Soca: last night's DDoS attack did not pose a security risk
Soca: last night's DDoS attack did not pose a security risk

The website of the Serious Organised Crime Agency (Soca) has been taken offline after it was hit by a distributed denial-of-service (DDoS) attack last night.

Although no claim of responsibility has been made, Soca said that the attack did not "pose a security risk to the organisation". A statement issued to BBC News said: “We took action to limit the impact on other clients hosted by the [same] service provider.

“DDoS attacks are a temporary inconvenience to website visitors but do not pose a security risk. Soca's website contains only publicly available information and does not provide access to operational material.”

While no responsibility was claimed, a tweet by Anonymous said: “Tango down: DDoS attack takes down site of UK Serious Organised Crime Agency (Soca)” – with a link to the BBC News story.

Pro-US hacker The Jester said in a tweet that the attack was "prob retaliation to carder site takedowns last week". Last week, Soca and the FBI shut down 36 websites that were believed to be selling stolen credit card information, with 2.5 million items of compromised data recovered.

Rob Rachwald, director of security strategy at Imperva, called these takedowns "significant" and "a serious blow".

Nathan Pearce, EMEA product manager at F5 Networks, said: “It is a bold move for anyone to launch a DDoS attack on Soca and in the real world, this could be compared to putting graffiti on the Scotland Yard sign. Soca does not depend on its website to operate in the real world and there is far more a risk to online service providers than organisations such as Soca."

In agreement was Rik Ferguson, director of research security and communication EMEA at Trend Micro, who said: “In the case of Soca, their website being unavailable for a period of time has no impact on their ability to do business and very little impact on the public at large. Is it worth the expense of large-scale DDoS mitigation technologies? Probably not. Does it harm the Soca brand to be seen to do nothing or very little to stop these attacks from happening? Again, probably not; Soca is treating the attacks with the contempt they deserve.”

Rob Cotton, CEO of the NCC Group, said: “DDoS attacks are the most common type of cyber attack, because they're straightforward to execute. Although they don't pose a risk in terms of data security, their impact can be massive. If a commercial site is offline, companies are effectively turning away customers and losing revenue. Reputation for reliability and customer service are also at risk. Any website is susceptible, and an 'it won't happen to me' attitude is extraordinarily naïve.”

Soca was previously hit by a DDoS in June 2011 by the hacktivist group LulzSec; arrests were later made of Jake Davis and Ryan Cleary in connection with the attack.

Andrew Kellett, senior security analyst at Ovum, said: “Targeted attacks supported by high levels of resource have the potential to disrupt any operation. So it comes as no surprise to find that the Soca website has fallen victim to DDoS and as a result had to be taken offline.

“What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on Soca. Also, comments suggesting that ‘DDoS attacks are a temporary inconvenience' do not always fit the reality. Hacktivist attacks targeting particular operations have been known to be both persistent and longstanding, requiring extensive DDoS defences.

“Under the circumstances the actions of the agency appear to have been prompt and correct. They look to have spotted the attack quickly, and by taking their site down reduced the impact on others who share the same service provider resources.”