Feeds

Manchester cops clobbered by Conficker

PCs' PCs still unplugged from PNC

5 things you didn’t know about cloud backup

Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.

The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC.

Conficker (aka Downadup) began spreading on Friday evening leading to a decision to disconnect GMP systems from the Police National Computer (PNC) while the malware outbreak was contained. Police were obliged to call contacts in neighbouring forces in order to run PNC checks, the Manchester Evening News reports.

GMP's incident log crime recording systems was not affected by the malware outbreak, which was brought under control by Monday afternoon. GMP's reconnection to the PNC is yet to happen at the time of writing on Tuesday lunchtime, but this is likely to happen later today.

GMP assistant chief constable Dave Thompson said in a statement that the service the force offered to the public was not affected by the Conficker outbreak. The GMP's website and associated blogs also remained up and running during the incident.

On Friday 29 January 2010, a virus was identified within GMP the IT system.

The virus, Conficker, is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection.

A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat.

We have systems in place to ensure this does not affect our service to the communities of Greater Manchester.

At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.

Information security experts reckon it's unlikely that GMP, Britain's third biggest police force, was deliberately targeted for attack. Previous victims of Conficker have included the UK Ministry of Defence, parliament and Manchester Council. The February 2009 incident cost council tax payers £1.5m in lost parking ticket revenue and security consultant fees.

Officers and civilian staff have been warned against using unauthorised USB flash drives and advised to run regular security scans using up to date anti-virus software. GMP employs 8,200 police officers and 4,100 civilian staff.

A GMP spokesman said it was yet to determine if an infected memory stick was to blame for the spread of malware across the force's systems, though it is the more likely scenario than the alternative explanation of infection from a connected network that took advantage of unpatched systems at GMP.

Jason Holloway, sales manager Northern Europe for secure USB drive vendor SanDisk, said: "Conventional USB flash drives are a key method for spreading these infections stealthily, and without the drive’s user being aware – as both Ealing and Manchester Councils found last year."

"Virus scanning has to extend beyond the PC to all types of removable storage. Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users can’t turn off, disable or work around the protection, and would stop these infections from spreading."

Graham Cluley, a senior security consultant at Sophos, agreed with Holloway that the Conficker infection at GMP can most likely be traced back to an infected memory stick. Organisations need to control access to USB ports to clamp down on what has become a major route of virus infection over recent years, he added.

"Conficker, which was first encountered in late 2008 and created a hystericane of media interest in March last year, spreads via a variety of methods - but my guess is that it's most likely that it infected the police systems via an infected USB stick," Cluley wrote in a blog post on the GMP outbreak. "After all, they've had well over a year to put the Microsoft patch in place.

"Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years. The problem was such that it encouraged Microsoft to improve the way AutoPlay worked in Windows 7." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.