Tag Archives: soca

Two Norwegian Teens Arrested After SOCA DDoS Attack

Posted on by
Reply

Last week we reported that the website of the UK’s Serious Organised Crime Agency (SOCA) was brought down by hackers who staged a DDoS attack. Now it has emerged that two teenagers in Norway have been arrested for a series of computer attacks with SOCA believed to have been one of their targets.

There may be further arrests or at the very least more people brought in for questioning, with Norwegian prosecutor Erik Moestue quoted as saying: “We have arrested the two we think were most important in these attacks, but we still want to talk to more people.”

He added: “We know SOCA was recently attacked, as well as Norwegian and American sites, and that is one of the things that we are looking into.”

A spokesperson for Norway’s National Criminal Investigation Service said that the sites in Norway and America had also been hit by a DDoS attack. The two suspects, aged 18 and 19, were charged at the end of last week after a period of sustained electronic attacks going on for several weeks.

Mr Moestue said the case was still under investigation and that it was too early to discuss the motive for the attacks. However, if the pair are found guilty then the maximum sentence for the offences they are being charged with is a six-year jail term.

A Norwegian press agency reported that the country’s largest financial services group DNB has been attacked, along with the Police Security Service, but NCIS would not confirm this.

Hacktivists Bring Down Soca Website With DDoS Attack

Posted on by
Reply

The Serious Organised Crime Agency’s website was taken offline on Wednesday following a Distributed Denial of Service attack. Soca recently took down 36 sites involved in selling large quantities of stolen credit card data, but a spokesman for the UK agency would not confirm whether or not it knew who was behind the attack or why it took place.

The spokesman was quick to downplay the incident and point out that no confidential information was ever in danger of being stolen or made public, saying:

DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk… Soca’s website contains only publicly available information and does not provide access to operational material.” He went on to add that when the site was taken offline on Wednesday evening, Soca “took action to limit the impact on other clients hosted by the [same] service provider.”

This not the first time that the Soca’s website has been targeted. In June 2011 members of the hacktivist group LulzSec forced the site to be taken offline using similar techniques. But why haven’t sites wised up to DDoS attacks?

Rik Ferguson, a security expert from Trend Micro, said that while it is possible for many sites to protect themselves from DDoS attacks, the cost cannot always be justified. His analogy may seem a little silly, but it does make a good point:

“The sensible person doesn’t walk around in a beekeeper’s outfit to keep the wasps away from their ice cream in summer. The sensible person accepts that wasps are attracted to ice cream and that wasps will always outnumber ice creams.”

In recent years we are seeing an increasing number of attacks aimed at bringing down websites. But I suppose the question is when will this end? Even though hackers are being arrested, as their skills increase it can become harder to track those still operational. Do you think that the authorities will ever purge the web of hacktivists?

Combined Police Operation Takes Down 36 Credit Card Fraud Sites

Posted on by
Reply

This week saw a victory for the authorities in the war against data theft and credit card fraud. The UK’s Serious Organised Crime Agency (Soca) arrested two men, leading to 36 sites used for selling stolen card and bank details being shut down.

The men who were arrested are suspected of making large-scale purchases of data from e-commerce type platforms known as Automated Vending Carts (AVCs) which afford criminals the ability to sell large quantities of stolen data quickly and easily. These 36 sites of this nature that were shut down now direct visitors to a screen informing them that the web domain has been seized by law enforcement.

Along with the two arrests and the virtual take-down, the UK’s Dedicated Cheque & Plastic Crime Unit also seized a number of computers that are thought to have been used to facilitate offences under the Fraud Act.

In the past two years, Soca – along with other organisations such as the FBI and Australian Federal Police – has recovered more than 2.5m items of compromised personal and financial information. This recovered data has been passed to financial institutions both in the UK and overseas in the hope that it will help stop fraud taking place against the relevant accounts. It is estimated that this has prevented over £500m worth of fraudulent transactions.

Ultimately how easy a target an individual is for an identity thief depends on how much of their personal information is readily available in the public domain as well as what is stored ‘safely’ online. With hackers and criminals becoming more adept at obtaining this information, it is time that the innocents thought long and hard about what private information they post online and how they choose to share this information.