Police Lose National High-Tech Crime Unit Website

Barence writes "The UK police have embarrassingly lost control of the National High-Tech Crime Unit (NHTCU) website. PC Pro reports the police have sloppily let the domain registration lapse, and it has now been picked up by an opportunistic German owner. The NHTCU was disbanded two years ago, but sites such as the BBC were still linking to the website as recently as July, making it a prime target for malware writers or phishing attacks."

Can't admit a mistake?

[bigtallmofo (695287)]

SOCA remains entirely unrepentant for the lapse. "SOCA is aware that registration of the domain www.nhtcu.org has lapsed and is taking the necessary steps to remind partners and stakeholders that the NHTCU became SOCA e-crime in April 2006

I guess admitting that they goofed by letting the domain accidentally lapse would be too much. Instead they have to pretend like the domain is worthless since they changed their name two years ago.

With that reasoning, I guess AT&T can just let "cingular.com" lapse even though I still type that in every time I go to pay my AT&T wireless bill.

Re:Can't admit a mistake?

[ChowRiit (939581)]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid: after all, such a domain is an even more prime target for phishing and the like. Where's the slashdot cynicism?

Cynicism is powerless against laziness!

[bigtallmofo (695287)]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid

I'm quite sure that AT&T is just that stupid. However, I'm too lazy to do anything about it.

Re:Can't admit a mistake?

[BountyX (1227176)]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

Re:Can't admit a mistake?

[russotto (537200)]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

You're welcome. I've noticed a distinct improvement in service and drop in price since you took over from the real AT&T.

Re:

[jellomizer (103300)]

Well normally they can do a transisition period over a few years. So when paying your bills they first may switch it so cingular.com redirects to att.com then after a while makeing it more annoying to use. Bug screens please wait if this doesn't load click here...

Overtime the *Goodwill value of cingular will depreate to a point where it is not worth it to keep the domain name.

*Goodwill is an accounting term where value is placed on an aquired companies name and reputation.

Re:Can't admit a mistake?

[jellomizer (103300)]

Oh a domain name costs more then that. You may pay $10.00 a year for it. But for a company to keep track of it. Deal with customers who call ATT looking for Cingular and not willing to accecpt Cingular was bought out. Having keeping records of its expiration and renew it at the right time. Having to keep it uptodate with new links recreate configurations for that name when servers change...

It could cost a total of $50.00 - $1,000 a year for the domain name.

Just like the $900 toilet seat from the government. It wasn't the cost of the device but the red tape it took to get it approved and logged correctly.

Re:

[sm62704 (957197)]

Indeed! Even an amateur like I was back in 2000, when I bought TheFragfest.com (long since defunct) knew to have a message on the old "URL from hell" as Flamethrower called it to the effect of "the Fragfest has moved to hXXp://www.TheFragfest.com. Please update your bookmarks.

Damn slashdot's auto-linking URLs; I don't want to link to that old site! I think it's a porn site now; I let it lapse when I got tired of it. It was just a hobby, and my employer had me webmastering their site making it a lot less fun

Re:

[Korin43 (881732)]

Those "this page has moved" pages are annoying. Why not use a 301 Permenently Moved Error and have the browser do the work for you?

Re:

[sm62704 (957197)]

It's simple enough to have a "this page has moved" with a redirect after fifteen seconds. What's annoying about that?

Goatse image posted to the NHTCU website in...

[by Anonymous Coward]

3...2...1...

Re:

[Daimanta (1140543)]

More like big ass ads site. If he does this succesfully, he will rake in millions.

Re:

[Daimanta (1140543)]

Ahhh, braincrash.

Please add "of cents" or "of customers" to the end of the sentence in your mind please.

Keep domain names, phone #s, for 5 years

[davidwr (791652)]

If you are a business, it pays to keep control of names and phone numbers for 5 years after you stop using them.

