Cyber attackers crippled the Dutch government’s main websites for most of Tuesday and back-up plans proved ineffective, exposing the vulnerability of critical infrastructure at a time of heightened concern about online security.
The outage at 0900 GMT (0400 ET) lasted more than seven hours and on Wednesday the government confirmed it was a cyber attack.
The United States has beefed up cybersecurity laws and created an intelligence-gathering unit to coordinate analysis of cyber threats after attacks against Sony Pictures and Home Depot.
The outage affected most of the central government’s major websites, which provide information to the public and the media, but phones and emergency communication channels remained online.
Other websites, including GeenStijl.nl, a popular portal which mocks politicians and religions, were also hit by the “distributed denial of service” (DDoS) attack, said Rimbert Kloosterman, an official at Government Information Service, which runs the websites.
“Our people are investigating the attack together with the people from the National Centre for Cyber Security,” he said.
The complexity and size of the government’s many websites had rendered the back-up useless, he said.
Prolocation, the website host, said the attack had been a “complex” problem and that its phone lines had also gone down.
“The initial symptoms pointed first to a technical problem, but it then emerged we were facing an attack from the outside,” the company said in a statement.
But one computer security expert doubted that a DDoS attack, in which systems are overloaded with a flood of requests from hijacked computers, could have been hard to identify.
“If you face a DDoS, you know it,” Delft Technical University cyber security specialist, Christian Doerr, said.
Such attacks were hard to guard against and the software for such an attack could be bought illegally for as little as $25.
“Even a 16-year-old with some pocket money can attack a website,” he said.