AndrÃ© Stewart, president international at Corero Network Security, argues that the Serious Organised Crime Agency should have taken a recent DDoS attack more seriouslyâ€¦
The response by the Serious Organised Crime Agency (SOCA) to the distributed denial of service (DDoS) attack directed at its public website is somewhat disappointing for the nation’s leading anti-crime organisation. The agency’s statement that it does not consider investing in DDoS defence protection “a good use of taxpayers’ money” fails to take into account potentially serious security consequences. Further, it sends the wrong message to cyber criminals at a time when businesses and organisations in the United Kingdom and around the world operate under continuous threat of attack.
The attack against the SOCA website used a network-layer DDoS attack which is a very publicly visible form of cyber crime. The attackers’ intent is to slow or bring down a website for the entire world to see. The victim organisation has to own up to what has happened and, in the case of government entities, explain why it will not or cannot respond effectively.
However, hacktivist groups and criminals frequently use DDoS attacks as a smokescreen to hide more surreptitious intrusions aimed at stealing data. For example, the theft of 77 million customer records from the Sony PlayStation Network was preceded by a severe DDoS attack. In discussing its 2012 Data Breach Investigations Report, Verizon’s Bryan Sartin said that diversionary DDoS attacks are common practice to mask data theft, including many of the breaches by hacktivists which totalled some 100 million stolen records.
This raises the question about SOCA’s approach to securing its networks and the protection of critical information from more sinister, stealth cyber attacks. Criminals want to create diversions and remain unnoticed while they infiltrate deeper into a network and steal data. Most data breaches go undetected for weeks, months, even years in some cases. Can we be confident, based on SOCA’s response to its public website being hit for the second time in less than a year, that it is addressing more critical security risks? The response to the latest incident could undermine confidence in the quality of the agency’s security program. How deep does its estimable high regard for taxpayer money go?
Just last June, the LulzSec group claimed credit for taking SOCA offline with a DDoS attack. One has to wonder if SOCA is truly dismissive of these attacks or simply has been slow to address the issue. Whilst the agency is dismissive of the latest DDoS attack its inability to protect itself nearly a year after the first public attack plants a seed of doubt about the calibre of its security program.
Perhaps most concerning is that SOCA is conceding the initiative to criminals who are attacking the agency directly. Would the police stand by, for example, while some hooligan scrawled graffiti on a local station with the explanation that they had more important things on which to spend time and money? Would the public tolerate that response?
Whilst putting its foot down on spending public funds is commendable, failing to respond to a direct criminal attack on law enforcement’s public face seems an odd place for SOCA to draw a line in the sand.