On June 29, 2022, several Norwegian websites went down after the pro-Russian group Killnet announced attacks against Norwegian targets, including BankID, Altinn, the police, UDI, and NAV. TV2 asked me whether people had reason to be worried. My segment is here: Kanskje for å straffe oss for meninger vi har.
My message was that people did not need to worry. As I told TV2: “This is a political power play. Hackers against hackers. I would not worry about it, it is probably just to flex muscles.”
The important distinction is what was actually at risk. This was about availability, some services being temporarily unreachable, not about your identity or your money. “You should not need to worry about your own identity or your funds,” I said. “Most likely, and as far as we know, it is only the availability of our solutions that is affected.”
Distributed denial-of-service attacks like these are noisy and visible, which is the point. They are designed to create uncertainty and disruption, “perhaps to punish us for opinions we hold.” The right response is not panic. It is to recognize the intent behind the noise, keep DDoS protections in place, and not let a temporary outage be mistaken for a breach of the things that actually matter.