Pierluigi Paganini October 15, 2017

Swedish transport agencies were hit by cyber attacks on Wednesday and Thursday, October 11 and 12, is it Information Warfare?

Swedish transport authorities were hit by cyber attacks on Wednesday and Thursday, October 11 and 12. The attacks have brought down several IT systems causing delays of the train transportation.

The first attack hit the Sweden Transport Administration (Trafikverket) on Wednesday and paralyzed the IT system that manages train orders triggering the agency in stopping or delaying trains while hackers were powering the attack.

Local media reported the Trafikverket email system and website went down, preventing travelers from making reservations or getting information about the delays.

The agency used Facebook to provide updates on the situation to the travelers.

“The Swedish Transport Administration suffered during the night against Wednesday and during Wednesday morning of major IT disturbances that made the site down, which meant that travelers could not get information about the delays that occurred.” reported the Swedish public broadcaster SVT.

“- Several systems were affected by IT interference, including our drive system that shows where the trains are located. Most systems are running now, but the problems are not completely solved, continuing delays are waiting, says Pär Aronsson, Press Communications Officer at the Swedish Transport Administration.”

SVT’s reporter is witnessing major delays and bad information at Stockholm Central, where many trains are delayed. PHOTO: SOFIA LINDAHL / SVT

Trafikverket officials confirmed the DDoS attack was aimed at the agency’s service providers TDC and DGC with the intent to affect the agency’s operations.

Trafikverket was able to restore service in a few hours, but the delays affected the entire day’s train operations.

The day after, another DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik.

“Public transport operators Västtrafik in western Sweden were also hit by two similar overload attacks on Thursday, briefly crashing its ticket booking app and online travel planner.” reported The Local website.

“It could be a prank or someone trying to investigate what kind of protection Trafikverket has,” Patrik Gylesjö, deputy CEO of internet provider DGC told Computer Sweden.

Crooks or State-sponsored attacks?

It is difficult to attribute the attacks to specific actors with the information available, experts speculate the involvement of a nation-state attacker who was probing Sweden’s transportation infrastructure.