DDoS attacks are not meant for websites only — Here is a case in which hackers conducted DDoS attacks on an Apartments Heating System in Finland.
Lappeenranta is a small city in eastern Finland with just 60,000 residents. Usually, this city is quiet and peaceful and very very cold in November. So, when people fail to get the desired warmth despite having proper heating mechanism indoors, they are bound to get really angry. This is what happened to residents of two well-facilitated apartment buildings in Lappeenranta.
This weekend, the environmental control mechanism at two apartment buildings in Lappeenranta suddenly and surprisingly stopped functioning due to which people had to suffer a lot in the cold weather. However, the disturbing fact is that the systems weren’t just out of order or got blocked out but these were taken down through a DDoS attack.
The buildings that suffered heat cut were both managed by Valtia. Valtia is a Lappeenranta based facilities service provider firm. According to the CEO at Valtia Simo Ruonela, it was indeed true that the central heating and hot water systems of the two apartment buildings were attacked with DDoS and to thwart the attack, the systems automatically rebooted. But afterward, the system got stuck in an infinite loop causing the unannounced heat cut.
The good news is that on the day the heating systems went down, Lappeenranta wasn’t that cold as it usually is with weather just being around 20°F. In winters, the city’s temperatures go as low as -25.
Regarding the shutting down of the heating systems, Valtia immediately relocated the affected systems, addressed the attack and then brought the systems back online. We believe that the attacks happened at the right time because now Valtia would improve its systems’ security and will shore up its defenses before winters actually hit the city.
Perhaps now manufacturers and users of industrial control systems would take notice and listen to the requests from SophosLabs’ Chester Wisniewski, who urged them to take necessary steps for improving the security of their systems.