The Serious Organised Crime Agency’s website was taken offline on Wednesday following a Distributed Denial of Service attack. Soca recently took down 36 sites involved in selling large quantities of stolen credit card data, but a spokesman for the UK agency would not confirm whether or not it knew who was behind the attack or why it took place.
The spokesman was quick to downplay the incident and point out that no confidential information was ever in danger of being stolen or made public, saying:
“DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk… Soca’s website contains only publicly available information and does not provide access to operational material.” He went on to add that when the site was taken offline on Wednesday evening, Soca “took action to limit the impact on other clients hosted by the [same] service provider.”
This not the first time that the Soca’s website has been targeted. In June 2011 members of the hacktivist group LulzSec forced the site to be taken offline using similar techniques. But why haven’t sites wised up to DDoS attacks?
Rik Ferguson, a security expert from Trend Micro, said that while it is possible for many sites to protect themselves from DDoS attacks, the cost cannot always be justified. His analogy may seem a little silly, but it does make a good point:
“The sensible person doesn’t walk around in a beekeeper’s outfit to keep the wasps away from their ice cream in summer. The sensible person accepts that wasps are attracted to ice cream and that wasps will always outnumber ice creams.”
In recent years we are seeing an increasing number of attacks aimed at bringing down websites. But I suppose the question is when will this end? Even though hackers are being arrested, as their skills increase it can become harder to track those still operational. Do you think that the authorities will ever purge the web of hacktivists?