Police Lose National High-Tech Crime Unit Website

Barence writes "The UK police have embarrassingly lost control of the National High-Tech Crime Unit (NHTCU) website. PC Pro reports the police have sloppily let the domain registration lapse, and it has now been picked up by an opportunistic German owner. The NHTCU was disbanded two years ago, but sites such as the BBC were still linking to the website as recently as July, making it a prime target for malware writers or phishing attacks."

Can't admit a mistake?

[bigtallmofo]

SOCA remains entirely unrepentant for the lapse. "SOCA is aware that registration of the domain www.nhtcu.org has lapsed and is taking the necessary steps to remind partners and stakeholders that the NHTCU became SOCA e-crime in April 2006

I guess admitting that they goofed by letting the domain accidentally lapse would be too much. Instead they have to pretend like the domain is worthless since they changed their name two years ago.

With that reasoning, I guess AT&T can just let "cingular.com" lapse even though I still type that in every time I go to pay my AT&T wireless bill.

Re:Can't admit a mistake?

[ChowRiit]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid: after all, such a domain is an even more prime target for phishing and the like. Where's the slashdot cynicism?

Cynicism is powerless against laziness!

[bigtallmofo]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid

I'm quite sure that AT&T is just that stupid. However, I'm too lazy to do anything about it.

Re:Can't admit a mistake?

[BountyX]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

Re:Can't admit a mistake?

[russotto]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

You're welcome. I've noticed a distinct improvement in service and drop in price since you took over from the real AT&T.

Re:

[jellomizer]

Well normally they can do a transisition period over a few years. So when paying your bills they first may switch it so cingular.com redirects to att.com then after a while makeing it more annoying to use. Bug screens please wait if this doesn't load click here...

Overtime the *Goodwill value of cingular will depreate to a point where it is not worth it to keep the domain name.

*Goodwill is an accounting term where value is placed on an aquired companies name and reputation.

Re:Can't admit a mistake?

[jellomizer]

Oh a domain name costs more then that. You may pay $10.00 a year for it. But for a company to keep track of it. Deal with customers who call ATT looking for Cingular and not willing to accecpt Cingular was bought out. Having keeping records of its expiration and renew it at the right time. Having to keep it uptodate with new links recreate configurations for that name when servers change...

It could cost a total of $50.00 - $1,000 a year for the domain name.

Just like the $900 toilet seat from the government. It wasn't the cost of the device but the red tape it took to get it approved and logged correctly.

Re:

[neonsignal]

agreed, but how much does it cost in damage control if the old domain starts being used by a competitor, spammers, or criminals? I suspect more than $1000 a year.

Re:

[sm62704]

Indeed! Even an amateur like I was back in 2000, when I bought TheFragfest.com (long since defunct) knew to have a message on the old "URL from hell" as Flamethrower called it to the effect of "the Fragfest has moved to hXXp://www.TheFragfest.com. Please update your bookmarks.

Damn slashdot's auto-linking URLs; I don't want to link to that old site! I think it's a porn site now; I let it lapse when I got tired of it. It was just a hobby, and my employer had me webmastering their site making it a lot less fun

Re:

[Korin43]

Those "this page has moved" pages are annoying. Why not use a 301 Permenently Moved Error and have the browser do the work for you?

Re:

[sm62704]

It's simple enough to have a "this page has moved" with a redirect after fifteen seconds. What's annoying about that?

Re:

[ptlis]

It only works for user agents that handle JavaScript (which includes the major search engine spiders); the 301 redirect method on the other hand has been part of http specification [w3.org] from the beginning and is (anecdotally speaking) supported by just about every http client.

Re:

[Kalriath]

JavaScript? You're doing it wrong.

<meta http-equiv="refresh" content="15;url=...">

Re:

[sm62704]

That's how I used to do it. IMO one should learn HTML thoroughly before learning javascript, for just that reason.

<html>
<head>
<meta http-equiv="refresh" content="15;url="http://www.slashdot.org">
</head>
<body>
We are sorry for the inconvienience, but we have moved to <a href="http://www.slashdot.org>slashdot.org</a>. Please update your bookmarks.

