The Dutch taxation authority, as well as several banks, faced a series of distributed denial-of-service attacks on their networks Monday, in what appears to be a coordinated strike on the Netherlands’ financial infrastructure.
The tax authority said it experienced DDoS attacks that caused its website and online services to go down for five to 10 minutes. “The attack is under investigation,” spokesperson André Karels said, adding the national cybersecurity services were informed.
Karels added that no data had been leaked or networks breached.
DDoS attacks are intended to bring down websites by sending a lot of traffic to a server at the same time. A DDoS attack in itself doesn’t cause networks to be breached or data to leak, but the attacks are sometimes used as a distraction or tool as hackers try simultaneously to penetrate a network.
In the past hours and days, three separate Dutch banks suffered similar attacks.
Rabobank said Monday morning in a tweet it was experiencing DDoS attacks, leading to its online services to experience downtime. ABN Amro said in a statement Sunday it had been attacked over the weekend. ING reportedly was attacked, too.
The timing of the incidents is remarkable: Dutch media reported just before the weekend that the country’s intelligence services spied on the activities of one of the most infamous hacker groups in the world, Moscow-based Cozy Bear.
The Dutch AIVD intelligence service infiltrated the group’s networks in 2014 and monitored how the Russian hackers conducted attacks on the U.S. Democratic National Committee in the run-up to the U.S. presidential election in 2016 which Donald Trump won. Cybersecurity intelligence firms have linked Cozy Bear to Russian intelligence services in the past.
In the wake of last week’s revelations, Dutch politicians feared retaliation against Dutch companies and government infrastructure.
Kees Verhoeven, an MP specializing in digital and cyber issues and leading member of the D66 party in the governing coalition, said the national parliament was highly vigilant against retaliatory measures from Russian state-linked hacker groups.
According to Dutch cyber expert Rickey Gevers, it is too early to conclude who is behind the recent DDoS attacks — and whether they are related to the reports that Dutch intelligence compromised the Russian hacker group.
“Timing is the only thing that links the two so far,” he said. “If an individual is behind these [DDoS] attacks, we’ll probably figure it out soon. If a country is behind the attacks, we won’t ever know for sure which country it is.”