The financial supervisory authority BaFin has been struggling with the consequences of a hacker attack on its public website since Friday. There had already been similar attacks on several German airports in February.
The Federal Financial Supervisory Authority (BaFin) has become the victim of an attack from the Internet. The authority’s servers are the target of a “Distributed Denial of Service” attack (DDoS), said a BaFin spokesman at the beginning of the week. The BaFin website has therefore not been accessible or only to a limited extent since Friday.
The IT department is working feverishly to defend against the attack, which is limited to the website, it said. It is not yet possible to say when everything will be back to normal. First, the “Spiegel” reported on the incident.
System overloaded with simultaneous requests
“Denial of Service” – or DoS for short – means something like “making something inaccessible” or “putting it out of service”, as explained by the Federal Office for Security and Information Technology. In the case of DDoS attacks, a server is “deliberately bombarded with so many requests that the system can no longer cope with the tasks and, in the worst case, collapses”.
Instead of individual systems, a large number of different systems are used in a large-scale, coordinated attack. The attackers usually use the computers of unsuspecting users, which they have previously infected with computer viruses, in order to be able to control them remotely. Internal data is not usually stolen.
BaFin had “taken security precautions and, immediately after the attack began, initiated defensive measures that also worked,” said the financial regulator. They are working intensively on restoring full accessibility to their website even while the attack is still ongoing. “All other BaFin systems work without restrictions.”
DDoS attacks on airports and government agencies
At the beginning of the year, several German airports were also attacked using DDoS. The websites of the airports in Dortmund, Düsseldorf, Hanover, Nuremberg and Erfurt-Weimar were temporarily down, but the damage remained limited.
In May 2022, the websites of other German authorities and ministries had also been temporarily paralyzed in this way by the Russian hacker group “Killnet”. Targets included the Ministry of Defence, the Bundestag, the Federal Police and several state police authorities. All attacks were successfully repelled at that time.