Lizard Squad DDoS Attack Targets UK National Crime AgencyDisruption Appears to be Revenge for DDoS Crackdown
A band of hackers that market a tool designed to launch distributed denial-of-service attacks has targeted the public-facing website of the U.K.'s National Crime Agency. The DDoS attack appears to be a retaliation for the NCA's recent crackdown on DDoS tool users (see U.K. Police Detail DDoS-for-Hire Arrests).
See Also: Ransomware: The Look at Future Trends
The NCA website disruption occurred Sept. 1 at about 9 a.m. British Time. But the NCA's site appeared to be accessible again just a short time later.
Credit for the attack appeared to be taken by the Lizard Squad hacking gang. "Stressed out?" the group said via Twitter, including an image that the NCA used last week when it announced a crackdown on customers of DDoS disruption services, including Lizard Squad's Lizard Stresser DDoS tool.
The NCA confirmed that its site was being disrupted, but said the attack involved no hacking. "The NCA website is an attractive target. Attacks on it are a fact of life," an NCA spokeswoman tells Information Security Media Group. "DDoS is a blunt form of attack which takes volume and not skill. It isn't a security breach, and it doesn't affect our operational capability."
NCA also notes that while DDoS attacks are a nuisance, it has related countermeasures in place. "At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat, which can scale up endlessly," the NCA spokeswoman says. "The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that's proportionate."
@SkyNews The NCA website is being DDOS'd. This isn't hacking, there's been no intrusion - fairly standard cyber attackï¿½ NationalCrimeAgency (@NCA_UK) September 1, 2015
Who Is Lizard Squad?
Lizard Squad has been tied to numerous attacks and disruptions, including a hoax threat via Twitter that triggered an emergency diversion of a plane on which the president of Sony was traveling. The gang also claimed credit for disrupting Sony PlayStation and Microsoft Xbox Live networks on Christmas Day 2014. The group used that disruption to market what was then its new Lizard Stresser tool.
More recently, however, Lizard Stresser has been drawing the attention of investigators, including the U.K.'s NCA. On Aug. 28, the agency announced that as part of its Operation Vivarium - referring to a container used to hold plants or animals such as lizards for study - it had arrested or interviewed six individuals, three of them under the age of 18, who are suspected of using DDoS tools. The NCA also said that it is in the process of visiting about 50 people who appear to have signed up to the Lizard Stresser service - but not yet used it - and warning them that doing so may lead to jail time.
"One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers," says Tony Adams, head of investigations for the NCA's National Cyber Crime Unit.
Meanwhile, security experts say they see no lasting effects from Lizard Squad's NCA site disruption. "You need about as much skill to mount a DDoS as you do to hurl a brick through someone's window," says Paul Ducklin, head of technology in the Asia-Pacific region for security firm Sophos, in a blog post.
Furthermore, he says that despite the provocation, the attackers may be guilty of overconfidence. "Lizard Squad's operational security ... has been found lacking in the past, with numerous alleged members busted and even a breach against the ... Lizard Stresser service," he says. "Taunting the NCA like this might turn out to be a mistake, give that cybercrooks often turn out to be a lot less anonymous than they first thought."