The Department for Work and Pensions (DWP) has seen its website taken offline thanks to a distributed denial of service (DDoS) attack, which the Anonymous splinter group the ATeam has taken credit for.
The ATeam said the hit was in retaliation against a Channel 4 ‘Dispatches’ report, which discovered almost 1,000 DWP staff were disciplined over a 10-month period from April 2011 to January 2012 for unlawfully or inappropriately accessing social security records. Additionally, the Department of Health admitted there had been 158 reported incidents of unlawful access to medical records throughout last year.
The site was disrupted today and occasionally completely down. “There was some disruption to the website that we have been investigating and working on,” a DWP spokesperson said. “But for the majority of people the website has been working and continues to work normally.”
The ATeam spokesperson, Winston Smith, told TechWeekEurope the group did not want to damage the “symbolic” targets, but wanted to “raise the profile of privacy breaches.” The Information Commissioner’s Office (ICO), which said it was going to investigate the findings of the ‘Dispatches’ report, was another ATeam target this week. The regulator saw its site intermittently taken offline for periods of Tuesday and apologised to users for the disruption.
Winston claimed his own medical records were unlawfully accessed. “I have been a victim,” he said, claiming the information had been tampered with and used against him in a court case in which he was seeking access to his child.
Earlier this week, TechWeekEurope was invited into the ATeam’s Anonymous IRC session during the hit on the ICO. The group revealed it had been using large botnets – one with 10,000 bots, another with 50,000 – to take down various websites, including those belonging to Theresa May and the data protection watchdog. AnonX, one of the DDoS initiators, said he had acquired bots by using malware that people had downloaded without their knowledge. These are known as malicious botnets.
Meanwhile, other members of Anonymous are targeting various Indian government websites as part of its OpIndia campaign. Government departments, two political parties and the nation’s Supreme Court were all targeted. The Indian Department for Electronics and Information Technology was one of the hardest hit.
Copyrightlabs.in, which won an order earlier this year to stop access to file-sharing sites offering copies of Bollywood films, was also targeted and was down at the time of publication.
“We have come to a conclusion that the Indian government has failed. It is time that we all rise and stand up against the corrupt government,” Anonymous said in a YouTube clip promoting OpIndia.
Are you a security enthusiast? Try our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
Winston Smith and the ATeam are not Anonymous.
Their details have been publicly published online.
Alan Edwards the time has come for you to stop now.
If not,
then
EXPECT US
Alan Edwards is not Anonymous he is just someone who want to look like a hero. His details are known. Tech week please check these things out before making him out to be
a hacktavist. He is nothing other than a cancer to anonymous.
Expect us Alan Edwards!
Can't condone the use of hacking or DOS attacks. But the ease at which private data be accessed and misused is worryingly easy and has totally inadequate penalties.
Misuse/leaking of personal data should be a criminal act that carries the penalties similar to the worst cases of hacking - i.e. long prison terms. Make it a real crime with real penalties rather than a gently slap on the wrist.
The exception being for data that is in the 'public interest' - revealing corruption, cover-ups etc - as per Leakapedia.