Well-Orchestrated DDoS Attack
On Tuesday, government services, educational institutions and tens of thousands of other organizations in Belgium were seriously hindered by a DDoS attack that took place at Belnet. Belnet is a Belgian computer network used by public services, universities and research institutions. The attack reached its crescendo around noon. All parties were to a greater or lesser extent cut off from the Internet. This prevented them from properly doing their job. As a result, many things went haywire that day… The cyberattack caused problems for distance learning at universities and colleges. Citizens were unable to make appointments for corona vaccinations. And the Brussels transit company STIB had issues with ticket sales. Furthermore, various applications at the Ministry of Finance did not work and several parliamentary committees had to be cancelled. What’s more, the attack took place just before a hearing in the Belgian Chamber on China’s treatment of the Uighurs. A survivor of the Uighur camps in China, Ms Qelbinur Sidiq, was about to give her first public testimony that afternoon.
Crisis Procedures Activated Immediately
When Belnet discovered the DDoS attack, they immediately activated their crisis procedures and enlisted the help of the Center for Cybersecurity Belgium (CCB). Further, Belnet filed a complaint with the Federal Computer Crime Unit, which is now handling the investigation. Cybersecurity firm Secutec managed to get the attack under control on Tuesday evening. Although all affected organizations, universities and research institutions are back online, Belnet indicated that they would continue to monitor the situation closely. There is no evidence that the attackers have infiltrated any networks or that any data had been stolen. “Nonetheless, we are fully aware of the impact this attack has had on the organizations connected to our network and their users and realize that this has profoundly disrupted their functioning,” said Dirk Haex, technical director at Belnet. “Belnet invests permanently in cybersecurity. However, yesterday’s DDoS attack was of such magnitude that our entire network had become saturated. The fact that the attackers constantly changed tactics made it even more difficult to neutralize the attack.”
257,000 IP Addresses from 29 Countries
Secutec’s CEO, Geert Baudewijns, told Belgium news agency, Belga, that the attackers did not single out Belnet. The networks of Telenet and Proximus were also targetted. But because their networks are much larger and more dispersed, they were better able to digest the attack than Belnet, explained Baudewijns. The main target, however, was the government. “The perpetrators mainly wanted to hit government websites.” Some 200 organizations were affected by the DDoS attack. Unknown perpetrators used 257,000 IP addresses from 29 countries to carry out the attack. They took advantage of 17 botnet servers to fire off more than 100 terabytes of data. As a comparison: a “normal” DDoS attack would use approximately 150 gigabytes. So, this attack was a hundred times more severe. The countries from which the sites were attacked include the US, Mozambique, Bahrain, South Africa, Russia and China. Investigators will have to contact the hacked companies in all 29 countries, to try to find out who was behind the attack. “This shows that this was no small hack”, emphasized Baudewijns. “There must be a well-organized team behind it.”