DDoS mystery: Who's behind this massive wave of attacks targeting Dutch banks?

The attackers and their motives for concerted attacks on Netherlands finance institutions remain unknown.
Written by David Meyer, Contributor

Amsterdam-headquartered ABN Amro was the first Netherlands bank to be hit, followed by Rabobank and ING Bank.

Image: ABN Amro

There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless.

The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their American counterparts about state-sponsored Russian spies hacking the apparatus of the Democratic Party and stealing the infamous "leaked emails" that may have swayed the 2016 election.

The publication NL Times reported that the Bratislava-based security company ESET had identified the attacks as coming from servers in Russia.

That fact would, of course, be less than solid evidence that Russian attackers are to blame, because DDoS attacks can bounce all over the place before finally hitting their target, always making attribution troublesome.

But when ZDNet contacted the security firm, it denied ever making a claim about a Russian connection. "This report about an ESET claim was an unfortunate mistake and misrepresentation by one Dutch news outlet and was corrected by them," spokesman Branislav Ondrasik said.

The bank ABN Amro became the first victim on Saturday, while Rabobank and ING Bank were hit on Monday, along with the Dutch Taxation Authority. All four were hit again on Tuesday, but this time their defenses reportedly fared better.

ABN Amro told ZDNet on Wednesday morning that the attack was "not ongoing at the moment". The bank stressed in an earlier statement that the DDoS did not threaten the security of its services -- it just knocked them out.

Read: Cybersecurity in 2018: A roundup of predictions

"This weekend's DDoS attacks were heavier than previous ones and lasted longer. At the moment, it is unknown who is behind the attacks, and in by far most cases, the source of an attack is never discovered," ABN Amro said.

Rabobank spokeswoman Margo van Wijgerden said most attacks on the company's servers did not have any impact on its clients. However, a DDoS that took place at 9.07am on Monday did stop customers from logging in for about 10 minutes. After that time, they still had issues with the connection for another couple of hours.

"Later Monday and yesterday there have been attacks, but without any impact," she said. "We are not aware of the identity of the attacker(s). We leave that to the police to investigate."

Police spokesperson Suzanne van de Graaf said the authorities could not share any information about ongoing investigations.

Previous and related coverage

Dutch spies tipped off NSA that Russia was hacking the Democrats, new reports claim

Netherlands intelligence penetrated Russia's US election hackers and alerted US counterparts, sources say.

Hacker jailed for DDoS attacks against Skype and Google

The 21-year-old has been jailed for running a botnet and selling malware in the Dark Web.

Read more on cybercrime

Editorial standards