UK’s SOCA sees second DDoS attack in less than a year

The UK’s Serious Organised Crime Agency (SOCA) has confirmed that its website has suffered a distributed denial-of-service (DDoS) attack. but it’s not particularly worried by this form harassment.

Security and data protection solutions provider Sophos notes on its blog that this is the second time in less than a year that SOCA’s website has been targeted. Last year the SOCA site was down after LulzSec issued a DDoS attack in June.

A SOCA spokesperson confirmed with TechWeekEurope that the website was taken offline at around 10pm on Wednesday:

“The reason we take it down is to prevent and limit any impact on the clients hosted by our service provider.

Clearly the things we’d like to stress are that the SOCA website contains only publicly available information, it does not provide access to operational material.

DDoS attacks cause a temporary inconvenience to website visitors, they don’t impose a security risk to the organisation. We will monitor the situation and put the site back up when it is appropriate to do so.”

But although security may still be intact, Graham Cluley, senior security consultant at Sophos says that the perpetrators of this attack are still in breach of the law.

“SOCA is right to highlight that there is no security risk posed by the DDoS attack, but we still have to remember that such an assault is illegal.

DDoS attacks can cause huge disruption to organisations and their visitors, and can be used to make political points, prevent firms from doing business and even blackmail targeted websites.

Although it’s natural to assume that hacktivists such as Anonymous and LulzSec might be responsible, it’s equally possible that other cybercriminals are to blame. For instance, the UK police recently shut down 36 illegal websites selling stolen credit card details.

Whoever is to blame – they may have chosen their victim unwisely, as a DDoS attack can land the perpetrators in jail for up to ten years.”

It’s not clear yet who is behind the attack, it could be anyone from regular cyber-criminals to LulzSec sympathisers or simply black hat hackers trying their best to be disruptive.

SOCA is likely to be a target for such attacks due to the nature of its work. The Agency recently shut down 36 websites selling credit card details.

We’ll be sure to update as soon as we find out more.