Hackers can make this winter c-c-cold

If you live in a country like Finland, where below freezing temperatures are the norm this time of the year, the last thing you want is for your building’s heating and hot water system to break down, and for the maintenance staff to be totally clueless about what’s causing the problem.

That’s exactly what happened in the eastern city of Lappeenranta, where cyber-attacks on central heating systems left at least two buildings without heat and hot water, according to Finnish website metropolitan.fi.

One can only hope the DDoS attacks, which knocked down the computers controlling heating in the buildings, should spark a, shall we say, heated debate regarding the lack of building automation security in the country.

According to the company that manages the buildings, cited by Metropolitan, the attack lasted for several days, from late October until early November. The targeted systems kept trying to respond by rebooting the main control circuit over and over, which means heating was never working during this period.

In the end, the solution was to limit network traffic.

Automatic centralized control systems often come without security features. Fidelix, the company that made the targeted devices, confirmed that there have been other attacks in the country, Metropolitan reported. A Fidelix representative told journalists that “when people want convenience and ease of use it often opens up vulnerabilities.”

Housing companies and landlords often avoid investing in security, said building maintenance specialist Sami Orasaari, quoted by Metropolitan. Moreover, the maintenance staff have little or no security training, which explains why they couldn’t identify the cause for the systems’ malfunctioning.