Your browser will now. redirect to the new URL.
</body>
</html>

Actually mine was a tad bit bigger; I made it look

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[sm62704]

That's why you add a link. If you redirect immediately you might as well not bother.

Re:

[magus_melchior]

It's customary for every government to delay, distract, and blame others before they ever accept that they are just as human as the rest of us. Even though they claim to be enlightened democratic republics, the aura of respect that they feel they must maintain and defend dates back to ancient monarchies.

Really, though, it's a defense against political enemies. If a Democrat-led office in the US screwed up like this and admitted their error, the Republicans would be all over them like Nelson Muntz, pointing

Re:

[LifesABeach]

Just a thought, but I have never called my Unit a "National High Tech Crime"; but on occasion it has been guilty...

Goatse image posted to the NHTCU website in...

[Anonymous Coward]

3...2...1...

Re:

[Daimanta]

More like big ass ads site. If he does this succesfully, he will rake in millions.

Re:

[Daimanta]

Ahhh, braincrash.

Please add "of cents" or "of customers" to the end of the sentence in your mind please.

Re:

[gnick]

Please add "of cents" or "of customers" to the end of the sentence in your mind please.

I don't know how you knew what sentence was in my mind, but tacking on those phrases made it no more coherent.

Keep domain names, phone #s, for 5 years

[davidwr]

If you are a business, it pays to keep control of names and phone numbers for 5 years after you stop using them.

In the case of web sites, a few months with a nice "this web site has changed" message followed by a few months of an automated redirect, followed by several years of no DNS entry.

Woops

[gailrob]

All your Domain are belong to us!

This is nothing new... watch your intellectual property or lose it to someone who is.

Why does everything need its own domain name?

[Ed Avis]

This illustrates why it's not always a good idea for every sub-organization, project and campaign to use its own top-level domain name. If the unit was part of the British government, surely a domain underneath .gov.uk would have been appropriate? Then you need not pay any fees to register it (except perhaps from one part of the government to another) and it can never be taken over by spammers.

Re:

[AndyST]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Re:

[Ed Avis]

I don't understand what you mean. If someone knows nothing about DNS, they will be just as happy with www.unit.gov.uk as with www.unit.com. If someone does know what DNS is and how it works (a minority, surely), they won't mind either. Is there some in-between population of cluebies who check the web address of every link and won't use it unless it has its own TLD?

Re:Why does everything need its own domain name?

[2names]

Anyone else catch the irony of the parent going off on a DNS rant and then misusing "TLD" in said rant?

Re:

[Culture20]

No, I was focused on the obvious differences between www.unit.gov.uk and www.unit.com. One's an obvious UK government site, the other is probably a site where enL4r6e|\/|3N+$ are sold.

Re:

[2names]

HA! Good one! You owe me one keyboard, though, as mine is now covered with delicious Mountain Dew® and Jimmy John's© sandwich remnants.

Mountain Dew® is a registered trademark of Pepsico, INC.
Jimmy John's: ©2007 Jimmy John's Franchise, LLC All rights reserved.

Re:

[j79zlr]

That is one old sammich you got there!

Re:

[camperdave]

No, I was too busy reminiscing about old Doctor Who episodes and idly musing if UNIT actually existed.

Re:

[gnick]

Sorry, UNIT hasn't been seen lately. All we've got now is Torchwood.

Re:

[camperdave]

Perhaps you've not seen some of the recent episodes in season 4. Martha Jones is part of UNIT now.

Re:

[daveime]

Until the Supreme Dalek commanded "annihilate UNIT".

UNIT has the Valiant, a flying airport ... Torchwood has 3 Welsh gits in a basement and a bisexual captain in a trenchcoat ... there's just no comparison.

Re:

[ikkonoishi]

Customer types "unit" into their urlbar. Browser goes "WTF?" and adds "www." and ".com" to the url to make it valid. Customer is sent to phishing site. Customer enters the information the website asks for to pay the bill. Phisher takes all of customer's money. Customer blames government for not protecting him properly.

Re:

[kdemetter]

You didn't continue :

Costumer learns that not verifying the domain is stupid . Customers will hopefully not make the same mistake again.

