The UK’s Serious Organised Crime Agency’s (SOCA) website has been taken offline following a cyber attack. The attack started on Wednesday night and the website was down all day Thursday. At the time of writing the site was operational again.
It is the second time in under a year the site has been attacked. CBR looks at the reaction to the latest attack.
SOCA statement:
We took action to limit the impact on other clients hosted by the [same] service provider. DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk. SOCA’s website contains only publicly available information and does not provide access to operational material.
Andrew Kellett, senior security analyst at Ovum
Operating in a state of security compromise is a reality that most organizations are not comfortable admitting to, but is an accurate reflection of how most IT infrastructure functions today.
Targeted attacks supported by high levels of resource have the potential to disrupt any operation. So it comes as no surprise to find that the UK’s Serious Organised Crime Agency website has fallen victim to a distributed denial of service attack (DDoS) and as a result had to be taken offline.
What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on Soca in June 2011. Also comments suggesting that "DDoS attacks are a temporary inconvenience" do not always fit the reality.
Hacktivist attacks targeting particular operations have been known to be both persistent and longstanding, requiring extensive DDoS defences. Under the circumstances the actions of the agency appear to have been prompt and correct. They look to have spotted the attack quickly and by taking their site down reduced the impact on others who share the same service provider resources.
André Stewart, President International at Corero Network Security
SOCA’s apparent unwillingness to take measures to mitigate DDoS attacks, such as the one that shut down its public website on Wednesday, is an open invitation to hackers to target them. Its response that it would not be a "responsible use of taxpayers’ money" on the off chance of a public-facing site being hit calls in to question its entire approach to network security and ability to stop attacks.
It is known that DDoS attacks often are used as a smokescreen for other, surreptitious attacks aimed at stealing data, and this threat should not be taken lightly.
Rob Cotton, CEO of NCC Group
Although DDoS attacks don’t pose a risk in terms of data security, their impact can be massive. If a commercial site is offline, companies are effectively turning away customers and losing revenue. Reputation for reliability and customer service are also at risk. Any website is susceptible, and an ‘it won’t happen to me’ attitude is extraordinary naïve.
It’s not enough for organisations to invest in preventative services and then sit back and relax – defences must also be tested regularly. Anything less and they’re leaving themselves wide open to attack
Graham Cluley, senior security consultant at Sophos
SOCA is right to highlight that there is no security risk posed by the DDoS attack, but we still have to remember that such an assault is illegal. DDoS attacks can cause huge disruption to organisations and their visitors, and can be used to make political points, prevent firms from doing business and even blackmail targeted websites.
Although it’s natural to assume that hacktivists such as Anonymous and LulzSec might be responsible, it’s equally possible that other cybercriminals are to blame. For instance, the UK police recently shut down 36 illegal websites selling stolen credit card details. Whoever is to blame – they may have chosen their victim unwisely, as a DDoS attack can land the perpetrators in jail for up to ten years.
