Police Lose National High-Tech Crime Unit Website

Barence writes "The UK police have embarrassingly lost control of the National High-Tech Crime Unit (NHTCU) website. PC Pro reports the police have sloppily let the domain registration lapse, and it has now been picked up by an opportunistic German owner. The NHTCU was disbanded two years ago, but sites such as the BBC were still linking to the website as recently as July, making it a prime target for malware writers or phishing attacks."

Can't admit a mistake?

[bigtallmofo]

SOCA remains entirely unrepentant for the lapse. "SOCA is aware that registration of the domain www.nhtcu.org has lapsed and is taking the necessary steps to remind partners and stakeholders that the NHTCU became SOCA e-crime in April 2006

I guess admitting that they goofed by letting the domain accidentally lapse would be too much. Instead they have to pretend like the domain is worthless since they changed their name two years ago.

With that reasoning, I guess AT&T can just let "cingular.com" lapse even though I still type that in every time I go to pay my AT&T wireless bill.

Re:Can't admit a mistake?

[ChowRiit]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid: after all, such a domain is an even more prime target for phishing and the like. Where's the slashdot cynicism?

Re:Can't admit a mistake?

[BountyX]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

Re:Can't admit a mistake?

[jellomizer]

Well normally they can do a transisition period over a few years. So when paying your bills they first may switch it so cingular.com redirects to att.com then after a while makeing it more annoying to use. Bug screens please wait if this doesn't load click here...

Overtime the *Goodwill value of cingular will depreate to a point where it is not worth it to keep the domain name.

*Goodwill is an accounting term where value is placed on an aquired companies name and reputation.

Re:Can't admit a mistake?

[sm62704]

Indeed! Even an amateur like I was back in 2000, when I bought TheFragfest.com (long since defunct) knew to have a message on the old "URL from hell" as Flamethrower called it to the effect of "the Fragfest has moved to hXXp://www.TheFragfest.com. Please update your bookmarks.

Damn slashdot's auto-linking URLs; I don't want to link to that old site! I think it's a porn site now; I let it lapse when I got tired of it. It was just a hobby, and my employer had me webmastering their site making it a lot less fun to webmaster my own when I got home.

Shit, did I just verb a noun? Damn I hate it when people do that...

Re:Can't admit a mistake?

[russotto]

Actually...cingular.com lapsed a couple years ago. I bought it. Thank you for your monthly patronage...

You're welcome. I've noticed a distinct improvement in service and drop in price since you took over from the real AT&T.

Re:Can't admit a mistake?

I guess AT&T can just let "cingular.com" lapse even though I still type that in every time I go to pay my AT&T wireless bill.

They would never do that.

--
Typed on a laptop courtesy of bigtallmofo.

Re:Can't admit a mistake?

How is $9.95/year not worth keeping it? Stick a redirect and that's it.

Re:Can't admit a mistake?

[jellomizer]

Oh a domain name costs more then that. You may pay $10.00 a year for it. But for a company to keep track of it. Deal with customers who call ATT looking for Cingular and not willing to accecpt Cingular was bought out. Having keeping records of its expiration and renew it at the right time. Having to keep it uptodate with new links recreate configurations for that name when servers change...

It could cost a total of $50.00 - $1,000 a year for the domain name.

Just like the $900 toilet seat from the government. It wasn't the cost of the device but the red tape it took to get it approved and logged correctly.

Re:Can't admit a mistake?

[Korin43]

Those "this page has moved" pages are annoying. Why not use a 301 Permenently Moved Error and have the browser do the work for you?

Re:Can't admit a mistake?

[sm62704]

It's simple enough to have a "this page has moved" with a redirect after fifteen seconds. What's annoying about that?

Re:Can't admit a mistake?

[ptlis]

It only works for user agents that handle JavaScript (which includes the major search engine spiders); the 301 redirect method on the other hand has been part of http specification from the beginning and is (anecdotally speaking) supported by just about every http client.

Re:Can't admit a mistake?

[Kalriath]

JavaScript? You're doing it wrong.

<meta http-equiv="refresh" content="15;url=...">

Re:Can't admit a mistake?

