A 15-year-old boy from Nykøbing Falster has been arrested along with other suspects for launching a cyber attack that shut down local government association KL’s website, according to a police statement.
Police have seized the boy's computer equipment and said that he admitted to being behind a video on YouTube in which he claims that the attack on KL's website is associated with the computer activist group known as Anonymous. The boy could face up to two years in prison.
The attack on KL’s website came in the midst of its dispute with teachers over working hours. The attack shut down both KL’s main site and meretidsammen.dk, the association’s campaign website for its struggle with the teachers.
Meanwhile, the hackers who claimed responsibility for Thursday's attack on NemID said that they used a programme worth $10, a little less than 60 kroner, to shut down the NemID system.
“Anyone with ten dollars can shut down any page they want”, wrote the hacker, who uses the alias s0x, in a chat conversation with tech website Version2. “Anyone can have the kind of power that we showed.”
NemID was subjected to DDOS attacks which shut down the service’s servers.
“They are carried out using something called a SYN attack, which simulates a huge group of users trying to log into the system at the same time,” Henrik Kramshøj, a senior security consultant at Solido Networks, explained to DR News. “When large numbers of people try to log on at one time, the system crashes in the much the same way that the system at tax authority Skat did a few weeks ago when everyone tried to login to check their taxes.”
A spokesperson for Nets, the company behind NemID, said that the attack took the company by surprise.
“[The] attack was more significant than we have seen before, and we must recognise that our defences were not up to it,” Søren Winge told DR News.
Winge said that the company has put measures in place to guard against similar attacks in the future, but declined to say what they were so as not to tip off the hackers. He stressed that no personal information was compromised.
The identities of the two hackers involved in the NemID attack, who use the aliases s0x and d0wn, remain unknown.
The hackers apparently even work on the weekend. The travel website Rejseplanen.dk was attacked yesterday and today by hackers using the same type of DDos attack that was used to bring down NemID. The overloading of the servers rendered it impossible for travellers to get information from the site.
Company spokes person Birgitte Wollridge said that the site had been up and down several times throughout the attack.
“Right now, it is working, but we have seen it come back and then crash several times,” Wollridge tols Politken.
Wollridge called the size of the attack “massive”, and said that information was being gathered to give to the police.