back to article Elite UK police agency website downed by Lulzsec

The Serious Organised Crime Agency is facing serious embarrassment this morning - it was forced to take its website offline last night after an attack by LulzSec hackers. The Metropolitan Police is still suffering big computer problems of its own and Soca's website doesn't include operational functions but this is still …

COMMENTS

This topic is closed for new posts.
  1. petur
    FAIL

    DDoS != hacking

    Having your site taken down by a DDoS just means you didn't put in the money and thus infrastructure to handle this. Your site isn't hacked, just not available.

    If that is how they had to bring it down, it means they couldn't hack it? If it is, then this is actually positive news, no?

    1. Anonymous Coward
      Mushroom

      LulzSec != Hackers

      Script kiddies? Some will be, yes.

      Crackers? Yes.

      Criminals? Perhaps.

      Freedom fighters? Depends on your point of view I guess.

      Hackers? No. Not not, not ever.

      This is a tech website, kindly use the term "hacker" only when it is appropriate.

  2. Anonymous Coward
    Happy

    If I had any...

    ... I would put bitcoins on it turning out to be the Bastard in his spare time.

  3. Anonymous Coward
    FAIL

    Hacked?

    A DDOS attack suggests to me that they either couldnt or didnt hack it.

  4. Anonymous Coward
    FAIL

    Why embarrased?

    The website is not part of the operational organisation, it's a public facing site and is hosted externally

    If it were hosted internally that would be a different matter.

    Lulz going after low hanging fruit.

  5. Thomas 4
    IT Angle

    Back when I were a nipper....

    We 'ad to use social engineerin', brute forcin' and all sorts of TCP/IP jiggery-pokery when we were 'acking, unlike these new-fangled kids with their botnets and DDosin'.

    Now get the hell off my server.

  6. Sergiu Panaite
    FAIL

    Really..

    ..they thought it was a good idea to slightly annoy the law enforcement agencies? How clever..

  7. XMAN
    Thumb Down

    Lame

    The only people impressed/amazed by DDoS attacks are non-techies who read the trip made up by major newspapers. Lulzsec are proving themselves to be as lame as Anon.

  8. Tchou
    WTF?

    Not quite.

    "LulzSec has taken down the FBI, the CIA as well as various gaming companies. ®"

    No, they have taken websites offline, wich have probably been made by Average Joe.

  9. ukgnome Silver badge
    Holmes

    SOCA down - no sh#t sherlock

    the lulz are rapdily becoming my fave band of folklore heroes.

    Sure, you will mostly disagree, but you have to applaude anyone who poke an angry bear with a big stick.

    And for those of you who think these folk are criminals, let me put it to you. Losing your house keys is unfortunate but leaving your house unlocked is plain stupidity.

    1. DavCrav Silver badge

      Oh so many things wrong with you

      "And for those of you who think these folk are criminals, let me put it to you. Losing your house keys is unfortunate but leaving your house unlocked is plain stupidity."

      1) Even if your house is unlocked if someone steals from it it is still theft.

      2) It was a DDOS, not a hack. A DDOS is analogous to a group of people standing outside your house stopping you from entering, not breaking in and stealing things.

    2. Thomas 4
      IT Angle

      Um.

      "Sure, you will mostly disagree, but you have to applaude anyone who poke an angry bear with a big stick."

      I could also stick my cock into a mains outlet* but that still wouldn't stop it being a really dumb move.

      *With a suitable adaptor from PC World ofc.

    3. Xander

      Um, no

      Clearly you don't understand the difference between a DDoS and a genuine hack. Their attacks which have actually retrieved data are impressive, and a good way to shame companies that use cleartext password. A DDoS is not like leaving your house unlocked, it's like coming home to find some asshole as nailed planks across the door.

      1. Elmer Phud Silver badge

        Kids?

        The assumption that they are all just a bunch of bored kids is way off the mark or if they are just bored kids then folks should be really worried and not pretend it's just playground pranks.

        A DDoS is more like finding the planks nailed to the door but also discovering how the door is put together, what locks are on the door, does it have a burglar alarm, is there home cctv etc.

        Basically a DDoS can also be used to find out how much work is needed to actually break in.

        But don't let that get in the way of numrous posters who assume it's just a laugh, they are the Sony product addicts who are just sore at being kept away from thier fix for a while.

        Sony ain't laughing (we might be, though)

      2. Anonymous Coward
        Coffee/keyboard

        @Thomas 4

        Thanks for that.

        Boss: WTF is this coffee all over my report!

        BOFH: Sorry Boss, I was reading a story about some bloke sticking his cock in a mains socket.

      3. ukgnome Silver badge
        Go

        Do it,

        But I would still applaude you, but you would get a cheaper adapter from maplins.