[neonsignal]

agreed, but how much does it cost in damage control if the old domain starts being used by a competitor, spammers, or criminals? I suspect more than $1000 a year.

Re:Can't admit a mistake?

[digitalchinky]

15 seconds is annoying about that sir.

Re:Can't admit a mistake?

[magus_melchior]

It's customary for every government to delay, distract, and blame others before they ever accept that they are just as human as the rest of us. Even though they claim to be enlightened democratic republics, the aura of respect that they feel they must maintain and defend dates back to ancient monarchies.

Really, though, it's a defense against political enemies. If a Democrat-led office in the US screwed up like this and admitted their error, the Republicans would be all over them like Nelson Muntz, pointing and chanting, "Ha-ha!" before launching a full investigation complete with special prosecutor. Politics has gone to the point of keeping up false appearances because everyone behaves like schoolchildren when someone behaves like an adult by admitting fault or taking responsibility.

Re:Can't admit a mistake?

[sm62704]

That's how I used to do it. IMO one should learn HTML thoroughly before learning javascript, for just that reason.

<html>
<head>
<meta http-equiv="refresh" content="15;url="http://www.slashdot.org">
</head>
<body>
We are sorry for the inconvienience, but we have moved to <a href="http://www.slashdot.org>slashdot.org</a>. Please update your bookmarks.

Your browser will now. redirect to the new URL.
</body>
</html>

Actually mine was a tad bit bigger; I made it look more or less like the old page, but with no content except the forwarding message.

Re:Can't admit a mistake?

[sm62704]

That's why you add a link. If you redirect immediately you might as well not bother.

wish I had done it

[Coraon]

I would have changed it to a site proving how crime can pay.

Re:wish I had done it

[LifesABeach]

Just a thought, but I have never called my Unit a "National High Tech Crime"; but on occasion it has been guilty...

Goatse image posted to the NHTCU website in...

3...2...1...

Re:Goatse image posted to the NHTCU website in...

[Daimanta]

More like big ass ads site. If he does this succesfully, he will rake in millions.

Re:Goatse image posted to the NHTCU website in...

[Daimanta]

Ahhh, braincrash.

Please add "of cents" or "of customers" to the end of the sentence in your mind please.

Re:Goatse image posted to the NHTCU website in...

[gnick]

Please add "of cents" or "of customers" to the end of the sentence in your mind please.

I don't know how you knew what sentence was in my mind, but tacking on those phrases made it no more coherent.

It was

Obviously that Gary McKinnon again, up to his hackery deeds again.

Keep domain names, phone #s, for 5 years

[davidwr]

If you are a business, it pays to keep control of names and phone numbers for 5 years after you stop using them.

In the case of web sites, a few months with a nice "this web site has changed" message followed by a few months of an automated redirect, followed by several years of no DNS entry.

Woops

[gailrob]

All your Domain are belong to us!

This is nothing new... watch your intellectual property or lose it to someone who is.

Why does everything need its own domain name?

[Ed+Avis]

This illustrates why it's not always a good idea for every sub-organization, project and campaign to use its own top-level domain name. If the unit was part of the British government, surely a domain underneath .gov.uk would have been appropriate? Then you need not pay any fees to register it (except perhaps from one part of the government to another) and it can never be taken over by spammers.

Re:Why does everything need its own domain name?

[AndyST]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Re:Why does everything need its own domain name?

[Ed+Avis]

I don't understand what you mean. If someone knows nothing about DNS, they will be just as happy with www.unit.gov.uk as with www.unit.com. If someone does know what DNS is and how it works (a minority, surely), they won't mind either. Is there some in-between population of cluebies who check the web address of every link and won't use it unless it has its own TLD?

Re:Why does everything need its own domain name?

[2names]

Anyone else catch the irony of the parent going off on a DNS rant and then misusing "TLD" in said rant?

Re:Why does everything need its own domain name?

[xaxa]

The organisation that took over the NHTCU, the Serious Organised Crimes Agency, has a .gov.uk: http://www.soca.gov.uk/

I think we're used to seeing .gov.uk domains in the UK -- especially from local government. I don't think it's a problem.

Re:Why does everything need its own domain name?

