UK’s National Crime Agency hit by DDoS attack, following LizardStresser arrests

Last week, after British police arrested six people in relation to alleged distributed denial-of-service (DDoS) attacks conducted with the LizardStresser tool, the National Crime Agency (NCA) tweeted a stark warning to those attempting to disrupt websites by overloading them with traffic.

The inventive cybercops re-used the Lizard Squad hacking gang’s monocle-wearing, pipe-smoking, top hat-wearing mascot to warn potential users of its DDoS-on-demand service that they might expect a visit from the boys in blue.

Ever used a #DDoS tool? If you’re registered to #LizardStresser officers may be visiting you soon!

This morning, however, as Sky News reports, it wasn’t online criminals who were feeling the heat – but the National Crime Agency’s own website, which appeared to be sufferering its own denial-of-service attack.

NCA website down

In a tweet, Lizard Squad appeared to claim credit for the attack, mocking the earlier tweet issued by the NCA.

LizardSquad's tweet

It’s important to understand that a denial-of-service attack isn’t as serious as a website being hacked, or databases being stolen. It’s the difference between a group of people sitting outside a department store to prevent others from entering, and a crack-squad of criminals breaking in at the dead of night and stealing all the goods.

You don’t need to be a genius to launch a denial-of-service attack, you just need a few computers at your disposal to bombard a site with enough traffic to make it trip over. Bigger commercial websites that cannot afford to ever be offline invest in systems to help prevent DDoS attacks from succeeding, but a site like the National Crime Agency probably doesn’t have to lose too much sleep over it.

Sure, they would prefer it didn’t happen – but it’s hardly the end of the world.

In a statement issued to the media, an NCA spokesperson confirmed the site had been brought down by a distributed denial-of-service attack, and that it had been successfully brought back online shortly afterwards:

“The NCA website is an attractive target. Attacks on it are a fact of life. DDOS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability. At worst it is a temporary inconvenience to users of our website.

“We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly. The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”

Whether the most serious hacking offence or not, denial-of-service attacks are still illegal in many countries around the world, and if you were one of those who decided to help Lizard Squad in its act of revenge this morning it’s unlikely that your actions will be looked upon favourably if the NCA ever identities you and brings you to court.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.