The official website of the British royal family has been the subject of a DDoS attack (Distributed Denial of Service) on the morning of Sunday 1 October.
There were some who carried out this attack pro-Russian hacktivistsknown by the name of Killnet. The operation compromised accessibility to the royal.uk website for around 90 minutes, which was followed by the hackers claiming responsibility via Telegram.
According to security experts, this statement is quite credible: the type of attack, in fact, falls within KillNet’s modus operandi, according to Eli NussbaumCEO of Conversant Group. In fact, the attack on the royal family’s website did not cause any major inconvenience but, on a propaganda level, it is certainly a case destined to be talked about.
As Nussabaum states “Their activities are designed to draw attention to their political cause (in this case, support for Russia in the Russia/Ukraine conflict), broaden the battlefield, and likely shift popular support among Ukraine’s allies“.
Sunday’s attack came with perfect timing, occurring just 10 days after King Charles he had introduced himself to the Luxembourg Palaceheadquarters of French Senateand had condemned the Russian invasion of Ukraine.
British royal family website under siege: sensational but not unexpected attack
In April, the National Cyber Security Centre of the United Kingdom warned against Russian hacking groups aligned with its government. In fact, these are considered as potential bringers of chaos in Great Britain.
In this regard, it was already declared then as “While these groups’ cyber activity often focuses on DDoS attacks, website defacements, and/or the spread of disinformation, some have expressed a desire to achieve a more disruptive and destructive impact against the West’s critical national infrastructure“.
The ease with which a group of cybercriminals blocked such an important and visible government site only further highlights the difficulties of institutions in the digital context.
In addition to classic IT protections, Nussbaum wanted to make his own suggestion “Defending against DDoS attacks requires protecting domain name servers and the actual workloads (protocols and resources). Additionally, ensuring systems are scalable to support amplified loads can mitigate the impact of an attack“.