[Culture20]

No, I was focused on the obvious differences between www.unit.gov.uk and www.unit.com. One's an obvious UK government site, the other is probably a site where enL4r6e|\/|3N+$ are sold.

Re:Why does everything need its own domain name?

[2names]

HA! Good one! You owe me one keyboard, though, as mine is now covered with delicious Mountain Dew® and Jimmy John's© sandwich remnants.

Mountain Dew® is a registered trademark of Pepsico, INC.
Jimmy John's: ©2007 Jimmy John's Franchise, LLC All rights reserved.

Re:Why does everything need its own domain name?

[Minwee]

...and it can never be taken over by spammers.

However, every few years it is guaranteed to be taken over by a new bunch of idiots.

Re:Why does everything need its own domain name?

[ikkonoishi]

Customer types "unit" into their urlbar. Browser goes "WTF?" and adds "www." and ".com" to the url to make it valid. Customer is sent to phishing site. Customer enters the information the website asks for to pay the bill. Phisher takes all of customer's money. Customer blames government for not protecting him properly.

Re:Why does everything need its own domain name?

[camperdave]

No, I was too busy reminiscing about old Doctor Who episodes and idly musing if UNIT actually existed.

Re:Why does everything need its own domain name?

[PPH]

Think about all the clueless users who just type ACME into their browser and expect it to autocomplete www.ACME.com.

Re:Why does everything need its own domain name?

[kdemetter]

You didn't continue :

Costumer learns that not verifying the domain is stupid . Customers will hopefully not make the same mistake again.

Costumer has no one to blame but himself .

Re:Why does everything need its own domain name?

[Richard+W.M.+Jones]

Because even if some people are limited in their understanding of the hierarchic DNS, they are still voters and customers. The easily convinced breed, even.

Yeah, but it was a .org we're talking about. My email address is a .org and people still stare at me blankly like "what's this thing he's talking about that doesn't end in hotmail.com".

Rich.

Re:Why does everything need its own domain name?

[fbjon]

But why the name change? And where is the Casual Organised Crimes Agency, COCA?

Re:Why does everything need its own domain name?

[j79zlr]

That is one old sammich you got there!

Re:Why does everything need its own domain name?

[clone53421]

So you register as NHTCU.gov.uk... you still have to figure out a way to combat the phishers or trolls who register NHTCU.org. Otherwise people get confused and it makes you seem incompetent.

Re:Why does everything need its own domain name?

[gnick]

Sorry, UNIT hasn't been seen lately. All we've got now is Torchwood.

Re:Why does everything need its own domain name?

[gnick]

It gets worse. I used to watch the incoming google searches on their site just out of curiosity. Every once in a while I'd see somebody search google for "http://www.cnn.com" or similar.

Oof.

Re:Why does everything need its own domain name?

[camperdave]

Perhaps you've not seen some of the recent episodes in season 4. Martha Jones is part of UNIT now.

Re:Why does everything need its own domain name?

[Hieronymus+Howard]

There is a police.uk domain, so they really ought to be using that.

Re:Why does everything need its own domain name?

[daveime]

Until the Supreme Dalek commanded "annihilate UNIT".

UNIT has the Valiant, a flying airport ... Torchwood has 3 Welsh gits in a basement and a bisexual captain in a trenchcoat ... there's just no comparison.

What's the big deal?

[VdG]

Since it's my taxes that pay for it, I'm quite happy to see the registration lapse. This is a bit of a non-story and wouldn't be an issue if other people kept their links up-to-date.

Re:What's the big deal?

[TXISDude]

What's the big deal . . . try basic competence in communications101? My defense strategy 1) commit crime 2) change name - be sure to tell all my friends I am no long John Doe, I am now John Smith 3) when confronted, tell the authorities - hey, that isn't me - I'm John Smith . . . now Changing your name in a reorganization does not resolve problems of aliases, references (OK, update your links, but how about old news stories, etc - can't update what has already been written . . .) You may appreciate not paying the relatively small domain name fee as a savings in taxes, but what was the real cost of the "reorganization"? a lot more than a domain name entry. Not to mention, should this not have been under .UK not .org? How official is a .org? Of course to save more tax dollars, why not have everyone sign up for their own free gmail account?

Re:What's the big deal?