        1. Richard Taylor 2 Silver badge
          Facepalm

          but to be fair

          the quality of the interface won't impress

      4. Anonymous Coward
        Gimp

        Mere language symantics

        Hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.

        A web server is part of a secure network. FACT!

        Mere symantics of language are abound here.

        The OED does not even recognise the term hacking.

        So your both right and wrong

      5. MonkeyBot
        Pint

        Re: Um.

        It might be a really dumb move, but I'd cheer you on, film it and put it on youtube.

      6. The Fuzzy Wotnot
        Coat

        @Thomas 4

        I don't know mate, it brought the spark back into my marriage! Spark? Mains? Ah, suit yourselves....

    4. Anonymous Coward
      Thumb Down

      Leaving your house unlocked...

      "And for those of you who think these folk are criminals, let me put it to you. Losing your house keys is unfortunate but leaving your house unlocked is plain stupidity."

      So you are trying to justify it how exactly - leaving your house unlocked is stupid but entering someone elses house / server and stealing information is criminal.

    5. Dave Murray

      Yes they are criminals

      Please feel free to come into my unlocked house. The local Police station is only 5 minutes away and has a nice armed response unit with experience of dealing with terrorists. I'm sure they'd like to meet you.

      1. Anonymous Coward
        Anonymous Coward

        re: Yes they are criminals

        Be careful with your analogy.

        In the UK if your front door is wide open and I walk in, I haven't committed a criminal offence.

    6. John Wilson
      WTF?

      Breaking and entering

      Going in to an unlocked building and stealing someone's property is a crime, no matter how "plainly stupid" an unlocked door is. But this is not what lulzsec are doing: they're breaking in to a house which is locked simply because lulzsec know about a flaw in the lock that the house owner does not know about.

      I know enough about locks to break in to garages, and houses: that doesn't mean that I feel the need to do so.

      LulzSec are criminals. Nothing more, nothing less.

  10. Titus Technophobe
    Thumb Down

    @ukgnome

    Just maybe you should 'get a life', and then reevaluate your folklore heroes?

    Also your analogy of 'leaving the house unlocked', as would apply to this article. So that would be just about anybody foolish enough to think that they might connect a web site to the Internet?

    1. ukgnome Silver badge
      Trollface

      Ooooh Handbags

      Glad for your social commentry.

      I have a life, and it's all good but thank you for your concern.

      Although I do agree, what I should of said is make sure your outward facing portal to the world is robust and secure. But now I'm just knitpicking my own comment.

      1. Graham Marsden
        Headmaster

        @ukgnone

        No, what you should have said is "should have", not should "of".

        PS the word is "nit-picking", not "knitpicking"

  11. Anonymous Coward
    Big Brother

    Great

    Never underestimate the vengeance of a humiliated politician.

  12. Anonymous Coward
    FAIL

    Folklore heroes ?

    As much as I have a healthy distrust of law enforcement agencies, they merely prevented access to a public resource leading to a cost from the public purse.

    All in the name of headlines.

    You say folklore heroes, I say attention seeking media whores.

  13. Anonymous Coward
    WTF?

    @ukgnome = not getting it

    @ukgnome = not getting it

    It was a DDOS - that was the equivalent of thousands of people blocking the entrance to your house and in this case your whole street - i.e. they took the site down to stop it affecting other people hosted there as well.

    If someone is determined enough / has sufficient resources they could probably take almost any site down with a DDOS.

    1. david wilson

      @AC

      >>"It was a DDOS - that was the equivalent of thousands of people blocking the entrance to your house and in this case your whole street - i.e. they took the site down to stop it affecting other people hosted there as well."

      True, though I guess if the website is merely a little public-information front, not the organisation itself, it's a bit more like someone having a crowd of kids blocking the entrance to the shed on their allotment, or to a lock-up garage that they hopefully don't keep anything important in.

      And as for ukgnome's claim that one has to applaud someone who pokes a bear with a stick, I think much of the time I'd give more applause to the bear if it gave them a well-deserved slap in return, and I'd maybe spend some time wondering whether the bear might just take the opportunity to also go after people who haven't done anything wrong.

    2. Anonymous Coward
      Facepalm

      DDOS

      Um.... the right kind of DDOS (udp) won't stop just because you've taken your server off-line, you have to tell your hosting provider to drop inbound traffic to that address because as far as the internet is concerned (in the routing tables and/or DNS), your machine is still there, it is simply not responding (which is, of course, the point)

  14. Paul 172
    FAIL

    btw

    i just asked a mate what lulsec have actualy done that wasnt a DDoS.... apparently some password hashes from poorly-configured webservers and a list of ATM's and their lat/longs...

    Now the ATM one sounds interesting (bank attacks?) until you ask yourself where this could of come from... It'd be a fairly simple "hack" to take apart a TomTom now wouldn't it...

