Cyber Incident Victim: Greater Manchester Police
Date:
Sep 2015
Location:
United Kingdom
Summary
The Greater Manchester Police website experienced two distributed denial-of-service (DDoS) attacks, causing it to be offline for approximately two hours. After initially restoring service following a suspected technical glitch, the site became unavailable again, prompting an individual claiming Lithuanian affiliation to take responsibility via Twitter under the alias "Prince" and threaten continued disruption. The police did not express significant concern over the threat, while a cybersecurity expert highlighted the incident as indicative of escalating digital threats facing organizations reliant on online public engagement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 3, 2015, Greater Manchester Police's website, known as "the Force," experienced two distributed denial-of-service (DDoS) attacks that rendered it inaccessible for approximately two hours. The first incident initially appeared to be a technical malfunction, with routine checks failing to identify malicious activity. After restoring service, the website became unavailable a second time within a short period. During this second outage, an individual using the Twitter handle "Prince"—displaying an avatar resembling a distorted version of the Fairly OddParents' Timmy character—claimed responsibility for the disruption. The attacker, self-identifying as Lithuanian, tweeted: "[sic] I think these problems responsible was me :)" and issued a threat demanding public acknowledgment: "Disclose out there that I was the one who knocked your site or I will not stop here."
The attacks exclusively disrupted public access to the police force's primary website, with no indication of data compromise or infiltration of internal systems. Greater Manchester Police confirmed the incidents stemmed from external DDoS activity but did not describe specific technical countermeasures beyond restoring functionality after each outage. Official statements characterized the disruption as a temporary service interruption without elaborating on operational impacts beyond the two-hour downtime. The force publicly dismissed the attacker's threat, maintaining an outwardly unconcerned posture despite the explicit warning of continued attacks. No follow-up incidents or additional communications from the perpetrator were documented in the available reporting following the restoration of services.