Feeds

Malware infested MPs' PCs inflate leak risk

Four in five Parliamentary machines pwned in last year

Using blade systems to cut costs and sharpen efficiencies

Comment "That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act." (Bernard Woolley, Yes Minister)

The ongoing MPs' expenses row has brought public opinion of politics and politicians in the UK, never very high, towards unplumbed depths.

Embarrassing disclosures about how politicians across the political spectrum subsidised their living expense from the public purse follow hard on the heels of leaked emails regarding a proposed New Labour smear campaign against senior Tories, cobbled together by spin doctors Derek Draper and Brown aide Damian McBride in the style of In the Loop's Malcolm Tucker.

In both cases the emails and leaked files were probably obtained by someone with access to the information, who subsequently attempted to auction it off to national newspapers. The incidents illustrate the fact that all manner of sensitive and potentially embarrassing information is held on the PCs of MPs, ministers and their advisers.

Given the career-threatening implications of data leaks, it's therefore surprising how lax politicians and their advisors are when it comes to data security.

We know that parliamentary computers were infected with the Conficker superworm in March. Conficker hasn't been activated to do anything but it remains of concern that Parliament can be so easily compromised in the first place, something that's happened numerous times in the last twelve months. In March, for example, we reported that police failed to record a crime, still less investigate, when Alun Michael MP discovered a malware infection on his office PC. Michael was able to detect and remove the unidentified malware himself.

These incidents are far from isolated. In response to questions in parliament on Wednesday, Nick Harvey, a Lib Dem member of the House of Commons Commission said that the vast majority of the 5,000 PCs in use around the Palace of Westminster had been hit by malware over the last year.

In the past 12 months 86 per cent of computers on the estate have been attacked by malware, 78 per cent of which were cleaned automatically by Parliament's anti-virus software, with 8 per cent needing a visit by an engineer. There are 4,991 computers on the estate.

The security of parliamentary PCs ought to be more important than those of a regular office system, because of the confidentiality of MPs' work with their constituents, not to mention the potential for leaks of embarrassing information. Malware-infected computers are certainly no help to the general smooth running of parliamentary business, either.

In fairness, staff running the House of Commons IT systems have their work cut out for them. One security expert compared the system to a University campus network in terms of the institutional lack of control. It's probably even worse than that, because of the sensitivity of the data in question, not to mention the bolshieness - if not arrogance - of some of our elected representatives and their advisors.

The Conficker infection prompted a temporary ban on mass storage devices, including MP3 players, on parliamentary systems. Security experts we've spoken to reckon that more needs to be done, such as the introduction of access controls and encryption across parliamentary systems. The possible application of data loss prevention technology also comes to mind.

Wider use of PGP by politicians might be a good start, except for the fact the parliamentary BOFHs recently told users that PGP is incompatible with its remote access software, for reasons even PGP has been unable to fathom thus far.

The lamentable state of PC security in the mother of parliaments creates a real risk of leaks of sensitive information in the future, even if this has not happened already. MPs ignore such possibilities at their peril.

Politicians - typically lawyers or lecturers by trade, with little awareness of computers much less information security - need to get up to speed with the internet or else risk looking as hapless as fictional politicians like Hugh Abbot and Jim Hacker. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.