National Crime Agency website briefly down after hackers launch DDoS attack

The National Crime Agency (NCA), considered to be the UK's version of the FBI, was hit by hackers. The public-facing website of the NCA was briefly taken offline after a DDoS attack on 9 November, according to reports. At the time of writing, the website appeared to be struggling to remain online as several attempts to access it saw it intermittently going offline.

An NCA spokesperson claimed the agency's site was "an attractive target" and that targeted "attacks on it are a fact of life", the Register reported. He confirmed that the attack did not cause a security breach, deeming DDoS a "blunt form of attack which takes volume and not skill."

"It isn't a security breach, and it doesn't affect our operational capability. At worst it is a temporary inconvenience to users of our website", the agency added.

The agency also said it had "a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly." This indicates that the NCA may not be employing additional DDoS prevention services due to limited financing for its website security.

"The measures we have in place at present mean that our site is generally up and running again within 30 minutes, and we think that's proportionate," the agency concluded.

There is no indication yet of when the attack may have begun or what measures the NCA takes when under attack. It is also unclear as to the identity, location and motivation of the hackers.

The alarming rise and propensity of DDoS attacks, especially with the leveraging of vulnerable IoT devices, has caused widespread concern among the infosec community. The recent massive US internet outage, caused by the now-proliferate Mirai botnet has brought to light the effectiveness of DDoS attacks as a tool as well as shed light on the dangers of vulnerable IoT devices.

Recently, hackers have extensively leveraged the Mirai botnet in launching DDoS attacks against various targets. From targeting the websites of US president-elect Donald Trump and former Democrat presidential candidate Hillary Clinton, to taking the entire nation of Liberia offline, Mirai has had a primary role in numerous attacks. It is unclear if the attack against the NCA site also leveraged the Mirai botnet.