UK police foiled attack on royal wedding website

Filed Under: Denial of Service, Featured, Law & order, Vulnerability

Creative Commons photo of Will and Kate courtesy of anonlinegreenworld's Flickr photostreamPolice detained a 16-year-old on Oct. 10 in relation to "a suspected attempt to encourage others to commit a distributed denial-of-service attack," according to a spokesman from the cybercrime unit who was quoted in a report from the Associated Press. The spokesman also said that the teenager is out on bail and has not yet been charged.

The unit’s chief, Det. Supt. Charlie McMurdie, mentioned the coup in an address to attendees of the Royal United Services Institute, a defense think tank.

A DDoS would have kicked Britain in the knees. Some providers at the time have said the April 29 wedding may have been the most heavily live-streamed event ever, though the death of Osama bin Laden is said to have since surpassed it.

The official royal wedding website said that, at its peak, it was handling more than 2,000 requests per second.

The popularity of the event did, in fact, crash the BBC’s site, which went down for 17 minutes of prime nuptial time. The Guardian at the time noted that Twitter feeds from users complained of being unable to watch live streaming from Westminster Abbey.

ABC put the record-breaking Internet burden into perspective with these statistics, all as of the date of the wedding:

  • In the seven days preceding, 2.1 million tweets concerning the event were sent.
  • In the United States alone, more than 1.75 million Facebook comments mentioning the term “royal wedding” were made over the preceding month.
  • More than 800,000 people watched "Royal Wedding Invitation," an official wedding video, as of April 29.
  • The name of Kate’s hair piece—“fascinator”—saw a 70 percent increase in Google searches worldwide over the preceding month.
  • The search term "What Is Prince Williams Last Name" saw a 1,199 percent increase in Yahoo searches in the preceding week.
  • YouTube users uploaded 5,000 videos tagged "royal wedding" over the preceding week.

McMurdie told the conference attendees that action was taken to safeguard the royal wedding’s official site, which received 15 million hits on the wedding date. When the the AP asked for more details, she said her unit had "been called in" to deal with an attack.

LOICIt’s not hard to find a teenager who knows how to launch a DDoS nowadays. As Sophos’s Graham Cluley has written, many Internet users have been urged to voluntarily join a botnet by downloading a DDoS attack tool called LOIC (Low Orbit Ion Cannon, described in this detailed analysis by Sophos's Vanja Svajcer).

But just because it’s easy doesn’t mean it won’t send you to jail if you get caught. Messing around with DDoS has sent multiple U.S. citizens to the klink, for example.

One such, Mitchell L. Frost, was given a 30-month prison sentence at the tender age of 23 for a series of DDoS attacks he launched against the websites of Bill O'Reilly, Ann Coulter and Rudy Giuliani.

Will this 16-year-old get just a slap on the wrist because of his even more tender age?

Maybe. But it’s sure not worth the risk. Teenagers with cyber skills would be far better off spending their early years doing something constructive with their talent.

Creative Commons photo of Will and Kate courtesy of anonlinegreenworld's Flickr photostream.

, , , , ,

You might like

5 Responses to UK police foiled attack on royal wedding website

  1. Great Post. Young kids were urged to download LoiC to attack high profile sites by #anonymous - and to me I thought that it was similar to the way young kids are given Uzi's and enlisted as child soldiers in Africa.

    Such powerful tools in the hands of young minds - a recipe for disaster.

    Most of those who carry out their own DoS attacks were armed by a group dedicated to keeping the internet free and open - how ironic is that?

    Way to go Anon !!!

    Keep sending the food baskets and phonecards to your real victims - the Youth!

  2. Robert Gracie · 879 days ago

    Serves him right for plotting to take down a Royal website but to do something like that to the British Royal Family is the ABSOLUTE WORST JOKE IMAGINABLE you do not do such a thing and I am expecting Buckingham Palace to be increasing security on its website and any other British Royal web pages, I wonder if they are going to do what the BBC has is where it filters out the DDOS stuff so it still stays up even if its bombarded by over a billion requests in a matter of minutes, I wonder...

    • Nick Nikiforakis · 879 days ago

      Punctuation is your friend... Also, your post shows that you know absolutely nothing about DDoS. The whole idea behind it, is that it is distributed and identical (when done properly) to normal website traffic. You can go around blindly killing requests, but you can't distinguish between John Doe who actually wants to see the Royal Wedding and someone who is part of a DDoS.

  3. Bob · 878 days ago

    Is that a picture of the Ion Cannon from Command and Conquer 95?!?!

  4. C-Rod · 877 days ago

    So wait, this kid is accused of "a suspected attempt to encourage others to commit a distributed denial-of-service attack," So he didn't actually do anything? He wasn't even planning on doing anything? He just (allegedly) encouraged others to do something? And reading on the website went down without this DDoS attack? But he nor the people he (allegedly) encouraged had anything to do with that?

    Ok, so what exactly did this kid do?? Seems like nothing really.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.