“The incident is closed. The European Parliament website and related services are already restored and working normally. The Parliament’s systems are no longer under a DDOS (Distributed Denial of Service) attack. Our technical teams will continue to monitor the situation” , communicated early this Thursday Eva Kaili, vice president of the European Parliament and head of its digital area. The institution suffered a cyberattack on Wednesday afternoon that knocked down its website and made it useless for hours.
The president of the institution, the Maltese conservative Roberta Metsola, called it “a sophisticated cyber attack.” “A pro-Kremlin group has claimed responsibility,” she added. At the moment, the European Parliament has not given any further details about the incident, or whether it had ramifications beyond the DDOS attack. A type of offensive that, despite Metsola’s statements, is considered one of the simplest forms of computer attack. But before which the European Parliament was unprotected.
In a first reaction to the event, several cybersecurity specialists expressed in conversation with elDiario.es their surprise that the European Parliament did not have a CDN. This service, Content Distribution Network for its acronym in Spanish, builds a series of nodes distributed throughout the world to channel Internet traffic and ensure that the end user does not have to connect directly to the central server to access information. It’s the same principle as any other distribution system: readers of a print newspaper don’t go to the printer for it, but to their nearest newsstand.
A CDN means that a user from Valladolid does not have to connect to the servers of the European Parliament in Strasbourg to access their website. It will do so with its closest node, which could be in Madrid. This is an extremely common service on important websites such as that of the European Parliament for utility to reduce latency and speed up data downloads. But it is also extremely useful for mitigating basic cyberattacks such as DDOS, which are based on concentrating a lot of traffic on a website until the servers cannot handle it and they crash.
It’s easy to see which digital services use CDNs and which ones don’t. It is a data that the machines transmit when they establish a connection. The European Parliament page does not have one, which makes it much more exposed against a basic DDOS attack. “My grandmother could organize an attack like this against the European Parliament with four clicks and the money to pay for it,” ironized one of the specialists consulted: “Anyone with access to the web can organize it.”
DDOS attacks were very popular among hacktivist movements like Anonymous precisely because of their simplicity. In recent times they continue to be carried out, but more as a distraction element to hide other types of offensives. As Eva Kaili has commented, the Parliament did not detect parallel offensives to DDOS.
elDiario.es has contacted the European Parliament to ask about this absence of an element that many specialists consider one of the most basic layers of cybersecurity. “The European Parliament does not comment on security matters, including cybersecurity,” official sources have responded.
Killnet is a Russian cybercrime mafia with documented ties to the Kremlin. It is the group designated by the European Parliament for having claimed responsibility for the cyberattack. This Wednesday alleged captures of the claim of the action by Killnet were shared on its Telegram channel, but the experts consulted by this medium reveal that there is no solid evidence at the moment. “The most direct attribution has been made by Anonymous Russia, which is not a very reliable source,” says José Lancharro, director of the offensive services department of the Spanish cybersecurity firm Tarlogic.
One of Killnet’s specialties is denial of service attacks. They launch them for their own purposes and on behalf of everyone who pays their fees. It is an offensive that is more gimmicky than effective. Even if it achieves its objective and takes down the victim’s website, it does not have to imply information theft or compromise of internal networks. Even if the web does not have a CDN, the usual thing is that the technicians can recover it in a few hours.
“They are based on botnets,” explains Diego Suárez, CTO of Transparent Edge, the only Spanish company specializing in CDN services. “There is a whole black market on the Internet for the use and rental of these botnets, which in the end are nothing more than a bunch of connected devices turned into zombies. They can be computers, mobile phones or Internet of Things devices that have been infected with malware and are used for these attacks without the user’s knowledge.”
DDOS attacks are based on asking all those devices that have been previously compromised by cybercriminals to connect to a certain service. In this case, the page of the European Parliament. What usually happens is that the website cannot handle the sudden increase in traffic and it crashes. “You are not going to realize that the mobile is doing that because it does not leave any signal. The only thing that can happen is that you perceive that it is going slower and in the end you end up restarting it or passing it an antivirus,” Suárez explains.
CDNs become effective mitigation measures because they redistribute traffic around the world, preventing it from concentrating on a single point and bringing down the system. “You can do it with your own technology, but it’s not a matter of practicality and economies of scale. The same thing happens with the electrical system: you can be self-sufficient and have a closed network like the one in Texas, but if you have a problem that exceeds your capabilities, everything collapses, as happened last year”, concludes the expert.