The website of the Home Office was out of action for several hours over the Easter weekend after a distributed denial-of-service (DDoS) attack by hacktivists Anonymous.
According to Reuters, homeoffice.gov.uk was out of action for several hours on Saturday night and ...
... into Easter Sunday, with visitors finding the message "page not found".The Home Office said: “The website was the subject of an online protest last night. There is no indication that the site was hacked and other Home Office systems were not affected. Measures put in place to protect the website meant that members of the public were unable to access the site intermittently.”
Anonymous said the group was behind the DDoS attack, and tweets suggested a variety of motives, including Government plans to boost digital surveillance powers and Britain's extradition treaty with the US, particularly in relation to the case of Gary McKinnon.
It said: “Why TANGO DOWN the UK govt? Proposed draconian surveillance measures in combination with continued derogation of civil liberties.”
The messages warned there would be further attacks on Government websites every Saturday.
Elsewhere, the Ministry of Justice told techweekeurope.co.uk that its site was down for around 30 minutes on Saturday evening. “Access was quickly restored and the website is now operating as normal,” a spokesperson said.
Jeremy Nicholls, channel and business development director EMEA at Arbor Networks, said: “As revealed in Arbor Networks' Worldwide Infrastructure Report in February, ideological hacktivism has replaced cyber crime as the main motivation behind DDoS attacks. What we have seen with the emergence of hacktivist groups is the democratisation of DDoS.
“Any business operating online – which means just about any type and size of organisation – can become a target, because of who they are, what they sell or who they partner with. Furthermore, the explosion of inexpensive and readily accessible attack tools is enabling anyone to carry out DDoS attacks. This has profound implications for the threat landscape, risk profile, network architecture and security deployments of internet operators and internet-connected organisations.
“I've seen it stated that there isn't much an institution can do to stop these attacks; and that is simply not the case. Best practice dictates organisations have both on-premise protection as well as cloud-based protection from a service provider.”