Anonymous splinter group claims responsibility for ICO’s failure to “protect the public’s privacy”
The Information Commissioner’s Office (ICO) has confirmed its website has been "disrupted," and suggested that a distributed denial of service (DDoS) attack is to blame.
The website is still offline at the time of writing although the ICO stressed that no sensitive information is held on the site and it was working to get it back online.
"Access to the ICO website has been disrupted over the past few days. We believe this is due to a distributed denial of service attack," a statement read. "The website itself has not been damaged, but people have been unable to access it. We provide a public-facing website which contains no sensitive information."
"We regret this disruption to our service and we are working to try to bring the website back online as soon as possible," the statement added.
Although the ICO could not confirm whether it had suffered a DDoS, an Anonymous splinter group called AnonATeam claimed responsibility for the attack. On a Tumblr page reportedly set up by the group, it says issues with the Leveson Inquiry are to blame for the attack.
"Aside from the Leveson Inquiry failing to address the crimes by the Government, it has also failed to address that 80% of Data Protection breaches crime in the UK are committed by the UK civil service and yet not properly investigated [and the] Information Commissioner lacks independence has repeatedly failed to protect the public’s privacy from hacking or data protection breaches," the group said.
The Leveson Inquiry website was also down for a brief time yesterday but it is not known whether this was due to a DDoS attack. However in an interview with TechWeek Europe the group claimed Leveson and the ICO were legitimate targets. In the same interview the group claimed responsibility for attacks on Home Secretary Theresa May’s website in response to Britain’s extradition laws.
Government websites have often found themselves in the firing line of groups such as Anonymous and LulzSec, loosely-organised groups that aim to bring down websites or access them to get at sensitive data.
Previous victims include the CIA, SOCA, Interpol, the Spanish National Police and the FBI.
"DDoS attacks are becoming a regular occurrence against government websites," said André Stewart, president international at Corero Network Security. "In fact, any organisation, government or enterprise that relies on the Internet to conduct business is a potential target."
"The attackers’ intent often is to slow or bring down a website for the entire world to see. Because of the public nature of such an attack, the victim organisations have to own up to what has happened and, in the case of government entities, explain why it will not or cannot respond effectively," Stewart added. "And these highly public DDoS attacks are increasingly being used as a diversion or smokescreen to launch more surreptitious attacks aimed at stealing data or sensitive information."