Between 2001 and 2006 the UK’s National Hi-Tech Crime Unit (NHTCU) fought hackers, virus writers, internet fraudsters and other ne’er-do-wells with some success. You’ll find many reports on the Sophos website of cybercriminals that they successfully brought to justice.
As a result, many websites around the world linked to the NHTCU’s website at http://www.nhtcu.org – including high profile media organizations, computer security companies and British government departments.
The NHTCU’s website before it was closed in April 2006.
The NHTCU’s website came to an abrupt end in April 2006, however, when the organization was closed down and its work transferred to the Serious Organised Crime Agency (SOCA). Many in the security community raised concerns that the loss of a central e-crime police unit would only benefit the bad guys, and Sophos was amongst the companies who urged concerned citizens to sign a petition to UK Prime Minister Gordon Brown.
After the NHTCU was closed in April 2006, the public was directed towards SOCA.
Unfortunately, someone in the British authorities was clearly napping. Despite the fact that the NHTCU’s site is still linked to from many websites around the world (as recently as this weekend, the BBC linked to the site from a story about NASA hacker Gary McKinnon for instance), the domain’s ownership was allowed to wilt away and die.
As the following video from the SophosLabs YouTube channel explains, no-one renewed the UK’s ownership of http://www.nhtcu.org, which meant that enterprising German internet marketeer and domain speculator Uwe Matt was able to snatch the domain for peanuts on 2 August 2008.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Why does he want the domain? Because it’s valuable. Uwe Matt runs an internet marketing company which aims to get higher rankings on search websites like Google. Owning a domain name like http://www.nhtcu.org, which is linked to by credible websites like BBC News and the British Home Office, guarantees him a higher position on search results.
Now, it’s important to stress that he hasn’t done anything illegal – and in our examination of the new NHTCU website today we found no malicious content or adware. But there is nothing to stop him selling the website domain on to someone else who may turn out not to have such scruples, or for the site in future to be used to host spam-related content or revenue-generating advertising.
Is this a big security problem? Possibly not – at the moment the site doesn’t have any nasty content on it. But if you can steal the identity of the National Hi-Tech Crime Unit from right under the Government’s nose then what message does that give the world about the state of the nation’s computer security? Letting the domain name go like this demonstrates a sloppiness on the part of the authorities.
In the worst possible scenario, the website could in future be abused to pretend to be the National Hi-Tech Crime Unit and try and harvest the confidential information of computer crime victims. Of course, there’s no reason to believe that might ever happen – but it does underline the importance of organisations taking proper care of their website domains if widely linked to – even if they are no longer being actively used.
Created On:02-Aug-2008 14:30:05 UTC
Last Updated On:08-Aug-2008 09:50:54 UTC
Expiration Date:02-Aug-2009 14:30:05 UTC
A German individual acquired the NHTCU’s domain name in August 2008.
And if you’re running a website (be it a news site, a government site, or just offering advice on computer crime) please be sure to check that the site you are linking to really still is the site you thought it was.
Update September 4th 2008: It looks like the police may have a friendly word in the ear of the domain’s new owner. Find out more in “Revisiting the NHTCU website”.