The National Crime Agency is a UK body which tackles online cyber attacks and recently arrested 6 people for using Lizard Squad’s DDOS tool. In an act of retaliation, the hacking group conducted a DDOS attack on the NCA website. The team mockingly used the NCA’s logo in a Twitter post and publicly announced the DDOS attack. An NCA spokesperson said about the incident:
“The NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability. At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.”
Hacking via a DDOS method doesn’t usually result in long-term chaos and the majority of sites can be up and running within 1-2 hours. Of course, this greatly depends on the scale and complexity of each hacking attempt. The NCA spokesperson emphasized this and argued:
“The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”
However, Dave Larson, CTO at Corero Network Security explained the more sinister impact of DDOS attacks on network infrastructure:
“The recent reports indicating that the National Crime Agency website has been taken offline by DDoS attack, seemingly by the increasingly popular DDoS-for-hire site, Lizard Stresser is a classic example of cyber-warfare taking aim in retaliation of the recent arrests of individuals associated with the service.
“DDoS attacks can be a nuisance, cause temporary or long term service disruptions, and take down IT security infrastructure in any organization. What is even more distributing is the potential for even greater damage in the form of smokescreen diversions allowing hackers to run additional attacks aimed at breaching sensitive data and further impacting operations.
“DDoS mitigation strategies must be viewed as more than just protecting your website, it is protecting the business, your intellectual property and your customers.”
In my opinion, this particular hack was nothing more than an inconvenience and predatory response to the 6 arrests. Arguably, Lizard Squad hopes this sends a warning message out to government bodies trying to infiltrate the group and arrest its leading members. Personally, I feel this is more of a PR stunt and not a valid attempt to make the NCA’s website inoperable.
What do you think of Lizard Squad?
— Lizard Squad (@LizardLands) September 1, 2015
Thank you The Register for providing us with this information.