View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO website offline following DDoS attack

Anonymous splinter group claims responsibility for ICO's failure to "protect the public's privacy"

By Steve Evans

Anonymous ICO

The Information Commissioner’s Office (ICO) has confirmed its website has been "disrupted," and suggested that a distributed denial of service (DDoS) attack is to blame.

The website is still offline at the time of writing although the ICO stressed that no sensitive information is held on the site and it was working to get it back online.

"Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack," a statement read. "The website itself has not been damaged, but people have been unable to access it. We provide a public-facing website which contains no sensitive information."

"We regret this disruption to our service and we are working to try to bring the website back online as soon as possible," the statement added.

Although the ICO could not confirm whether it had suffered a DDoS, an Anonymous splinter group called AnonATeam claimed responsibility for the attack. On a Tumblr page reportedly set up by the group, it says issues with the Leveson Inquiry are to blame for the attack.

"Aside from the Leveson Inquiry failing to address the crimes by the Government, it has also failed to address that 80% of Data Protection breaches crime in the UK are committed by the UK civil service and yet not properly investigated [and the] Information Commissioner lacks independence has repeatedly failed to protect the public’s privacy from hacking or data protection breaches," the group said.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The Leveson Inquiry website was also down for a brief time yesterday but it is not known whether this was due to a DDoS attack. However in an interview with TechWeek Europe the group claimed Leveson and the ICO were legitimate targets. In the same interview the group claimed responsibility for attacks on Home Secretary Theresa May’s website in response to Britain’s extradition laws.

Government websites have often found themselves in the firing line of groups such as Anonymous and LulzSec, loosely-organised groups that aim to bring down websites or access them to get at sensitive data.

Previous victims include the CIA, SOCA, Interpol, the Spanish National Police and the FBI.

"DDoS attacks are becoming a regular occurrence against government websites," said André Stewart, president international at Corero Network Security. "In fact, any organisation, government or enterprise that relies on the Internet to conduct business is a potential target."

"The attackers’ intent often is to slow or bring down a website for the entire world to see. Because of the public nature of such an attack, the victim organisations have to own up to what has happened and, in the case of government entities, explain why it will not or cannot respond effectively," Stewart added. "And these highly public DDoS attacks are increasingly being used as a diversion or smokescreen to launch more surreptitious attacks aimed at stealing data or sensitive information."


Further reading:

Hacktivism: Doing it for the lulz?

Anonymous hits F1 site in Bahrain GP protest

IT bosses expect cyber attack within six months

SOCA website down after DDoS attack

Anonymous claims CIA website takedown for the second time

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.