Winter Denial of Service attack knocks out heating in Finnish homes

A DDoS attack that incidentally affected the internet connections for at least two housing blocks in Lappeenranta, Finland caused their heating systems to shut down, leaving their residents without heat in subzero weather.

After an hour, maintenance crews went on-site and shut down the internet links and switched the heating systems over to manual, restoring service.

The attack brought down the buildings' access to DNS, causing the automated systems to cycle every five minutes, until the heat, ventilation and water all shut down.

The attack highlights the twin threats of massive denial of service attacks (such as those emanating from millions of insecure Internet of Things devices) and homes whose smartmeters are designed to treat residents as adversaries who might turn up their heating or air conditioning when the power company turns them down to manage peak load across the grid. If these systems can't be manually adjusted by the people who rely on them, then any attack that brings them down is potentially dangerous, even lethal in the case of extreme temperatures (or high-spec insulated homes whose ventilation is connected to the heating/cooling system).


“Remote connection was not working, so went on-site for more inspections,” Rounela explained. The automated system controlling the heating, ventilation and hot water for the homes kept rebooting every 5 minutes. Eventually, it just didn’t boot-up anymore, he said.

Disconnecting the system from the internet fixed the problem, Rounela said, and they managed to get it up and running again about an hour after the original alarm.

Clearly, this wasn’t a catastrophic interruption, but it still shows how the interconnected nature of the internet can have consequences for our physical world too.

DDoS attack halts heating in Finland amidst winter
[Janita/Metropolitan.fi]

Finnish Residents Briefly Left in Cold After DDoS Attack
[Joseph Cox/Motherboard]


(via /.)