The UK’s Serious Organised Crime Agency’s (Soca) website has been taken offline following a cyber attack.
SOCA has confirmed that a Distributed Denial of Service (DDoS) attack took the website offline at about 22:30 on Wednesday night, according to the BBC. The site remains offline at the time of writing.
According to the BBC, a statement from SOCA claimed that the attack did not pose any risk.
"We took action to limit the impact on other clients hosted by the [same] service provider," the spokesman told the BBC. "DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk. Soca’s website contains only publicly available information and does not provide access to operational material."
Although SOCA offered no clues as to who may be responsible for the attack, suspicion has fallen of hacktivism groups such as Anonymous and LulzSec.
It is the second time the agency’s website has been forced offline following a DDoS. Last June LulzSec claimed responsibility for taking the site down with a DDoS attack.
SOCA was recently involved in an operation that closed down 36 websites selling stolen credit card information. Two men in the UK and another in Macedonia were arrested as part of the operation. It is not known if the current attack is related to that operation.
Andrew Kellett, senior security analyst at Ovum, said it was ‘no surprise’ that SOCA had been attacked and its website taken offline because, "Operating in a state of security compromise is a reality that most organisations are not comfortable admitting to, but is an accurate reflection of how most IT infrastructure functions today."
What is surprising is that, "defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on Soca in June 2011," he added.
"Also comments suggesting that "DDoS attacks are a temporary inconvenience" do not always fit the reality. Hacktivist attacks targeting particular operations have been known to be both persistent and longstanding, requiring extensive DDoS defences. Under the circumstances the actions of the agency appear to have been prompt and correct. They look to have spotted the attack quickly and by taking their site down reduced the impact on others who share the same service provider resources," Kellett added.
André Stewart, President International at Corero Network Security echoed Kellett’s comments suggesting SOCA should have upgraded its security following the original DDoS attack.
"SOCA’s apparent unwillingness to take measures to mitigate DDoS attacks, such as the one that shut down its public website Wednesday, is an open invitation to hackers to target them," he said. "Its response that it would not be a "responsible use of taxpayers’ money" on the off chance of a public-facing site being hit calls in to question its entire approach to network security and ability to stop attacks.
He added that the attack should not be dismissed as posing no threat to the organisation.
"It is known that DDoS attacks often are used as a smokescreen for other, surreptitious attacks aimed at stealing data, and this threat should not be taken lightly," he said.
Hacktivists have hit a number of government websites over the last few years, with the FBI, the US Senate and the CIA all targeted.
CBR’s recent in-depth feature on hacking, Hacktivism: Doing it for the lulz?, is available here.