The European Parliament website was taken offline for several hours on Wednesday by a distributed denial-of-service (DDoS) attack that began shortly after the governing body voted to declare the Russian government a state sponsor of terrorism.
European Parliament President Roberta Metsola confirmed the attack on Wednesday afternoon European time, while the site was still down. ‘A pro-Kremlin group has claimed responsibility’ she wrote on Twitter. “Our IT experts resist and protect our systems. This after we declared Russia a state sponsor of terrorism.”
While this post was being reported and written, the website became available again and appeared to be working normally.
The pro-Kremlin group Metsola is referring to is likely the group known as Killnet, which emerged at the start of Russia’s invasion of Ukraine and has been posting claims of DDoS attacks in countries that support the smaller nation. Targets included police forces, airports and governments in Lithuania, Germany, Italy, Romania, Norway and the United States.
Shortly after Wednesday’s attack on the European Parliament began, Killnet members took to a private channel on Telegram to post screenshots showing that the European Parliament’s website was down in 23 countries. Text accompanying the images made a homophobic comment directed at the legislative body.
The outage occurred shortly after parliament voted overwhelmingly to declare the Kremlin a sponsor of terrorism.
Members of the European Parliament “emphasize that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terrorism and constitute war crimes.” stated in the declaration. “In light of this, they recognize Russia as a state sponsor of terrorism and as a state that ‘uses terrorist means’.”
The resolution passed with 494 votes in favor and 58 against. There were 44 abstentions.
DDoS attacks typically use the bandwidth of hundreds, thousands, and in some cases, millions of computers infected with malware. After getting the attackers under their control, they cause them to bombard a target site with more traffic than they can handle, forcing them to deny service to legitimate users. Traditionally, DDoS has been one of the crudest forms of attack because it relies on brute force to silence its targets.
Over the years, DDoSes have become more sophisticated. In some cases, the attackers can increase bandwidth by as much as a thousand times using amplification methods, which send data to a misconfigured third-party site, which then sends a much larger amount of traffic back to the target. Another innovation is designing attacks that exhaust a server’s computing resources. Rather than clog the connection between the website and its potential visitors, as more traditional volumetric DDoSes work, packet-per-second attacks send specific types of compute-intensive requests to a target in an attempt to link the hardware to the website. pipe to a halt.
Metsola said the DDoS attacks on the European Parliament were “sophisticated,” a word often misused to describe DDoS and hacks. She provided no details to support that assessment.