Feeds

Another police website hacked

First the Home Office, now local plods

Top 5 reasons to deploy VMware with Tegile

This is starting to get a little tedious. The Bedfordshire Police website has just been taken down after it was discovered that every page had been replaced by an animated man carrying a Tunisian flag. Underneath, according to the BBC, was a green symbol and a Muslim prayer written in Arabic. Don’t bother clicking on the link: as at mid-day, it is still not back up.

However, if you would like to see what Bedfordshire Police WERE saying until they were so rudely interrupted, you could try the Google cache version.

Bedfordshire Police website hacked

Now you see us, now you don't

Here you can read the answer to such vital questions as “Is Your Computer Safe Online?”, which warns rather ironically: “Hackers can get in, take what they want, and even leave open a ‘back door’ so they can access your computer anytime you're online and use it to attack other computers.”

Moreover, “Every minute that your computer is connected to the Internet, it is at risk”. What a shame that Beds Police don’t appear to have read their own website. Particularly the bit that starts: “Where Can I Get A Personal Firewall?”

OK. Now that we’ve all had a good giggle, here’s the serious stuff.

Last week, the Home Office Crime Reduction Unit was itself subject to a similar hack. In that instance, one of its pages was replaced with a page that mimicked that belonging to the Italian Post Office – and for 12 hours phished happily away before anyone at the Home Office spotted what was going on.

Are you the owner of this data, sir?

This sort of incident is bad news for Government plans to centralise data in two ways. First – whatever the experts say – it is demonstrable proof that data may well NOT be safe in government hands.

Second, when the technological explanation appears and we are assured that whilst the website was hacked, no-one could possibly have wormed their way through to anything more sensitive, there is a credibility gap. One of the biggest obstacles to data centralisation is public confidence. This destroys it.

In response to the CRU incident, the Home Office is keen to point out that “at no point was there a risk to any personal or security information held on Home Office IT systems”. This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality.

The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.

On the question of how this affected public confidence in respect of the National Identity Scheme, they were less reassuring. “By linking fingerprints to a secure database with strict rules outlining its use, the National Identity Scheme will allow individuals, business, and the state to prove identity more securely, conveniently and efficiently while protecting personal information from abuse”.

This rather misses the point that if the public perceive something to be unsafe, it doesn’t matter how safe it actually is. Bedfordshire Police take a similar tack. According to a spokeswoman, "The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained.

"Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

In 2007, Bedfordshire Police were one of ten Police Forces in the UK to sign up to pilot the “Lantern” project – allowing them to carry out hand-held, mobile fingerprinting. That means key biometric data, of the type likely to be used to underpin any future biometric identity scheme is wandering the streets in the hands of a police force that can’t even protect its own website!

Are you re-assured?

Those who’d like to know more about how to hack the police (and other websites) could do worse than take a peek here. This Youtube channel offers a fascinating range of insights into how to carry out hacks. It also claims to be maintained by Arfaoui FirA, which is, co-incidentally, the same name as that used by the perpetrator of the Beds Police outrage. Is it him? Is it all some sort of cunning double bluff? Make your own mind up – but best to do so quickly, as we guess this site won’t stay up for that much longer. ®

Intelligent flash storage arrays

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.