DDoS Protection , Security Operations

Lizard Squad DDoS Attack Targets UK National Crime Agency

Disruption Appears to be Revenge for DDoS Crackdown
Lizard Squad DDoS Attack Targets UK National Crime Agency

A band of hackers that market a tool designed to launch distributed denial-of-service attacks has targeted the public-facing website of the U.K.'s National Crime Agency. The DDoS attack appears to be a retaliation for the NCA's recent crackdown on DDoS tool users (see U.K. Police Detail DDoS-for-Hire Arrests).

See Also: DNS and the Threat of DDoS

The NCA website disruption occurred Sept. 1 at about 9 a.m. British Time. But the NCA's site appeared to be accessible again just a short time later.

Credit for the attack appeared to be taken by the Lizard Squad hacking gang. "Stressed out?" the group said via Twitter, including an image that the NCA used last week when it announced a crackdown on customers of DDoS disruption services, including Lizard Squad's Lizard Stresser DDoS tool.

The NCA confirmed that its site was being disrupted, but said the attack involved no hacking. "The NCA website is an attractive target. Attacks on it are a fact of life," an NCA spokeswoman tells Information Security Media Group. "DDoS is a blunt form of attack which takes volume and not skill. It isn't a security breach, and it doesn't affect our operational capability."

NCA also notes that while DDoS attacks are a nuisance, it has related countermeasures in place. "At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat, which can scale up endlessly," the NCA spokeswoman says. "The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that's proportionate."

Who Is Lizard Squad?

Lizard Squad has been tied to numerous attacks and disruptions, including a hoax threat via Twitter that triggered an emergency diversion of a plane on which the president of Sony was traveling. The gang also claimed credit for disrupting Sony PlayStation and Microsoft Xbox Live networks on Christmas Day 2014. The group used that disruption to market what was then its new Lizard Stresser tool.

More recently, however, Lizard Stresser has been drawing the attention of investigators, including the U.K.'s NCA. On Aug. 28, the agency announced that as part of its Operation Vivarium - referring to a container used to hold plants or animals such as lizards for study - it had arrested or interviewed six individuals, three of them under the age of 18, who are suspected of using DDoS tools. The NCA also said that it is in the process of visiting about 50 people who appear to have signed up to the Lizard Stresser service - but not yet used it - and warning them that doing so may lead to jail time.

"One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers," says Tony Adams, head of investigations for the NCA's National Cyber Crime Unit.

Meanwhile, security experts say they see no lasting effects from Lizard Squad's NCA site disruption. "You need about as much skill to mount a DDoS as you do to hurl a brick through someone's window," says Paul Ducklin, head of technology in the Asia-Pacific region for security firm Sophos, in a blog post.

Furthermore, he says that despite the provocation, the attackers may be guilty of overconfidence. "Lizard Squad's operational security ... has been found lacking in the past, with numerous alleged members busted and even a breach against the ... Lizard Stresser service," he says. "Taunting the NCA like this might turn out to be a mistake, give that cybercrooks often turn out to be a lot less anonymous than they first thought."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.