In the case of web sites, a few months with a nice "this web site has changed" message followed by a few months of an automated redirect, followed by several years of no DNS entry.

Why does everything need its own domain name?

[Ed Avis (5917)]

This illustrates why it's not always a good idea for every sub-organization, project and campaign to use its own top-level domain name. If the unit was part of the British government, surely a domain underneath .gov.uk would have been appropriate? Then you need not pay any fees to register it (except perhaps from one part of the government to another) and it can never be taken over by spammers.

Re:

[AndyST (910890)]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Re:

[xaxa (988988)]

The organisation that took over the NHTCU, the Serious Organised Crimes Agency, has a .gov.uk: http://www.soca.gov.uk/ [soca.gov.uk]

I think we're used to seeing .gov.uk domains in the UK -- especially from local government. I don't think it's a problem.

Re:

[fbjon (692006)]

But why the name change? And where is the Casual Organised Crimes Agency, COCA?

Re:

[Richard W.M. Jones (591125)]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Yeah, but it was a .org we're talking about. My email address is a .org and people still stare at me blankly like "what's this thing he's talking about that doesn't end in hotmail.com".

Rich.

Re:Why does everything need its own domain name?

[2names (531755)]

Anyone else catch the irony of the parent going off on a DNS rant and then misusing "TLD" in said rant?

Re:

[Culture20 (968837)]

No, I was focused on the obvious differences between www.unit.gov.uk and www.unit.com. One's an obvious UK government site, the other is probably a site where enL4r6e|\/|3N+$ are sold.

Re:

[2names (531755)]

HA! Good one! You owe me one keyboard, though, as mine is now covered with delicious Mountain Dew® and Jimmy John's© sandwich remnants.

Mountain Dew® is a registered trademark of Pepsico, INC.
Jimmy John's: ©2007 Jimmy John's Franchise, LLC All rights reserved.

Re:

[j79zlr (930600)]

That is one old sammich you got there!

Re:

[camperdave (969942)]

No, I was too busy reminiscing about old Doctor Who episodes and idly musing if UNIT actually existed.

Re:

[ikkonoishi (674762)]

Customer types "unit" into their urlbar. Browser goes "WTF?" and adds "www." and ".com" to the url to make it valid. Customer is sent to phishing site. Customer enters the information the website asks for to pay the bill. Phisher takes all of customer's money. Customer blames government for not protecting him properly.

Re:

[kdemetter (965669)]

You didn't continue :

Costumer learns that not verifying the domain is stupid . Customers will hopefully not make the same mistake again.

Costumer has no one to blame but himself .

Re:

[PPH (736903)]

Think about all the clueless users who just type ACME into their browser and expect it to autocomplete www.ACME.com.

Re:

[Minwee (522556)]

...and it can never be taken over by spammers.

However, every few years it is guaranteed to be taken over by a new bunch of idiots.

Re:

[clone53421 (1310749)]

So you register as NHTCU.gov.uk... you still have to figure out a way to combat the phishers or trolls who register NHTCU.org. Otherwise people get confused and it makes you seem incompetent.

What's the big deal?

[VdG (633317)]

Since it's my taxes that pay for it, I'm quite happy to see the registration lapse. This is a bit of a non-story and wouldn't be an issue if other people kept their links up-to-date.

Re:

[TubeSteak (669689)]

Step 1: Buy up lapsed, popular domain names
Step 2: Sell ads, farm out malware, ???
Step 3: Profit

Re:

[Z00L00K (682162)]

Nothing new there...

Re:

[Raedwald (567500)]

Acquiring the domain name would be a phisher's dream. If someone recalled that there was such an organisation as the NHTCU, and were unaware that the organisation no longer existed, they would be inclined to believe anything they read there. Including instructions to download and install a "critical security fix".

Bear in mind that malware producers can be frighteningly sophisticated [theregister.co.uk].

Re:What's the big deal?

