SOCA Website Forced Offline By DDoS Attack

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

The Serious Organised Crime Agency (SOCA) has been taken offline by a DDoS attack, TechWeekEurope has learnt

The Serious Organised Crime Agency’s (SOCA) website has been taken down by a distributed denial of service (DDoS) attack, TechWeekEurope has learned.

A spokesperson from SOCA revealed the website was hit at 10pm last night by an attack which is ongoing this morning. At the time of publication, the website was unreachable. No culprit has been identified, but SOCA has previously been hit by the LulzSec hactivist group.

Tango down…

“At approximately 10PM last night, we elected to take our website offline to limit the impact of a DDoS attack on the site,” the spokesperson said. They said SOCA would not comment on the size or the source of the hit.

“The reason we take it down is to prevent and limit any impact on the clients hosted by our service provider. Clearly the things we’d like to stress are that the SOCA website contains only publicly available information, it does not provide access to operational material.

“DDoS attacks cause a temporary inconvenience to website visitors, they don’t impose a security risk to the organisation. We will monitor the situation and put the site back up when it is appropriate to do so.”

The SOCA spokesperson said there was no specific timeframe in which it planned to have the site back up, but said it hoped the website would be working “as soon as possible”.

This is not the first time SOCA has been hit by a DDoS. In June last year, hacktivist group LulzSec claimed to have taken the SOCA site down, following hits on the CIA and the NHS, amongst others.

Later in 2011, LulzSec suspect Jake Davis, who was believed to be one of the hacktivist group’s chief operators Topiary, was charged on suspicion of being behind the SOCA hit.

The DDoS on the site last night and continuing today could be in retaliation to SOCA’s recent move to take down 36 websites selling personal information and credit card details. SOCA estimated its effort helped recover 2.5 million credit cards and prevent the loss of at least £500 million.

Rik Ferguson, director of security research and communication at Trend Micro, claimed SOCA would not be embarrassed by the second successful DDoS hit on its website in a year. “There’s no reputational damage at all. Everyone is a potential victim and SOCA is a ‘very potential’ victim, if you want to put it that way,” he told TechWeekEurope. “They are an obvious target – you would expect them to have frequent attacks.”

As for who he thought might be behind the DDoS hit, Ferguson believes hacktivists are the obvious suspects. “If it is a DDoS against SOCA, that’s got to be your first assumption,” he added. “There are very few other organisations that are going to be motivated to do something as senseless as a DDoS on a non-critical website that doesn’t do any damage to anybody.”

Mikko Hypponen, chief research officer at F-Secure, said he thought organised crime gangs were a likely candidate too, following the SOCA website takedowns last week. “We have to remember that the website isn’t really critical in any way for SOCA’s operation. Maybe they are not too concerned about the odd DDoS and focus on something more important instead,” Hyponnen added.

Are you a security expert? Try our quiz!