back to article NCA targeted by Lizard Squad in apparent DDoS revenge attack

The National Crime Agency's website has been hit by a DDoS attack, in an apparent act of revenge for the body's recent crackdown on users of Lizard Squad. The site was taken down this morning and remained offline at the time of publication. Last week the NCA arrested six people on suspicion of maliciously deploying Lizard …

  1. Otto is a bear.

    Hmmmmm - Lets paint a target on our own backs

    The NCA are right, very few governmental organisations are operationally dependent on their web sites, so all you manage to do is piss off the general public and a few IT administrators.

    Oh and draw attention to yourselves from people who are looking for reasons to take you down. There are lots of proverbs about not drawing attention to yourself from those bigger and harder than you are.

    Never let your ego get ahead of common sense.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmmmm - Lets paint a target on our own backs

      "Never let your ego get ahead of common sense."

      Judging by the arrests they're all a bunch of idiot teens. Common sense generally isn't a major part of the package with that particular age group. The only way to stop script kiddies is to hand down some seriously heavy custodial sentances so the morons still out there have to judge whether a few hours Sticking It To The Man is worth a few years of Many Men Sticking It To You in the nick.

      1. Cynic_999

        Re: Hmmmmm - Lets paint a target on our own backs

        For some reason people still believe that harsh punishments deter crime despite all the many studies that show the opposite. All that disproportionate punishments achieve is make the criminal bitter and anti-social. Fine a litterer £100 and it may deter him from littering. Put him in jail for a year (which often means that he loses his job, home and family), and you may well have changed the litterer into a serious criminal who will cause some real harm. Punishments that are too lenient make a mockery of the system (though that is less damaging). Proportionality is the key. For teenagers who have caused no lasting damage, cleaning off graffiti every weekend for 3 months will be plenty sufficient.

        If you believe that harsh punishments will deter others you are mistaken. Very few people know what punishment to expect when they commit a crime. The biggest deterrent is to increase the perception of the probability that the person will be caught.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hmmmmm - Lets paint a target on our own backs

          "If you believe that harsh punishments will deter others you are mistaken."

          It will deter some and thats better than none. Obviously there will be sociopaths who don't care and others who are too stupid to understand (you being one of them apparently) but your average functioning adult - even the criminal variety - will think twice if the sentence is harsh. Plus while someone is banged up its a bit difficult for them to re-offend.

          1. auburnman

            Re: Hmmmmm - Lets paint a target on our own backs

            "while someone is banged up its a bit difficult for them to re-offend."

            But a piece of piss for them to learn a lifetime's worth of criminal behaviours and skills - which they'll need for a life of crime when they do get out given that prospects of making an honest wage are pretty fucked.

            1. Anonymous Coward
              Anonymous Coward

              Re: Hmmmmm - Lets paint a target on our own backs

              "But a piece of piss for them to learn a lifetime's worth of criminal behaviours and skills -"

              RIght, as if they couldn't learn all this stuff out on the street anyway.

              "which they'll need for a life of crime when they do get out given that prospects of making an honest wage are pretty fucked"

              Anyone who has a criminal record has their job prospects pretty fucked. Having been in prison will make little difference.

          2. Cynic_999

            Re: Hmmmmm - Lets paint a target on our own backs

            "

            It will deter some and thats better than none.

            "

            Tell me, what punishment would you expect to receive should you be found guilty of a public order offence after you lost your temper and shouted insults at a waiter for accidentally spilling a drink on your clothes? The chances are that you have absolutely no idea - the same as 99.9% of the rest of the population. So unless everyone learns the sentencing guidelines for 10001 different crimes, how could something unknown act as a deterrent?

            But also tell me, if as a result of driving at 45MPH in a 40MPH zone you were you were put in prison for 12 months (which may well destroy your life because you'd lose your job, would be unable to pay any debts you have, e.g. mortgage or rent, and wives/girlfriends often won't put up with the change), do you believe that you would leave prison being (a) much more law-abiding or (b) more antisocial? Be honest.

  2. djack

    Non-event for NCA

    If the NCA have similar arrangements to their predecessor (SOCA) then the web site is hosted by an ISP totally unrelated to any of their other networks. It's only value to them is for PR, it is a convenient place to publish press releases.

    1. Anonymous Coward
      Anonymous Coward

      Re: Non-event for NCA

      Yep, this is exactly the case.

      I worked at SOCA on the comissioning of their pre-NCA website, this was around 2010/2011.

      The simple fact of the matter is that the site was hosted externally, containing nothing but press releases and some blurb about how to apply for positions at SOCA. It didn't store any data that the organisation would consider to be personal, private or of any value to anyone, furthermore it wasn't the only copy of the data, so if it was lost, it didn't matter.

      They picked the cheapest ISP and web development company that they could find. They knew when commissioning it that:

      1. It would be trivially easy to take it down with a DoS attack

      2. That probably it could be hacked and defaced fairly easily

      3. That probably there would be some reputational embarressment when (not if) either of these eventualities occurred

      They knew that the same risks would be present, however much money they threw at the problem and that even if they spent a lot of money today to make it difficult to disrupt the service, it could still be disrupted and that it would probably be easy for someone to disrupt it with technology available tomorrow, so in order to avoid reputational damage, it would require constant review and additional expenditure to ensure that they kept upgrading the counter measures.

      They decided it wasn't worth it, so they went with the cheapest and prepared their press statements in advance of the inevitable 'hack'.

      Just a few days after it went live, someone did a DoS on it, which for me was quite funny because the press were just informed about the new site a day or so before it was attacked, so whoever attacked it timed it perfectly.

      SOCA decided to shut it down for a couple of days, mainly to protect the ISP's other customers, who were also affected by the attack, it was all quite amicable really. The press picked up on it almost immediately and the statement they gave at the time was pretty similar to what was issued today.

      1. Anonymous Coward
        Anonymous Coward

        Re: It would be trivially easy

        Given what they do, I'd be tempted to set it up as a honey pot so if anybody did anything other than a DDOS you could hall them in.

        But I suppose there'd be too many legal ramifications to that, so just as well they chose what they did.

      2. Mark 85 Silver badge

        Re: Non-event for NCA

        Wouldn't it be nice of all government and even corporate websites had some of that philosophy? Just because you need something customer facing doesn't mean that every server the entity owns needs to be available to the web.

        <rant> At the very least, firewall the hell out of servers holding data. At the most, air gap the internal from the external network. Damn.. I'm sick of stupidity. The US's PMO is prime example of this stupidity in action.

  3. Bc1609

    SHOCKHORROR: Spokesman is perfectly correct

    Nice to see a gov-chap (or, let's be honest, a spokesman for any organisation) react in such a measured and informed way.

    1. Pascal Monett Silver badge

      Re. such a measured and informed way

      It might have something to do with the fact that the NCA has seen and regularly sees worse than that (in real life, I mean), coupled with the fact that the NCA is not political or politicised, so nobody there has anything to gain by going nuts over a simple and unavoidable DDoS.

      But it's still nice to see, indeed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like