  15. Steven Bloomfield

    Read a bit more...

    If you put a system under high stress, cracks will appear.

    http://www.zdnet.co.uk/news/security-threats/2011/06/14/lulzsec-targets-bethesda-softworks-game-maker-40093100/

  16. Anonymous Coward
    Anonymous Coward

    Silly Children Will Play if They Can Steal The Toys

    If some bunch of silly children stole a JCB and built a pile of dirt round your house to stop access that would be the same as this dummy DDOS attack. In that case there would be little you could do about it. You might be pleased if the neighbours called the police and even more pleased if they could stop paper shuffling, tea drinking or whatever and stopped the children.

    I doubt that few beside other children would find them to be folk heros.

    1. The Fuzzy Wotnot
      Happy

      They're sneaky these super-hackers!

      ATM list? They probably went to some POI site and downloaded them...dun dun dun...with a fake login account ( which one of their mums created for them the day before! ) .

  17. Maxson

    Surely...

    ...LulzSec are just asking for trouble with stuff like this? They really do seem to consider themselves Too big to fall. It will be interesting to see what the final outcome of Lulzsec is, part of me expects some jail sentences.

    1. Anonymous Coward
      Anonymous Coward

      Jail and...

      Jail and, I also suspect, giving up everyone they know in an embarrasingly short amount of time as soon as they realise what sort of time they're looking at.

  18. a cynic writes...
    Black Helicopters

    Guys - we're being overtaken by events

    Do you remember a couple of weeks ago when the name and address of an alleged Anonymous sysadmin came out after a bit of spat in the non-organisation?

    Well the Beeb has just reported the arrest of a 19-year old "suspected hacker" in the same small Essex town.

  19. Cool Hand Luke
    Megaphone

    For the lulz

    A couple of things;

    Doesn't a DDOS attack sometimes act as a distraction to what is really going on? Wasn't that what happened with Sony? They flooded one area and used it to cover their tracks whilst breaking in?

    Also lulzsec are this months wikileaks. Where's all the wikileaks coverage gone? Where are all the supporters of Wikileads in the comments anymore? Yesterdays news that one, just like this will be in a month or two.

  20. Anonymous Coward
    Anonymous Coward

    What do Intelligence Agencies and Eve Online have in common?

    The skill: Target Painting

    Lulzsec seem determined to paint a pretty big bullseye on their arses. Hope reality catches up with them soon.

  21. Steve Evans

    DDOS...

    A DDOS is only slightly higher up the "hacker" scale than the NOTW phone "hackers".

    A DDOS is just flooding a server with more requests than it can handle. If I phone you on your mobile, your home phone and then knock on the door, all at the same time, then I have effectively done exactly the same to you as a person.

    I only put the DDOS above the NOTW because to do it you generally need access to a large collection of machines and internet connections in order to generate the required volume of traffic from a wide range of IPs to make it work.

    A real hack would be getting into things which are locked down and secured (so not mobile voicemails with a default password).

    1. Bryce 2

      Weeeeeeeeeeeell

      "A real hack would be getting into things which are locked down and secured (so not mobile voicemails with a default password)."

      There are more than a few hackers out there that would call this cracking.

  22. Spanners Silver badge
    FAIL

    We will find out who they are when...

    The CIA are not all nice cuddly people. Even a non secure public facing website that (I assume) is not connected to their operations is their turf. Lulz have now stepped into the crosshairs and may be coming to the notice of a group of people they would be better keeping away from.

    We will know who they are after we hear of a group of people who each committed suicide by shooting themselves in the back of the head - twice.

    1. Anonymous Coward
      Megaphone

      Community service for zombies

      "committed suicide by shooting themselves in the back of the head - twice"

      Because they would be so incompetent that they would miss the first time? :-)

      If any good comes out of this, it will be that the plod will take ddosing even more seriously and lean more on ISPs to take action against their moron users that get compromised, but this is a complex issue requiring global cooperation, education some coercion, and the subject of a few PhDs.

      Some angry bears are best not poked with a sharp stick, as it risks innocent lives too.

      The whole fucking net is overrun by selfish criminals happy to mug a bingo hall full of grannies for pennies without regard to the collateral, and these LulzSec kiddies should get a life and use what skills they have to help clean up the litter...

      Disinfecting zombies should be added to community service punishments (if not already)...

  23. Is it me?

    Little Nuisance

    If Lulzsec or Anonymous actually managed to hack a significant government system I might be impressed, but public web sites is just pointless.

    A better analogy than access to your house might be access to the bathroom, not that inconvenient, until you really need to go. These websites hardly have a high volume of traffic, but when they are needed, well, it's the public who suffer, not the organisations involved.

    Would these guys still be your heroes if they took the 999/911 service down.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019