Feeds

Another police website hacked

First the Home Office, now local plods

The Essential Guide to IT Transformation

This is starting to get a little tedious. The Bedfordshire Police website has just been taken down after it was discovered that every page had been replaced by an animated man carrying a Tunisian flag. Underneath, according to the BBC, was a green symbol and a Muslim prayer written in Arabic. Don’t bother clicking on the link: as at mid-day, it is still not back up.

However, if you would like to see what Bedfordshire Police WERE saying until they were so rudely interrupted, you could try the Google cache version.

Bedfordshire Police website hacked

Now you see us, now you don't

Here you can read the answer to such vital questions as “Is Your Computer Safe Online?”, which warns rather ironically: “Hackers can get in, take what they want, and even leave open a ‘back door’ so they can access your computer anytime you're online and use it to attack other computers.”

Moreover, “Every minute that your computer is connected to the Internet, it is at risk”. What a shame that Beds Police don’t appear to have read their own website. Particularly the bit that starts: “Where Can I Get A Personal Firewall?”

OK. Now that we’ve all had a good giggle, here’s the serious stuff.

Last week, the Home Office Crime Reduction Unit was itself subject to a similar hack. In that instance, one of its pages was replaced with a page that mimicked that belonging to the Italian Post Office – and for 12 hours phished happily away before anyone at the Home Office spotted what was going on.

Are you the owner of this data, sir?

This sort of incident is bad news for Government plans to centralise data in two ways. First – whatever the experts say – it is demonstrable proof that data may well NOT be safe in government hands.

Second, when the technological explanation appears and we are assured that whilst the website was hacked, no-one could possibly have wormed their way through to anything more sensitive, there is a credibility gap. One of the biggest obstacles to data centralisation is public confidence. This destroys it.

In response to the CRU incident, the Home Office is keen to point out that “at no point was there a risk to any personal or security information held on Home Office IT systems”. This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality.

The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.

On the question of how this affected public confidence in respect of the National Identity Scheme, they were less reassuring. “By linking fingerprints to a secure database with strict rules outlining its use, the National Identity Scheme will allow individuals, business, and the state to prove identity more securely, conveniently and efficiently while protecting personal information from abuse”.

This rather misses the point that if the public perceive something to be unsafe, it doesn’t matter how safe it actually is. Bedfordshire Police take a similar tack. According to a spokeswoman, "The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained.

"Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

In 2007, Bedfordshire Police were one of ten Police Forces in the UK to sign up to pilot the “Lantern” project – allowing them to carry out hand-held, mobile fingerprinting. That means key biometric data, of the type likely to be used to underpin any future biometric identity scheme is wandering the streets in the hands of a police force that can’t even protect its own website!

Are you re-assured?

Those who’d like to know more about how to hack the police (and other websites) could do worse than take a peek here. This Youtube channel offers a fascinating range of insights into how to carry out hacks. It also claims to be maintained by Arfaoui FirA, which is, co-incidentally, the same name as that used by the perpetrator of the Beds Police outrage. Is it him? Is it all some sort of cunning double bluff? Make your own mind up – but best to do so quickly, as we guess this site won’t stay up for that much longer. ®

Build a business case: developing custom apps

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.