The website of the UK’s National Crime Agency (NCA) was briefly taken offline by a hacking collective known as Lizard Squad. The incident happened days after six alleged members of the group were arrested for taking part in distributed denial of service (DDoS) attacks.
The NCA, which has a dedicated cyber division, announced six arrests across the UK as part of Operation Vivarium last week targeting Lizard Squad’s Lizard Stresser. The DDoS tool can be used to take websites offline for up to eight hours at a time by overloading them with traffic.
Access to Lizard Stresser is being sold online, and the hacking collective takes payment via bitcoins.
The NCA said targets include newspapers, online retailers and gaming companies. Lizard Squad has a reputation for attacking the gaming industry, and became especially notorious after the attack on Sony PlayStation over Christmas last year.
NCA officers are now visiting approximately 50 addresses linked to individuals registered on the Lizard Stresser website, but who are “not currently believed to have carried out attacks”.
Tony Adams, head of investigations at the NCA’s National Cyber Crime Unit, said after the arrest warrants were issued that DDoS attacks are illegal and can cause significant trouble for businesses.
“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services,” he said.
“This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.”
However, despite the arrests, in which a third of the individuals identified were under the age of 20, it seems that the hackers have shown defiance by launching a DDoS attack on the NCA websire.
Lizard Squad tweeted its logo on Tuesday morning with the caption ‘Stressed out?’ alongside a link to the NCA website, which was then offline.
The NCA said that it is “an attractive target” to hackers and that DDoS attacks on its website are “a fact of life”.
The organisation added in a statement to V3: “DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability.
“At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.
“The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”
Law enforcement has cracked down on Lizard Squad following a growing number of attacks and now appears to be closing in on those involved.