Costumer has no one to blame but himself .

Re:

[PPH]

Think about all the clueless users who just type ACME into their browser and expect it to autocomplete www.ACME.com.

Re:

[gnick]

It gets worse. I used to watch the incoming google searches on their site just out of curiosity. Every once in a while I'd see somebody search google for "http://www.cnn.com" or similar.

Oof.

Re:

[xaxa]

The organisation that took over the NHTCU, the Serious Organised Crimes Agency, has a .gov.uk: http://www.soca.gov.uk/ [soca.gov.uk]

I think we're used to seeing .gov.uk domains in the UK -- especially from local government. I don't think it's a problem.

Re:

[fbjon]

But why the name change? And where is the Casual Organised Crimes Agency, COCA?

Re:

[Richard W.M. Jones]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Yeah, but it was a .org we're talking about. My email address is a .org and people still stare at me blankly like "what's this thing he's talking about that doesn't end in hotmail.com".

Rich.

Re:

[Minwee]

...and it can never be taken over by spammers.

However, every few years it is guaranteed to be taken over by a new bunch of idiots.

Re:

[clone53421]

So you register as NHTCU.gov.uk... you still have to figure out a way to combat the phishers or trolls who register NHTCU.org. Otherwise people get confused and it makes you seem incompetent.

Re:

[Hieronymus Howard]

There is a police.uk domain, so they really ought to be using that.

What's the big deal?

[VdG]

Since it's my taxes that pay for it, I'm quite happy to see the registration lapse. This is a bit of a non-story and wouldn't be an issue if other people kept their links up-to-date.

Re:

[TXISDude]

What's the big deal . . . try basic competence in communications101? My defense strategy 1) commit crime 2) change name - be sure to tell all my friends I am no long John Doe, I am now John Smith 3) when confronted, tell the authorities - hey, that isn't me - I'm John Smith . . . now Changing your name in a reorganization does not resolve problems of aliases, references (OK, update your links, but how about old news stories, etc - can't update what has already been written . . .) You may appreciate not

Re:

[TubeSteak]

Step 1: Buy up lapsed, popular domain names
Step 2: Sell ads, farm out malware, ???
Step 3: Profit

Re:

[Z00L00K]

Nothing new there...

Re:

[Raedwald]

Acquiring the domain name would be a phisher's dream. If someone recalled that there was such an organisation as the NHTCU, and were unaware that the organisation no longer existed, they would be inclined to believe anything they read there. Including instructions to download and install a "critical security fix".

Bear in mind that malware producers can be frighteningly sophisticated [theregister.co.uk].

Re:What's the big deal?

[Ed Avis]

Why should you have to keep your links 'up to date'? They chose the domain name and the web address; nobody forced them to pick the one they did. It's the webmaster's responsibility to pick addresses that others can rely on. See Cool URIs don't change [w3.org].

After all, what makes more sense: a single webmaster maintaining a logical address which you can always use to get the right information, or thousands of websites all over the net scrambling to 'update' their links at exactly the right moment?

Re:

[mpcooke3]

What a load of rubbish.

The amount of money spent on having to give an official response and deal with the PR consequences of the domain lapse would have covered the cost of renewing the domain for another couple of centuries.

People don't expect government websites URLs to lapse every few years and there is not even an industry standard way of updating or notifying all linking sites of the domain change.

Re:

[quacking duck]

Not to mention any links contained in PDFs or printed material. Good luck changing those.

That $12 saving sure will help the budget

[Nicolas MONNET]

Here's how a genius like yourself could save plenty of money in a similarly creative way:
* Unmount seat belts and airbags in your car, and sell them at the flea market
* Forego those expensive vaccinations and malaria medications next time you go near the tropics
* Cancel all those useless insurance policies

Come to think of it, sounds a lot like Republican economic policies.

Re:

[Blakey Rat]

The link-ee is responsible for keeping the same content at the same URL, not the link-er. It couldn't possibly work any other way.

The government in this case farked-up. They could easily have used a few redirects to make sure their links still worked correctly, at least they could have if they were competent at keeping a domain name registered.

