Feeds

Another police website hacked

First the Home Office, now local plods

Top three mobile application threats

This is starting to get a little tedious. The Bedfordshire Police website has just been taken down after it was discovered that every page had been replaced by an animated man carrying a Tunisian flag. Underneath, according to the BBC, was a green symbol and a Muslim prayer written in Arabic. Don’t bother clicking on the link: as at mid-day, it is still not back up.

However, if you would like to see what Bedfordshire Police WERE saying until they were so rudely interrupted, you could try the Google cache version.

Bedfordshire Police website hacked

Now you see us, now you don't

Here you can read the answer to such vital questions as “Is Your Computer Safe Online?”, which warns rather ironically: “Hackers can get in, take what they want, and even leave open a ‘back door’ so they can access your computer anytime you're online and use it to attack other computers.”

Moreover, “Every minute that your computer is connected to the Internet, it is at risk”. What a shame that Beds Police don’t appear to have read their own website. Particularly the bit that starts: “Where Can I Get A Personal Firewall?”

OK. Now that we’ve all had a good giggle, here’s the serious stuff.

Last week, the Home Office Crime Reduction Unit was itself subject to a similar hack. In that instance, one of its pages was replaced with a page that mimicked that belonging to the Italian Post Office – and for 12 hours phished happily away before anyone at the Home Office spotted what was going on.

Are you the owner of this data, sir?

This sort of incident is bad news for Government plans to centralise data in two ways. First – whatever the experts say – it is demonstrable proof that data may well NOT be safe in government hands.

Second, when the technological explanation appears and we are assured that whilst the website was hacked, no-one could possibly have wormed their way through to anything more sensitive, there is a credibility gap. One of the biggest obstacles to data centralisation is public confidence. This destroys it.

In response to the CRU incident, the Home Office is keen to point out that “at no point was there a risk to any personal or security information held on Home Office IT systems”. This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality.

The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.

On the question of how this affected public confidence in respect of the National Identity Scheme, they were less reassuring. “By linking fingerprints to a secure database with strict rules outlining its use, the National Identity Scheme will allow individuals, business, and the state to prove identity more securely, conveniently and efficiently while protecting personal information from abuse”.

This rather misses the point that if the public perceive something to be unsafe, it doesn’t matter how safe it actually is. Bedfordshire Police take a similar tack. According to a spokeswoman, "The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained.

"Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

In 2007, Bedfordshire Police were one of ten Police Forces in the UK to sign up to pilot the “Lantern” project – allowing them to carry out hand-held, mobile fingerprinting. That means key biometric data, of the type likely to be used to underpin any future biometric identity scheme is wandering the streets in the hands of a police force that can’t even protect its own website!

Are you re-assured?

Those who’d like to know more about how to hack the police (and other websites) could do worse than take a peek here. This Youtube channel offers a fascinating range of insights into how to carry out hacks. It also claims to be maintained by Arfaoui FirA, which is, co-incidentally, the same name as that used by the perpetrator of the Beds Police outrage. Is it him? Is it all some sort of cunning double bluff? Make your own mind up – but best to do so quickly, as we guess this site won’t stay up for that much longer. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.