A distributed denial of service (DDoS) attack that downed the website of the UK’s National Crime Agency (NCA) highlights the need for much better preparation against cyber crimes for every type of digital organisation.

A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

Hacking group Lizard Squad claimed responsibility for the attack in revenge for the arrest of six teenage hackers in five UK locations. The teenagers were arrested on suspicion of using the Lizard Squad’s Lizard Stresser DDoS attack tool to target a national newspaper, a school and online gaming companies and retailers.

In its statement, the NCA said the attack was not a security breach and did not affect its operational capability. However, it realises its website is an attractive target and attacks are a fact of life, so it needs to strike a balance between keeping its website accessible with the cost of doing so.

The UK teenagers (aged between 15 and 18) arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as bitcoin in a bid to remain anonymous.

The arrest was part of the NCA-led Operation Vivarium, the aim of which was to crack down on DDoS attacks, as well as raise awareness on the issue. As part of a law enforcement operation, police officers are also visiting around 50 addresses linked to individuals registered on the Lizard Stresser website.

Those receiving visits will be told DDoS attacks are illegal, can prevent individuals from accessing vital on-line services and can cause significant financial and reputational damage to businesses. They will also be informed that committing cyber crime can result in severe restrictions on their freedom, access to the internet, digital devices and future career prospects.

Tools like Lizard Stresser can be bought for a comparatively small fee but can cripple businesses financially and deprive people of access to important information and public services.

A key priority of the NCA’s National Cyber Crime Unit is to help those at the fringes of cyber criminality to understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers.

Links and related stories
Computer Weekly, DDoS attack on NCA highlights need to be prepared, says Barracuda Networks
Computer Weekly, Police arrest six UK teenagers for using DDoS cyber attack tool
National Crime Agency – National Cyber Crime Unit
National Cyber Crime Unit  – A Day in the Life