Lizard Squad Hackers Take Down National Crime Agency Website

Hackers claiming to be from notorious collective Lizard Squad have taken down the website of the National Crime Agency (NCA), forcing it offline today in a DDoS attack thought to be revenge for the arrest of some of its members last week.

Visitors were unable  to access the site for around an hour this morning, following a tweet by Lizard Squad that included its URL with the caption ‘Stressed Out?’ and a picture of the group’s  lizard mascot (pictured below).

“The NCA website is an attractive target. Attacks on it are a fact of life,” said an NCA spokesman.

“DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability.”

‘Inconvenience’

“At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.”

The attack appears to be in retaliation for the earlier arrest of six British teenagers as part of the NCA’s Operation Vivarium under suspicion of carrying out criminal activities using the DDos Lizard Stresser tool.

The arrests, which involved an 18-year-old from Huddersfield, an 18-year-old from Manchester, a 16-year-old from Northampton and a 15-year-old from Stockport, were part of a ramping up of Operation Vivarium following a number of attacks caused by Lizard Stresser, the NCA said.

Two other 17-year-old suspects, one from Cardiff and one from Northolt in north-west London, were arrested earlier this year as part of the operation, with two other 18-year-olds, one from Manchester and one from Milton Keynes, also were interviewed under caution, according to the agency.

Officers are also visiting around 50 addresses of individuals whose names were listed as customers in the leak of Lizard Stresser user data to deliver warnings.

“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” an NCA statement said.

Lizard Stresser came to public attention shortly after Christmas 2014, when it was used by Lizard Squad to disrupt the Microsoft Xbox Live and Sony Playstation Network online gaming services. In early January the tool was hacked, with users’ identity data published online, and it disappeared shortly afterward, although the group has said it plans a relaunch.

In all, the tool was online for about two months, during which time it was used by more than 176 subscribers to launch more than 15,000 attacks against nearly 4,000 targets, according to a recent study by researchers from George Mason University, UC Berkeley’s International Computer Science Institute and the University of Maryland.

Are you a security pro? Try our quiz!