SOCA website brought down by cyber criminals (UPDATED)

Crime agency's website taken offline by DDoS attack

The website of the UK's Serious Organised Crime Agency (SOCA) has been brought down by cyber criminals executing a distributed denial of service (DDoS) attack.

This is the second time in under 12 months that the organisation's web presence has come under cyber attack, following a similar assault from hacking pranksters Lulzsec in June last year.

A spokesperson for SOCA confirmed that the site was taken down on Wednesday 2 May, but that there was no security risk. The site appeared to remain offline until the afternoon of Friday 4 May.

When Computing asked why it had taken so long for the website to be restored, the spokesman said that "it was put back up when it was worthwhile and appropriate to do so".

Although it is currently unclear who is behind the attack, a Twitter account purporting to represent hacktivist group Anonymous greeted the news with the familiar term "Tango down", which it often uses to make reference to sites that have fallen victim to its own attacks.

"TANGO DOWN: DDoS attack takes down site of UK Serious Organised Crime Agency (Soca)," said the account's Twitter feed.

SOCA would not confirm whether it had found the responsible party and would not disclose any further information related to the attack.

"We are not discussing this at the moment. There is no update on [the perpetrator] at this time," the spokesperson added.

Graham Cluley, senior security consultant at Sophos, explained that although no data had been stolen, the action is still illegal.

"SOCA is right to highlight that there is no security risk posed by the DDoS attack, but we still have to remember that such an assault is illegal. DDoS attacks can cause huge disruption to organisations and their visitors, and can be used to make political points, prevent firms from doing business and even blackmail targeted websites."

Cluley added that there are various criminal groups bearing grievances against SOCA.

"Although it's natural to assume that hacktivists such as Anonymous and LulzSec might be responsible, it's equally possible that other cyber criminals are to blame. For instance, the UK police recently shut down 36 illegal websites selling stolen credit card details. Whoever is to blame - they may have chosen their victim unwisely, as a DDoS attack can land the perpetrators in jail for up to 10 years."

The organisation and co-ordination of the UK's cyber security bodies has recently come under fire from various high-profile security industry figures. SOCA itself will shortly be replaced by the National Crime Authority, although some have expressed concerns over whether it will prove to be any more effective.