Soca website taken down after LulzSec 'DDoS attack'

  • Published
Soca website
Image caption,

The Soca website was taken offline by an apparent denial of service attack

The UK Serious Organised Crime agency has taken its website offline after it appeared to be a victim of an attack by hacking group Lulz Security.

Soca said it had taken its website offline to limit the impact attack on clients hosted by its service provider.

Soca.gov.uk had been unavailable for much of Monday afternoon, with an intermittent service restored later.

Lulz Security has said it was behind the denial of service attack which had taken the website offline.

Earlier on Monday, as the agency launched an investigation, LulzSec tweeted: "Tango down - in the name of #AntiSec".

The group has hit a number of high-profile websites in recent weeks, including the CIA and US Senate.

Soca appeared to be the victim of a distributed denial of service (DDoS) attack, where large numbers of computers, under malicious control, overload their target with web requests.

In a statement given to BBC News, a Soca spokesman said: "Soca has chosen to take its website offline to limit the impact of DDoS attack on other clients hosted by our service provider.

"The Soca website is a source of information for the general public which is hosted by an external provider. It is not linked to our operational material or the data we hold."

Embarrassment

Earlier on Monday, a LulzSec Twitter posting seemed to confirm the nature of the attack.

"DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes," it said.

The latest attack will come as an embarrassment for Soca, which is tasked with investigating cybercrime.

"It is not going to please the boys in blue one bit," said Graham Cluley, senior technology consultant at security firm Sophos.

Mr Cluley added that it was wrong to confuse DDoS with the kind of hacking that can lead to confidential information being stolen.

However, he warned that LulzSec was capable of both types of attack.

"They have in the past broken into websites and stolen e-mail addresses and passwords, so there is a lot of harm can be done."

Big Lulz

When Lulz Security first appeared in May, the group portrayed itself, external as a light-hearted organisation, bent on creating online fun and Lulz (laughs).

Soon after, details of its hacking exploits began to emerge.

The first involved stealing and publishing a database of US X-Factor contestants, including their e-mail addresses and phone numbers.

It followed up with a mixture of website denial of service attacks and intrusions where data was taken and made available on the internet.

On June 19, LulzSec declared that it would begin targeting government systems, calling the campaign Antisec.

"Top priority is to steal and leak any classified government information, including e-mail spools and documentation. Prime targets are banks and other high-ranking establishments," said a post on the group's website.

The reason for LulzSec's greater focus on government is unclear, although it appears to have recently ended a feud with the more politically-motivated group Anonymous.

Related internet links

The BBC is not responsible for the content of external sites.