Soon to be NHTCU Spam

[Rayeth]

Protect yourself from Phishing emails by visiting www.NHTCU.org and giving us all of your information. We're a High Tech Crime Unit! We would never misused your information, honest.

so...

[halfEvilTech]

I guess I could sell it back to them for the 'right' price

Misleading Title

[Anonymous Coward]

The title's a bit misleading considering the organization is now defunct anyway.

Re:

[PawNtheSandman]

Not defunct, they just changed their name.

The spokesman is Graham Cluley?

[Intron]

Nuh-uh.

Why?

[Anonymous Coward]

Why exactly is this their responsibility? It's not their fault that other Web sites are linking to a now-defunct organization. Do they have to keep and maintain the domain forever just because a bunch of other people might not revise their links?

A Waste

[nathan.fulton]

The guy who owns it now is running a blog that looks like it was written by a cheap copywriter. I think I'm going to email him about acquiring the domain, the site could be used for some hilarious parodies. Its current use, or using it to commit crime, would be a waste of pure gold comedic content. Anyways, the risk looks minimal. I searched for sites linking to nhtcu.com and there aren't that many -- and BBC has already stripped most of its links.

How is it that Cluely has a clue, and...

[davidsyes]

the coppers are clueless... Maybe it's all in a name, since Graham has more than a gram of sense, and pounds of cents...

(Sorry, I'm not English, so I can't whip out one of those zany/apropos remarks for which they can be SMASHING FAMOUS...)

But, it seems one of the coppers may be caught flatfooted, and be feeling soooo.... busted...

Re:

[PawNtheSandman]

Your jokes are pants.

Re:

[davidsyes]

No, they're SKIRTS, or shorts...

Re:

[billcopc]

All the 4-5 letter domains are taken

No kidding, I just bought two of them a few weeks ago.

Wanna give me more than $1000 for yjack.com/org ? Come on, you know you wanna!

.gov.uk

[Raedwald]

If they had used a .gov.uk domain, rather than a TLD, would this have happened?

Internet != The Web

[XanC]

Title should read "Crime Unit Domain", not "Crime Unit Website".

Re:

[blair1q]

Can you find the website? No, because its domain no longer exists.

What are things you can't find? They're lost.

The website was lost. So was the domain, but that's semantics.

Title is correct.

Re:

[thbigr]

Dude, what is wrong with you. Thits lice corecting somones speling in a roply.

Re:

[nickswitzer]

That's what I was thinking. I originally thought that it was an "up-to-date" used that the police were using for their high tech crime unit organization. The title totally threw me off. Would have been actual "news" if someone had actually taken the site from them.

So what.

[ROBOKATZ]

If it was disbanded, they should give up the domain name, it is the responsible thing to do.

I don't see how some jokester grabbing up the domain to be funny should be taken as any kind of serious sign of incompetence, as the article implies, especially since the people that worked there, you know, don't work there anymore.

It's just slightly ironic.

Renew 10 years at once

[ilovesymbian]

Don't they have the brain to renew it on a long-term basis and have alerts sent a few months before expiry?

A fool and his domain name are easily separated.

Re:

[Andy_R]

The real issue is that they didn't have the brain to use .gov.uk

Carpe domainum

[spyrochaete]

This is similar to what a blogger, Long Zheng at the I Started Something blog [istartedsomething.com], did. He was reading a Microsoft security/phishing article which made mention to the fictional website "www.somebadsite.com" [somebadsite.com]. This was an unresolved domain name so he did what any ethical person would do - he purchased it and linked it to his own site.

That's some serious Google link juice right there. I wonder if the links were nofollowed.

P.s., looks like that link has been removed from Microsoft's article.

Re:

[phorm]

Didn't a similar thing happen with movies/books mentioning domains that didn't exist, and a few smart people capitalizing on that and registering the domains?

Maybe movies/books/articles need a good extension for domains, like 555-xxxx is for phone numbers.

How about .dni (does not exist) or .nex (nonexistent)?

Shocking!

[k1e0x]

What a story.

Lazy bureaucrats failed to do what was required of them.. film at 11.

Queue up Nelson Muntz...

[actionbastard]

in 3 - 2 - 1...

Ha - Ha!