Apologize or Face Cyberattack: Icelandic Paper Faces Threats from Hackers and Ire of Russian Embassy

The Icelandic newspaper Fréttablaðið received a threat from Russian hackers on Thursday morning: apologize before midnight, Moscow-time (9:00 PM in Iceland) or face a cyberattack in retaliation. The hackers want the paper’s editors to issue a formal apology for publishing a photograph of someone using a Russian flag as a doormat with the caption: “Ukrainians have found a new use for the Russian flag.” Fréttablaðið and Stundin are reporting on this story.

‘A manifest of uncovered disrespect towards the Russian Federation’

The image in question appeared as part of an interview with Valur Gunnarsson, an Icelandic journalist who is currently in Ukraine. Upon its publication on Wednesday, the photograph almost immediately caught the attention of the Embassy in Iceland, which sent Fréttablaðið’s Editor-in-Chief Sigmundur Ernir Rúnarsson a letter demanding an apology for “breaching the existing law and common moral values, as well as journalist ethics.”

“We would like to remind you that the Icelandic government hasn’t repealed yet Art. 95 of the General Penal Code of Iceland, according to which anyone who publicly insults foreign state symbols shall be fined or even imprisoned,” the letter states, calling the image “a manifest of uncovered disrespect towards the Russian Federation and its state symbols.”

The Russian Embassy urged the editors to respond immediately, and “not waste time defending this under the cover of free speech.”

Two Icelandic authors were convicted under same law for insulting Hitler

The legal provision cited by the Russian Embassy—which can technically carry with it a prison sentence of up to six years—is rarely enacted, although it does have a fairly colourful history. The most famous instances of Icelanders being sentenced under this legal provision occurred in 1934, during the leadup to World War II.

First, author Þórbergur Þórðarson stood trial and was fined for calling Adolf Hitler a “sadist” in an article he wrote for the socialist paper Alþýðublaðið called “The Nazis’ Sadistic Appetite.” Later that same year, poet Steinn Steinarr was sentenced under the same article when he and four other people cut down a swastika flag at the German consulate in Siglufjörður.

More recently, rapper and artist Erpur Eyvindarson and two friends were sentenced under the same provision after throwing a Molotov cocktail at the U.S. Embassy in 2002. It was determined that the trio had not intended to harm anyone with the homemade combustable, but rather deface the exterior of the embassy. As such, they were found guilty of insulting a foreign state and its citizens instead of a more serious crime.

In 2017, Left-Green MPs submitted a resolution to appeal the provision, saying, among other things, that it posed an infringement on free expression. The Ministry of Foreign Affairs opposed the repeal, however, arguing that the provision was justified under the terms of international agreements and treaties of friendship.

‘After hacking your paper’s website, we will publish photos of kompromat’

On Thursday morning, the Fréttablaðið website was subjected to what seemed to be a preliminary or warning attack. “We noticed this morning that the traffic on the website suddenly snowballed and it was clear that it was part of an attack on the website,” said Sigmundur Ernir. The ISP already had security measures in place to protect the website and additional steps were then taken to try and prevent further incursions on its functionality. At time of writing, the Fréttablaðið website was still active and accessible, although keeping it functional was difficult, according to sources at the paper.

Shortly after the initial attack, the Fréttablaðið editors received a more explicit email from the hackers responsible, saying: “What right do you have to insult or dishonour the symbols of another nation!!! If you do not apologize on Thursday, August 11 before 24:00 Moscow-time! [sic] We will hack your website and provider. Then after hacking your paper’s website, we will publish photos of kompromat on your publication and you will for sure face a criminal sentence for corruption, banditry [English word used in original message], etc.”

Ivan Glinkin, Communications Director for the Russian Embassy, says the embassy has no idea who is responsible for the attacks on the Fréttablaðið website. Asked if the embassy believes such attacks are in any way an appropriate response to the publication of the offending photo, Glinkin said the embassy condemns all illegal actions, no matter what they are.

‘The flag is almost beside the point’

Editor-in-chief Sigmundur Ernir stated that his paper would not be issuing an apology for publishing a journalistic image taken in a conflict zone but is taking the threat seriously and has referred the matter to the police.

Fréttablaðið has also contacted the Ministry of Foreign Affairs, which has expressed support for the paper’s position. The Union of Icelandic Journalists (BÍ) also published a statement of support on Thursday, saying “the importance of an independent and free media is particularly vital in times of war and BÍ condemns all attempts to influence the media’s coverage of the war in Ukraine.”

“There’s nothing sacred in a war where children, mothers, and the elderly are killed and whole communities destroyed,” Sigmundur Ernir remarked in an interview with Vísir the same day.

“So the flag is almost beside the point, as flags are trampled in many places around the world in protest. I think Russians should think first and foremost about treating the nations around them with decency rather than whining about a photo in Fréttablaðið.”

Strætó Was Hit by Cyber-Attack

Strætó, the Iceland Public Bus Network, came under attack from hackers yesterday, RÚV reports. The company‘s web servers were hacked but the app was not tampered with.

