UK police foiled attack on royal wedding website

Creative Commons photo of Will and Kate courtesy of anonlinegreenworld's Flickr photostreamPolice detained a 16-year-old on Oct. 10 in relation to “a suspected attempt to encourage others to commit a distributed denial-of-service attack,” according to a spokesman from the cybercrime unit who was quoted in a report from the Associated Press. The spokesman also said that the teenager is out on bail and has not yet been charged.

The unit’s chief, Det. Supt. Charlie McMurdie, mentioned the coup in an address to attendees of the Royal United Services Institute, a defense think tank.

A DDoS would have kicked Britain in the knees. Some providers at the time have said the April 29 wedding may have been the most heavily live-streamed event ever, though the death of Osama bin Laden is said to have since surpassed it.

The official royal wedding website said that, at its peak, it was handling more than 2,000 requests per second.

The popularity of the event did, in fact, crash the BBC’s site, which went down for 17 minutes of prime nuptial time. The Guardian at the time noted that Twitter feeds from users complained of being unable to watch live streaming from Westminster Abbey.

ABC put the record-breaking Internet burden into perspective with these statistics, all as of the date of the wedding:

  • In the seven days preceding, 2.1 million tweets concerning the event were sent.
  • In the United States alone, more than 1.75 million Facebook comments mentioning the term “royal wedding” were made over the preceding month.
  • More than 800,000 people watched “Royal Wedding Invitation,” an official wedding video, as of April 29.
  • The name of Kate’s hair piece—“fascinator”—saw a 70 percent increase in Google searches worldwide over the preceding month.
  • The search term “What Is Prince Williams Last Name” saw a 1,199 percent increase in Yahoo searches in the preceding week.
  • YouTube users uploaded 5,000 videos tagged “royal wedding” over the preceding week.

McMurdie told the conference attendees that action was taken to safeguard the royal wedding’s official site, which received 15 million hits on the wedding date. When the the AP asked for more details, she said her unit had “been called in” to deal with an attack.

LOICIt’s not hard to find a teenager who knows how to launch a DDoS nowadays. As Sophos’s Graham Cluley has written, many Internet users have been urged to voluntarily join a botnet by downloading a DDoS attack tool called LOIC (Low Orbit Ion Cannon, described in this detailed analysis by Sophos’s Vanja Svajcer).

But just because it’s easy doesn’t mean it won’t send you to jail if you get caught. Messing around with DDoS has sent multiple U.S. citizens to the klink, for example.

One such, Mitchell L. Frost, was given a 30-month prison sentence at the tender age of 23 for a series of DDoS attacks he launched against the websites of Bill O’Reilly, Ann Coulter and Rudy Giuliani.

Will this 16-year-old get just a slap on the wrist because of his even more tender age?

Maybe. But it’s sure not worth the risk. Teenagers with cyber skills would be far better off spending their early years doing something constructive with their talent.

Creative Commons photo of Will and Kate courtesy of anonlinegreenworld’s Flickr photostream.