[TubeSteak]

Step 1: Buy up lapsed, popular domain names
Step 2: Sell ads, farm out malware, ???
Step 3: Profit

Re:What's the big deal?

[Raedwald]

Acquiring the domain name would be a phisher's dream. If someone recalled that there was such an organisation as the NHTCU, and were unaware that the organisation no longer existed, they would be inclined to believe anything they read there. Including instructions to download and install a "critical security fix".

Bear in mind that malware producers can be frighteningly sophisticated.

Re:What's the big deal?

[Ed+Avis]

Why should you have to keep your links 'up to date'? They chose the domain name and the web address; nobody forced them to pick the one they did. It's the webmaster's responsibility to pick addresses that others can rely on. See Cool URIs don't change.

After all, what makes more sense: a single webmaster maintaining a logical address which you can always use to get the right information, or thousands of websites all over the net scrambling to 'update' their links at exactly the right moment?

Re:What's the big deal?

[mpcooke3]

What a load of rubbish.

The amount of money spent on having to give an official response and deal with the PR consequences of the domain lapse would have covered the cost of renewing the domain for another couple of centuries.

People don't expect government websites URLs to lapse every few years and there is not even an industry standard way of updating or notifying all linking sites of the domain change.

Re:What's the big deal?

[Z00L00K]

Nothing new there...

Re:What's the big deal?

[quacking+duck]

Not to mention any links contained in PDFs or printed material. Good luck changing those.

Re:What's the big deal?

[Blakey+Rat]

The link-ee is responsible for keeping the same content at the same URL, not the link-er. It couldn't possibly work any other way.

The government in this case farked-up. They could easily have used a few redirects to make sure their links still worked correctly, at least they could have if they were competent at keeping a domain name registered.

Soon to be NHTCU Spam

[Rayeth]

Protect yourself from Phishing emails by visiting www.NHTCU.org and giving us all of your information. We're a High Tech Crime Unit! We would never misused your information, honest.

so...

[halfEvilTech]

I guess I could sell it back to them for the 'right' price

Misleading Title

The title's a bit misleading considering the organization is now defunct anyway.

Re:Misleading Title

[PawNtheSandman]

Not defunct, they just changed their name.

Re:Misleading Title

I'm sorry, you must be new here. I'm AC. While I occassionally post insightful, informative, or humorous information, most of the time I can't be bothered to read past the headline. Nice meeting you!

The spokesman is Graham Cluley?

[Intron]

Nuh-uh.

Why?

Why exactly is this their responsibility? It's not their fault that other Web sites are linking to a now-defunct organization. Do they have to keep and maintain the domain forever just because a bunch of other people might not revise their links?

A Waste

[nathan.fulton]

The guy who owns it now is running a blog that looks like it was written by a cheap copywriter. I think I'm going to email him about acquiring the domain, the site could be used for some hilarious parodies. Its current use, or using it to commit crime, would be a waste of pure gold comedic content. Anyways, the risk looks minimal. I searched for sites linking to nhtcu.com and there aren't that many -- and BBC has already stripped most of its links.

Re:A Waste

high tech crime bulletins onion style.

How is it that Cluely has a clue, and...

[davidsyes]

the coppers are clueless... Maybe it's all in a name, since Graham has more than a gram of sense, and pounds of cents...

(Sorry, I'm not English, so I can't whip out one of those zany/apropos remarks for which they can be SMASHING FAMOUS...)

But, it seems one of the coppers may be caught flatfooted, and be feeling soooo.... busted...

Re:How is it that Cluely has a clue, and...

[PawNtheSandman]

Your jokes are pants.

Re:How is it that Cluely has a clue, and...

Your trousers are pants.

Re:How is it that Cluely has a clue, and...

[davidsyes]

No, they're SKIRTS, or shorts...

A site for a defunct organization gets lost...

Who cares?

German enterprise spirit at its finest!

I have always thought that our country needs more enterpreneurial esprit. But pissing off the brits is not what I was thinking off. Maybe he's hoping to sell it back to them for a tidy profit...

1. Wait (for gov to make mistake)
2. Buy
3. ... (wait for gov to realize mistake. May be longer than 1.)
4. Profit!

Re:German enterprise spirit at its finest!

