Cyber Incident Victim: National Crime Agency
Date:
Nov 2016
Location:
United Kingdom
Summary
The UK's National Crime Agency experienced a distributed denial-of-service (DDoS) attack targeting its public website, described by the organization as a routine occurrence given its status as an attractive target. The agency characterized the incident as a blunt, low-skill attack causing temporary website disruption rather than a security breach, emphasizing no impact on operational capabilities. Mitigation measures restored access within approximately 30 minutes, with officials justifying this response as proportionate given the need to balance public accessibility against the potentially limitless scaling of such attacks and associated defensive costs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2016, the UK National Crime Agency (NCA) experienced a Distributed Denial of Service (DDoS) attack targeting its public-facing website, causing temporary disruption to its online accessibility. The NCA acknowledged the incident publicly, characterizing such attacks as routine due to the agency’s status as "an attractive target" for malicious actors. Agency representatives emphasized that the attack did not constitute a security breach or compromise of sensitive data, nor did it impair the NCA’s operational capabilities to conduct law enforcement activities. They described DDoS attacks as a "blunt form of attack" requiring high traffic volume rather than technical sophistication, minimizing the incident’s significance beyond causing intermittent website unavailability. The NCA framed the disruption as a "temporary inconvenience" affecting only public access to informational web content, with no reported collateral damage to internal systems or investigative functions.
The agency disclosed it maintained pre-existing DDoS mitigation measures designed to restore normal website operations within approximately 30 minutes of attack onset, though specific technical defenses were not detailed. NCA leadership justified this response strategy by citing the need to balance public accessibility against the potentially unlimited costs of countering scalable DDoS threats, implying a cost-benefit analysis guided their cybersecurity resource allocation. No threat actor group claimed responsibility, and the NCA did not speculate about attacker identities or motivations. Internal assessments concluded the operational impact was negligible, reinforcing the position that investing disproportionately in enhanced DDoS protection was unwarranted given the transient nature of the disruptions. The incident underscored the NCA’s expectation of frequent attacks against its digital infrastructure while highlighting its prioritization of maintaining core law enforcement functions over guaranteeing uninterrupted public web access.