Royal Family's Website Targeted by Denial-of-Service Attack

The royal family’s website, royal.uk, was knocked offline on Sunday, 1 October by a DoS (denial-of-service) attack. The outage began at around 10 o’clock and lasted about 90 minutes. No systems were compromised, nor any data breached.

The pro-Putin hacktivist group KillNet took responsibility for the attack on its Telegram channel.

Although this claim has not been verified, the attack certainly fits KillNet’s modus operandi. Indeed, the cyber security authorities of the Five Eyes countries (Australia, Canada, New Zealand, the UK and the US) issued a joint cyber security advisory last May, warning of cyber attacks following Russia’s invasion of Ukraine, including denial-of-service attacks by KillNet.

The royal family are public supporters of Ukraine, with King Charles holding an audience with President Zelensky at Buckingham Palace in February and Prince William offering his support for British troops at a military base in Poland, near the Ukraine border, in March.

Other DoS attacks attributed to KillNet include a series of disruptions to Nato websites in February, and attacks against organisations in the healthcare sector.

What is a DoS attack?

There are several types of DoS attack, but all have the same basic end: preventing legitimate users from using online services by overwhelming them with traffic.

Some DoS attacks consume computational resources like bandwidth and memory, some disrupt network components, some focus on system vulnerabilities that, if exploited, will cause websites to become unstable or unresponsive.

While a DoS attack uses a single internet connection to flood a website server with packets, a DDoS (Distributed Denial of Service) attack will attempt to make online services unavailable by using multiple computers and internet connections (IP addresses), often distributed globally in a botnet.

Both DoS and DDoS attacks could lead to genuine web visitors not being able to access your website.