Anonymous Attacks DWP Website Over Privacy Breaches

The DWP becomes the next target of Anonymous splinter cell, the ATeam

The Department for Work and Pensions (DWP) has seen its website taken offline thanks to a distributed denial of service (DDoS) attack, which the Anonymous splinter group the ATeam has taken credit for.

The ATeam said the hit was in retaliation against a Channel 4 ‘Dispatches’ report, which discovered almost 1,000 DWP staff were disciplined over a 10-month period from April 2011 to January 2012 for unlawfully or inappropriately accessing social security records. Additionally, the Department of Health admitted there had been 158 reported incidents of unlawful access to medical records throughout last year.

The site was disrupted today and occasionally completely down. “There was some disruption to the website that we have been investigating and working on,” a DWP spokesperson said. “But for the majority of people the website has been working and continues to work normally.”

Anonymous action

The ATeam spokesperson, Winston Smith, told TechWeekEurope the group did not want to damage the “symbolic” targets, but wanted to “raise the profile of privacy breaches.” The Information Commissioner’s Office (ICO), which said it was going to investigate the findings of the ‘Dispatches’ report, was another ATeam target this week. The regulator saw its site intermittently taken offline for periods of Tuesday and apologised to users for the disruption.

Winston claimed his own medical records were unlawfully accessed. “I have been a victim,” he said, claiming the information had been tampered with and used against him in a court case in which he was seeking access to his child.

Earlier this week, TechWeekEurope was invited into the ATeam’s Anonymous IRC session during the hit on the ICO. The group revealed it had been using large botnets – one with 10,000 bots, another with 50,000 – to take down various websites, including those belonging to Theresa May and the data protection watchdog. AnonX, one of the DDoS initiators, said he had acquired bots by using malware that people had downloaded without their knowledge. These are known as malicious botnets.

Meanwhile, other members of Anonymous are targeting various Indian government websites as part of its OpIndia campaign. Government departments, two political parties and the nation’s Supreme Court were all targeted. The Indian Department for Electronics and Information Technology was one of the hardest hit.

Copyrightlabs.in, which won an order earlier this year to stop access to file-sharing sites offering copies of Bollywood films, was also targeted and was down at the time of publication.

“We have come to a conclusion that the Indian government has failed. It is time that we all rise and stand up against the corrupt government,” Anonymous said in a YouTube clip promoting OpIndia.

Are you a security enthusiast? Try our quiz!