Feeds

Another police website hacked

First the Home Office, now local plods

Secure remote control for conventional and virtual desktops

This is starting to get a little tedious. The Bedfordshire Police website has just been taken down after it was discovered that every page had been replaced by an animated man carrying a Tunisian flag. Underneath, according to the BBC, was a green symbol and a Muslim prayer written in Arabic. Don’t bother clicking on the link: as at mid-day, it is still not back up.

However, if you would like to see what Bedfordshire Police WERE saying until they were so rudely interrupted, you could try the Google cache version.

Bedfordshire Police website hacked

Now you see us, now you don't

Here you can read the answer to such vital questions as “Is Your Computer Safe Online?”, which warns rather ironically: “Hackers can get in, take what they want, and even leave open a ‘back door’ so they can access your computer anytime you're online and use it to attack other computers.”

Moreover, “Every minute that your computer is connected to the Internet, it is at risk”. What a shame that Beds Police don’t appear to have read their own website. Particularly the bit that starts: “Where Can I Get A Personal Firewall?”

OK. Now that we’ve all had a good giggle, here’s the serious stuff.

Last week, the Home Office Crime Reduction Unit was itself subject to a similar hack. In that instance, one of its pages was replaced with a page that mimicked that belonging to the Italian Post Office – and for 12 hours phished happily away before anyone at the Home Office spotted what was going on.

Are you the owner of this data, sir?

This sort of incident is bad news for Government plans to centralise data in two ways. First – whatever the experts say – it is demonstrable proof that data may well NOT be safe in government hands.

Second, when the technological explanation appears and we are assured that whilst the website was hacked, no-one could possibly have wormed their way through to anything more sensitive, there is a credibility gap. One of the biggest obstacles to data centralisation is public confidence. This destroys it.

In response to the CRU incident, the Home Office is keen to point out that “at no point was there a risk to any personal or security information held on Home Office IT systems”. This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality.

The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.

On the question of how this affected public confidence in respect of the National Identity Scheme, they were less reassuring. “By linking fingerprints to a secure database with strict rules outlining its use, the National Identity Scheme will allow individuals, business, and the state to prove identity more securely, conveniently and efficiently while protecting personal information from abuse”.

This rather misses the point that if the public perceive something to be unsafe, it doesn’t matter how safe it actually is. Bedfordshire Police take a similar tack. According to a spokeswoman, "The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained.

"Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

In 2007, Bedfordshire Police were one of ten Police Forces in the UK to sign up to pilot the “Lantern” project – allowing them to carry out hand-held, mobile fingerprinting. That means key biometric data, of the type likely to be used to underpin any future biometric identity scheme is wandering the streets in the hands of a police force that can’t even protect its own website!

Are you re-assured?

Those who’d like to know more about how to hack the police (and other websites) could do worse than take a peek here. This Youtube channel offers a fascinating range of insights into how to carry out hacks. It also claims to be maintained by Arfaoui FirA, which is, co-incidentally, the same name as that used by the perpetrator of the Beds Police outrage. Is it him? Is it all some sort of cunning double bluff? Make your own mind up – but best to do so quickly, as we guess this site won’t stay up for that much longer. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.