[Ed Avis (5917)]

Why should you have to keep your links 'up to date'? They chose the domain name and the web address; nobody forced them to pick the one they did. It's the webmaster's responsibility to pick addresses that others can rely on. See Cool URIs don't change [w3.org].

After all, what makes more sense: a single webmaster maintaining a logical address which you can always use to get the right information, or thousands of websites all over the net scrambling to 'update' their links at exactly the right moment?

Re:

[mpcooke3 (306161)]

What a load of rubbish.

The amount of money spent on having to give an official response and deal with the PR consequences of the domain lapse would have covered the cost of renewing the domain for another couple of centuries.

People don't expect government websites URLs to lapse every few years and there is not even an industry standard way of updating or notifying all linking sites of the domain change.

Re:

[quacking duck (607555)]

Not to mention any links contained in PDFs or printed material. Good luck changing those.

That $12 saving sure will help the budget

[Nicolas MONNET (4727)]

Here's how a genius like yourself could save plenty of money in a similarly creative way:
* Unmount seat belts and airbags in your car, and sell them at the flea market
* Forego those expensive vaccinations and malaria medications next time you go near the tropics
* Cancel all those useless insurance policies

Come to think of it, sounds a lot like Republican economic policies.

Re:

[Blakey Rat (99501)]

The link-ee is responsible for keeping the same content at the same URL, not the link-er. It couldn't possibly work any other way.

The government in this case farked-up. They could easily have used a few redirects to make sure their links still worked correctly, at least they could have if they were competent at keeping a domain name registered.

Misleading Title

[by Anonymous Coward]

The title's a bit misleading considering the organization is now defunct anyway.

The spokesman is Graham Cluley?

[Intron (870560)]

Nuh-uh.

A Waste

[nathan.fulton (1160807)]

The guy who owns it now is running a blog that looks like it was written by a cheap copywriter. I think I'm going to email him about acquiring the domain, the site could be used for some hilarious parodies. Its current use, or using it to commit crime, would be a waste of pure gold comedic content. Anyways, the risk looks minimal. I searched for sites linking to nhtcu.com and there aren't that many -- and BBC has already stripped most of its links.

.gov.uk

[Raedwald (567500)]

If they had used a .gov.uk domain, rather than a TLD, would this have happened?

Internet != The Web

[XanC (644172)]

Title should read "Crime Unit Domain", not "Crime Unit Website".

Re:

[blair1q (305137)]

Can you find the website? No, because its domain no longer exists.

What are things you can't find? They're lost.

The website was lost. So was the domain, but that's semantics.

Title is correct.

So what.

[ROBOKATZ (211768)]

If it was disbanded, they should give up the domain name, it is the responsible thing to do.

I don't see how some jokester grabbing up the domain to be funny should be taken as any kind of serious sign of incompetence, as the article implies, especially since the people that worked there, you know, don't work there anymore.

It's just slightly ironic.

Carpe domainum

[spyrochaete (707033)]

This is similar to what a blogger, Long Zheng at the I Started Something blog [istartedsomething.com], did. He was reading a Microsoft security/phishing article which made mention to the fictional website "www.somebadsite.com" [somebadsite.com]. This was an unresolved domain name so he did what any ethical person would do - he purchased it and linked it to his own site.

That's some serious Google link juice right there. I wonder if the links were nofollowed.

P.s., looks like that link has been removed from Microsoft's article.

Shocking!

[k1e0x (1040314)]

What a story.

Lazy bureaucrats failed to do what was required of them.. film at 11.

Re:

[billcopc (196330)]

All the 4-5 letter domains are taken

No kidding, I just bought two of them a few weeks ago.

Wanna give me more than $1000 for yjack.com/org ? Come on, you know you wanna!

Re:

[LifesABeach (234436)]

Just a thought, but I have never called my Unit a "National High Tech Crime"; but on occasion it has been guilty...

Re:

[Andy_R (114137)]

The real issue is that they didn't have the brain to use .gov.uk