When I first read the headline I was thinking to myself that there's no way I'd let a 5 letter domain on a well-known TLD "lapse." I'd sell it for 4 to 6 figures instead.

Lucky bastard who snapped up that domain for cheap...

(Hint: All the 4-5 letter domains are taken for .com, .net, .org, etc; you can't even buy a crappy one for less than $1000.)

Re:German enterprise spirit at its finest!

[billcopc]

All the 4-5 letter domains are taken

No kidding, I just bought two of them a few weeks ago.

Wanna give me more than $1000 for yjack.com/org ? Come on, you know you wanna!

.gov.uk

[Raedwald]

If they had used a .gov.uk domain, rather than a TLD, would this have happened?

Re:.gov.uk

If they had used a .gov.uk domain, rather than a TLD, would this have happened?

Yes.

.gov.uk domains are reserved for the UK government and German pranksters.

Internet != The Web

[XanC]

Title should read "Crime Unit Domain", not "Crime Unit Website".

Re:Internet != The Web

[blair1q]

Can you find the website? No, because its domain no longer exists.

What are things you can't find? They're lost.

The website was lost. So was the domain, but that's semantics.

Title is correct.

Re:Internet != The Web

[thbigr]

Dude, what is wrong with you. Thits lice corecting somones speling in a roply.

Re:Internet != The Web

[nickswitzer]

That's what I was thinking. I originally thought that it was an "up-to-date" used that the police were using for their high tech crime unit organization. The title totally threw me off. Would have been actual "news" if someone had actually taken the site from them.

So what.

[ROBOKATZ]

If it was disbanded, they should give up the domain name, it is the responsible thing to do.

I don't see how some jokester grabbing up the domain to be funny should be taken as any kind of serious sign of incompetence, as the article implies, especially since the people that worked there, you know, don't work there anymore.

It's just slightly ironic.

Cynicism is powerless against laziness!

[bigtallmofo]

I must admit it's to me surprising that a slashdot user would pay their bill on an old domain like that and trust that AT&T won't do something equally as stupid

I'm quite sure that AT&T is just that stupid. However, I'm too lazy to do anything about it.

and the answer is..

No.

Renew 10 years at once

[ilovesymbian]

Don't they have the brain to renew it on a long-term basis and have alerts sent a few months before expiry?

A fool and his domain name are easily separated.

Re:Renew 10 years at once

[Andy_R]

The real issue is that they didn't have the brain to use .gov.uk

Carpe domainum

[spyrochaete]

This is similar to what a blogger, Long Zheng at the I Started Something blog, did. He was reading a Microsoft security/phishing article which made mention to the fictional website "www.somebadsite.com". This was an unresolved domain name so he did what any ethical person would do - he purchased it and linked it to his own site.

That's some serious Google link juice right there. I wonder if the links were nofollowed.

P.s., looks like that link has been removed from Microsoft's article.

Re:Carpe domainum

[phorm]

Didn't a similar thing happen with movies/books mentioning domains that didn't exist, and a few smart people capitalizing on that and registering the domains?

Maybe movies/books/articles need a good extension for domains, like 555-xxxx is for phone numbers.

How about .dni (does not exist) or .nex (nonexistent)?

That $12 saving sure will help the budget

[Nicolas+MONNET]

Here's how a genius like yourself could save plenty of money in a similarly creative way:
* Unmount seat belts and airbags in your car, and sell them at the flea market
* Forego those expensive vaccinations and malaria medications next time you go near the tropics
* Cancel all those useless insurance policies

Come to think of it, sounds a lot like Republican economic policies.

Shocking!

[k1e0x]

What a story.

Lazy bureaucrats failed to do what was required of them.. film at 11.

Queue up Nelson Muntz...

[actionbastard]

in 3 - 2 - 1...

Ha - Ha!

and the email sent to the domain?

Email addresses on this domain will be subscribed to newsletters, briefing reports, and will be cc'd on correspondance for years to come. I'm sure the webtraffic will be interesting to serve targetted ads to, but thats nothing to the interesting email traffic that the domain will attract.
I suspect someone didn't think through the implications of not protecting their domain portfolio.