Jóhannes Rúnarsson, the CEO of Strætó, said to RÚV that the incident had been reported to the Data Protection Authority, the Police and the Computer Emergency Response Team of Iceland. He added that the attack could have resulted in data leakage, but data hostage was unlikely. The attack is not believed to be connected to the log4j vulnerability.

According to RÚV, measures have been taken to prevent further data leakage and experts are currently analysing the situation. However, Strætó warns against sharing credit card info via e-mail with potential scammers.

Email Scammers Targeting Athletics Associations

A number of Icelandic athletics associations have fallen prey to email scams and have lost a considerable amount of money as a result, RÚV reports. Police warn these associations to be on their guard; cybercriminals waged a similar campaign against athletics associations a few years ago and are reusing the same techniques now.

The most common type of scam is that the managing director, an employee, or a volunteer of an athletics association will receive an email that appears to come from their organization’s bookkeeper or director. The email will ask them to make a bank transfer to a foreign bank account and say that this needs to be done within a very short window of time.

The scammers seem to have done considerable homework on their marks. According to Auður Inga Þórsteinsdóttir, director of the National Association of Youth Organizations (UMFÍ), athletics associations with higher revenue are asked to transfer more money than less monied organizations—anywhere from ISK 400,000 [$2,901; € 2,452] to ISK 1 million [$7,253; €6,130]. UMFÍ urges any organizations that are targeted by such scams to report them to the police.

Internet fraud and email scams have cost Icelanders a total of ISK 1.5 billion [$10.88 million; €9.19 million] over the last three years.

Police on Alert for Rise in Quarantine-Related Crimes

Icelandic police

Police are closely monitoring cybercrime, crimes committed in the home, and domestic drug production while Icelanders are (self-)quarantining and the gathering ban is in effect, Vísir reports. The ban, which went into effect this week, prohibits gatherings of 20 or more people and is intended to prevent the further spread of the COVID-19 virus. Fréttablaðið reports that there’s already a shortage of cocaine in the country, as passenger flights have ground to a halt. According to Capital-area police chief Karl Steinar Valsson, people staying home more may also lead to a spike in these crimes.

A COVID-related slow in imports and a reduction of travellers entering the country has considerably reduced the availability of illegal substances like cocaine in Iceland. Fréttablaðið’s sources report that most of the country’s supplies have run dry and what little is left is being kept under wraps to drive up prices. Amphetamine is still available and domestic production of marijuana can respond to demand. Karl Steinar noted that the sale of narcotics is where organized crime makes the majority of its money. As such, when it becomes challenging to import drugs, these organizations are quick to start producing them domestically. “If there’s a temporary shortage of cocaine,” he explained, “then amphetamines are produced instead. That’s, of course, what we’ve seen before.”

As the gathering ban has put a temporary stop to weekend partying at bars and clubs in Iceland, Karl Steinar says that changes in users’ consumption patterns must be taken into account as well. However, he says that it is currently unclear how these changes will manifest. Fréttablaðið’s sources add that “businessmen who’ve been coming two, three times a week have stopped buying and are spending time with their families instead.”

Karl Steinar told reporters that it’s too early to say if there’s been a significant increase in criminal activity in the wake of the ban but says, for instance, that burglaries of businesses can be expected to increase while most employees work from home. An increase in domestic abuse is also a concern. “There are a lot of people working from home, and so naturally, there could be a rise in crimes committed in the home. We’ve haven’t yet seen this happen, but we’re monitoring very closely, both domestic violence and child abuse and crimes of that nature.”

Cybercrime is also likely to increase, he continued. “People are shopping online a lot and doing all sorts of things online from home that weren’t being done to the same extent before. There are thousands of websites popping up that offer you all kinds of protective devices to prevent you from being infected [with COVID-19]. They are offering products that have clearly not been certified or anything like that.”

 

Feared Losses of ISK 15 Billion in Past 12 Months

currency iceland

Police authorities in Iceland fear that cybercriminals have stolen up to ISK 15 billion from Icelandic companies and private citizens in the past 12 months, Vísir reports. Although many cases still go unreported, a new law enacted in June will obligate companies providing essential services to report cybercrimes to the authorities.

A conference on cyber security was held by the Ministry of Transport and Local Government yesterday. Speaking at the conference, Karl Steinar Valsson (chief of police of the greater capital area) estimated that companies and private citizens have suffered losses amounting to nearly ISK 1,6 billion in the past two years.

As only a fraction of such cases go unreported, Valsson estimates that actual losses are more extensive.

“If I had to estimate then I would say we could safely add another zero to the current number. Not 1.6 billion but 16 billion. I fear that in the past 12 months we’ve lost between ISK 10 and 15 billion,” Valsson said.

New legislation enacted in June will go into effect September 1, 2020. The law stipulates that companies must report cybercrime to the authorities.

“Important infrastructure, especially in the financial and the energy sector, are required to report cases of cybercrime to the relevant regulatory agencies,” Sigurður Ingi Jóhannsson, Minister of Transport and Local Government, speaking at yesterday’s conference stated.

Sigurður emphasised the importance of increased transparency. Companies must report such cases when the occur: “We must learn to do better on a case-by-case basis.”