Eftpos outage that affected The Warehouse, Briscoes and other retailers caused by DDoS cyberattack

The attack caused what some said was "retail chaos". Photo / 123rf

The bad news: a sweeping Eftpos outage last month was caused by a cyberattack, online payment systems provider Windcave tells the Herald.

The outage hit The Warehouse, Countdown and Briscoes stores, among others, causing what some described as retail “chaos”.

The good: it was a type of attack that does not put data at risk - even if it can be used to extort money from a service provider to make it stop, and restore access for customers.

Specifically, it was a distributed denial of service (DDoS) attack - where hackers block access to a site by flooding it with connection requests from bots.

It would be so easy to describe the DDoS "attack" in NZ relevant terms. Why can't the media just report it that way? pic.twitter.com/GwXfIWCum7

— Peter (@plambrechtsen) September 8, 2021

“The February 5 outage was caused by a large-scale bot DDoS attack, lasting over several days, with some customer access impacted for a shorter period,” Windcave chief information officer Mark Payne told the Herald.

“There was no hack, no data breach or loss of any data and there is no evidence pointing to a particular country for the attacker,” Payne said.

“Windcave remained operational throughout, but some customers, in certain regions, were unable to access the working systems because of high volume of traffic generated by the DDoS.”

No data is at risk with a DDoS attack, such as the one that forced our stock exchange offline in 2020. At various points, Kiwibank, ANZ, NZ Post, the police and MetService have all had their sites rendered inaccessible by DDoS assaults.

One Twitter wag, looking for an image to explain it in “NZ relevant terms”, posted a picture of sheep blocking a road.

Earlier, computer scientist Dave Parry told the Herald that hackers used to carry out DDoS attacks for kicks, to show off. Today, they’re more likely to be commercially motivated, demanding money to cease their attacks and allow customers to access a service again.

The motive can also be political. Last year, GCSB director-general Andrew Hampton warned that Putin-supporting hackers had threatened revenge attacks on targets in countries that supported Ukraine.

Parry said it was always difficult to pin down the origin of a cyber attack, but there several factors that made Russia a hotbed of hacker activity, including “a weaker legal framework, lots of very good mathematicians and large-scale organised crime”.

Co-operation with Western law enforcement was limited, even before the Ukraine invasion.