Feeds

Another police website hacked

First the Home Office, now local plods

Choosing a cloud hosting partner with confidence

This is starting to get a little tedious. The Bedfordshire Police website has just been taken down after it was discovered that every page had been replaced by an animated man carrying a Tunisian flag. Underneath, according to the BBC, was a green symbol and a Muslim prayer written in Arabic. Don’t bother clicking on the link: as at mid-day, it is still not back up.

However, if you would like to see what Bedfordshire Police WERE saying until they were so rudely interrupted, you could try the Google cache version.

Bedfordshire Police website hacked

Now you see us, now you don't

Here you can read the answer to such vital questions as “Is Your Computer Safe Online?”, which warns rather ironically: “Hackers can get in, take what they want, and even leave open a ‘back door’ so they can access your computer anytime you're online and use it to attack other computers.”

Moreover, “Every minute that your computer is connected to the Internet, it is at risk”. What a shame that Beds Police don’t appear to have read their own website. Particularly the bit that starts: “Where Can I Get A Personal Firewall?”

OK. Now that we’ve all had a good giggle, here’s the serious stuff.

Last week, the Home Office Crime Reduction Unit was itself subject to a similar hack. In that instance, one of its pages was replaced with a page that mimicked that belonging to the Italian Post Office – and for 12 hours phished happily away before anyone at the Home Office spotted what was going on.

Are you the owner of this data, sir?

This sort of incident is bad news for Government plans to centralise data in two ways. First – whatever the experts say – it is demonstrable proof that data may well NOT be safe in government hands.

Second, when the technological explanation appears and we are assured that whilst the website was hacked, no-one could possibly have wormed their way through to anything more sensitive, there is a credibility gap. One of the biggest obstacles to data centralisation is public confidence. This destroys it.

In response to the CRU incident, the Home Office is keen to point out that “at no point was there a risk to any personal or security information held on Home Office IT systems”. This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality.

The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.

On the question of how this affected public confidence in respect of the National Identity Scheme, they were less reassuring. “By linking fingerprints to a secure database with strict rules outlining its use, the National Identity Scheme will allow individuals, business, and the state to prove identity more securely, conveniently and efficiently while protecting personal information from abuse”.

This rather misses the point that if the public perceive something to be unsafe, it doesn’t matter how safe it actually is. Bedfordshire Police take a similar tack. According to a spokeswoman, "The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained.

"Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

In 2007, Bedfordshire Police were one of ten Police Forces in the UK to sign up to pilot the “Lantern” project – allowing them to carry out hand-held, mobile fingerprinting. That means key biometric data, of the type likely to be used to underpin any future biometric identity scheme is wandering the streets in the hands of a police force that can’t even protect its own website!

Are you re-assured?

Those who’d like to know more about how to hack the police (and other websites) could do worse than take a peek here. This Youtube channel offers a fascinating range of insights into how to carry out hacks. It also claims to be maintained by Arfaoui FirA, which is, co-incidentally, the same name as that used by the perpetrator of the Beds Police outrage. Is it him? Is it all some sort of cunning double bluff? Make your own mind up – but best to do so quickly, as we guess this site won’t stay up for that much longer. ®

Business security measures using SSL

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.