) which automatically brings it to the table in
Parliament. The other initiative has collected 35 000 signatures in
30 hours, meaning it will also pass the threshold tomorrow, despite
many people not being able to sign it due to bank connections
failing under DDoS. YLE (state broadcaster) news about the attack:
https://yle.fi/uutiset/3-12338542 Initiative 1 (referendum):
https://www.kansalaisaloite.fi/fi/aloite/9866 Initiative 2
(parliament direct decision):
https://www.kansalaisaloite.fi/fi/aloite/9997
Author : ptaipale
Score : 154 points
Date : 2022-03-01 18:59 UTC (4 hours ago)
| exact_string wrote:
| Just tried using the portal both with the mobile phone
| authentication and non-Nordea bank authentication. Everything
| works smoothly.
|
| I'm also not sure how important these two initiatives are in
| practice since it's clear that the politicians are already very
| much aware of the increased support for NATO membership.
| mmsbdjjkvjj wrote:
| So, time to cut off Russia from internet.
| kichik wrote:
| Any indication to suggest it's DDoS and not just too many
| legitimate visitors for the site to handle?
| smoe wrote:
| The article doesn't talk about the site of the initiative, but
| Nordea one of the banks whose services can be used for
| identification. Nordea says on twitter they are under a DDoS
| attack and their services are slow at the moment (but don't
| seem to say anything about the identity service or citizens
| initiative specifically).
|
| https://twitter.com/Nordea_Aspa/status/1498681430993473542
| Hamuko wrote:
| I think Nordea might be the second most popular retail bank
| in Finland, at least if we go by mortgages as a proxy metric.
| Osuuspankki would be the largest one, but I haven't heard of
| them having any issues.
| zeruch wrote:
| This is a very valid question. While Russia likely cares, I'm
| not sure this is "top of mind" for them to dedicate resources
| against.
| tablespoon wrote:
| > While Russia likely cares, I'm not sure this is "top of
| mind" for them to dedicate resources against.
|
| I'm not so sure. It seems Putin _really_ doesn 't like NATO,
| and especially doesn't want Russia's neighbors belonging to
| it.
| zeruch wrote:
| I agree on that point, and it's history with Finland is
| quite...terse. It's been a duchy inside Czarist Russia, a
| buffer zone between it and Sweden (when both were
| kingdoms), it's had civil unrest fomented by the USSR, etc.
|
| It's a relationship fraught with bad blood, but
| strategically it's second tier compared with CIS states,
| the Middle East, or the Baltic states.
|
| At this stage I'm more curious as to whether (if Russia was
| actually DDoSing instead of just a poorly configured
| webhead with extra traffic due to 'timeliness' of the
| initiative) it makes sense to draw more negative attention
| to oneself, as Putin has, by doubling down on taking jabs
| at everyone he shares a border with...and if he's starting
| to see that himself, or if he's only observing through a
| very paranoid, myopic lens that he simply can't get out of
| his own policy rut long enough to not totally collapse the
| Russian state, and him with it.
| Ensorceled wrote:
| Russia has a ton of resources in psyops and cyber espionage,
| this isn't a big operation. Why is keeping the Finns and
| Sweden out of NATO not "top of mind"?
| distances wrote:
| Slowing down this vote would do nothing for a potential for
| NATO membership process. It's quite far-fetched that this
| would be a valid target.
| paxys wrote:
| > I'm not sure this is "top of mind" for them to dedicate
| resources against
|
| This entire war is about Ukraine joining NATO, and the
| expanding NATO influence in general. How would another
| bordering country having a NATO referendum _not_ be top of
| mind for Russia?
| Hamuko wrote:
| Ukraine is a much larger fixation to Putin beyond NATO.
| There wasn't really any indication of Ukraine joining NATO
| before Russia started its attacks, and Finland and Sweden
| have been floating the idea of joining NATO if Russia
| started a full assault.
| multjoy wrote:
| Because the Finns and Russians have form. A second invasion
| against Finland would be a second go at the Winter War, and
| while they may not be a _nato_ member, they are a full
| fledged EU member and Ukraine has shown that the EU will
| absolutely step up.
|
| The EU may not include the US or UK, but it does include
| every other nuclear weapon on continental Europe.
| aaron695 wrote:
| hutrdvnj wrote:
| I mean it's kinda obvious that the DDoS is ordered by russians,
| but can we prove it?
| wongarsu wrote:
| Even if it's from within Russia it doesn't tell you if it's
| ordered by the government. Not every Anonymous hack is
| orchestrated by the US government, the same can happen inside
| Russia.
|
| Unless someone screws up we will probably never know for
| certain.
| robotnikman wrote:
| The Russian government pretty much turns a blind eye to their
| hackers as long as they don't target Russia
| SXX wrote:
| Nah it's was always fairly-tale. Russian FSB always
| cooperated with Visa / Mastercard and international banks
| when it's had something to do with financial fraud.
|
| They only turn a blind eye on those who work specifically
| for them.
| swayvil wrote:
| This post has been downvoted enough to noticably fade it.
|
| Maybe a few russian blackhats in hn too.
| coastflow wrote:
| This wouldn't be the case, as it is normal website behaviour.
| Users can't downvote posts (only comments) [0], and self posts
| on Hacker News are light grey by default [1].
|
| [0] https://news.ycombinator.com/item?id=17735526
|
| [1] https://news.ycombinator.com/item?id=468180
| [deleted]
| zokier wrote:
| Just to be absolutely clear, that YLE news article that OP linked
| does not mention the Citizens Initiatives platform at all. It
| reports only an attack against one bank (banks are popular
| authentication providers in Finland). There are total of 10
| different banks providing authentication for the Citizens
| Initiatives platform, and additionally two non-banking based
| authentication options.
| container wrote:
| In case anyone is wondering, the (only) article linked in this
| post only talks about the bank Nordea (which some users might use
| to verify their identity on the initiative site)
___________________________________________________________________
(page generated 2022-03-01 23:01 UTC)