NCA site hit bit Lizard Squad following arrest of six teenagers

Arrest

The National Crime Agency's (NCA) website was knocked offline yesterday in a DDoS attack by Lizard Squad.

While the site is now back online (and was yesterday), an NCA spokesperson told the BBC that the agency is an "easy target."

"DDoS is a blunt form of attack which takes volume and not skill," the spokesperson added, whilst reitterating it hadn't been hacked, just taken offline. "It isn't a security breach, and it doesn't affect our operational capability. At worst, it is a temporary inconvenience to users of our website," the spokerson said.

An NCA statement issued to the Guardian also referred to such attacks as a "fact of life" but claimed the agency had measures in place that meant it would usually be able to recover and be back online in around half-an-hour following such issues.

The Lizard Squad also tweeted 'New weapon coming soon' yesterday and, last week, suggested via Twitter it would release a free version of Lizard Stresser to make it more widely available in the wake of the NCA raids.

The DDoS attack follows news that British Police had arrested six people involved in Lizard Stresser DDoS attacks, because the group behind the software used - Lizard Squad - didn't encrypt the details of their users.

Those being investigated range from ages 15 to 18 and all bought software used to hack with Bitcoins. Most of the group - from Huddersfield, Manchester, Milton Keynes, Northampton and Stockport - have now been released on bail.

Security researcher Graham Cluely wrote on the We Live Security blog: "What I think is most notable about these details is that it is teenagers who are instigating denial-of-service attacks, attempting to bring down sites to disrupt businesses and organisations, presumably with mayhem in mind rather than money-making."

Lizard Stresser users may have thought their purchases were anonymous, however the fact these people were arrested shows that the authorities will uncover their identities eventually, according to Cluely. The details were uncovered because the software's creator Lizard Squad stored its users' details in plain text.

The NCA has an additional 50 addresses of those thought to have used the DDoS tool and plans to investigate accordingly, despite the authorities saying they may not have actually used LizardStresser to attack websites.

"Acts of unlawful internet behaviour are seen by many of the average public as not being punishable or very rarely caught," said Mark James, security specialist at ESET.

"It is instances like this that should make those involved step up and understand it is a crime to participate in this type of activity, and your anonymity on the web cannot be guaranteed. It's just a matter of time and resources before you are caught."

LizardStresser was used to take down the Playstation and Xbox Live networks on Christmas Day last year.

This article was originally published on 31/08/15 and was updated on 02/09/15

Maggie Holland

Maggie has been a journalist since 1999, starting her career as an editorial assistant on then-weekly magazine Computing, before working her way up to senior reporter level. In 2006, just weeks before ITPro was launched, Maggie joined Dennis Publishing as a reporter. Having worked her way up to editor of ITPro, she was appointed group editor of CloudPro and ITPro in April 2012. She became the editorial director and took responsibility for ChannelPro, in 2016.

Her areas of particular interest, aside from cloud, include management and C-level issues, the business value of technology, green and environmental issues and careers to name but a few.