The UK’s Serious Organised Crime Agency (SOCA) has confirmed that its website has suffered a distributed denial-of-service (DDoS) attack, effectively preventing internet users from reaching it.
This is the second time in less than a year that SOCA’s website has found itself the target of malicious attackers, having previously suffered from a DDoS attack at the hands of the notorious LulzSec gang in June 2011.
A SOCA spokesperson told TechWeekEurope that the website was taken offline at approximately 10pm on Wednesday, but that there was no security risk for the organisation.
"The reason we take it down is to prevent and limit any impact on the clients hosted by our service provider. Clearly the things we’d like to stress are that the SOCA website contains only publicly available information, it does not provide access to operational material."
"DDoS attacks cause a temporary inconvenience to website visitors, they don’t impose a security risk to the organisation. We will monitor the situation and put the site back up when it is appropriate to do so."
What isn’t clear at this point is who is behind the attack.
Some may suspect that a LulzSec sympathiser is behind the attack, as yesterday US prosectors made public an indictment against four British and Irish men, suspected of being involved in an internet attack on the Stratfor security analysis firm last year.
Until yesterday, only Jeremy Hammond, a 27-year-old from Chicago, had been charged in relation to the Stratfor security breach.
But now Donncha O’Cearrbhail (aka “palladium”), Darren Martyn (aka “pwnsauce”), Jake Davis (aka “topiary”) and Ryan Ackroyd (aka “kayla” or “lolspoon”) – who were all arrested by authorities last year – have also been named.
Another consideration for who might be responsible for the DDoS is that SOCA recently shut down 36 websites selling stolen credit card details.
Here’s a video I made about the credit card website shutdown:
(Enjoy this video? Check out more on the SophosLabs YouTube channel.)
Whoever is to blame for this latest assault, it’s worth remembering that denial-of-service attacks are against the law.