Feeds

Manchester cops clobbered by Conficker

PCs' PCs still unplugged from PNC

Beginner's guide to SSL certificates

Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.

The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC.

Conficker (aka Downadup) began spreading on Friday evening leading to a decision to disconnect GMP systems from the Police National Computer (PNC) while the malware outbreak was contained. Police were obliged to call contacts in neighbouring forces in order to run PNC checks, the Manchester Evening News reports.

GMP's incident log crime recording systems was not affected by the malware outbreak, which was brought under control by Monday afternoon. GMP's reconnection to the PNC is yet to happen at the time of writing on Tuesday lunchtime, but this is likely to happen later today.

GMP assistant chief constable Dave Thompson said in a statement that the service the force offered to the public was not affected by the Conficker outbreak. The GMP's website and associated blogs also remained up and running during the incident.

On Friday 29 January 2010, a virus was identified within GMP the IT system.

The virus, Conficker, is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection.

A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat.

We have systems in place to ensure this does not affect our service to the communities of Greater Manchester.

At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.

Information security experts reckon it's unlikely that GMP, Britain's third biggest police force, was deliberately targeted for attack. Previous victims of Conficker have included the UK Ministry of Defence, parliament and Manchester Council. The February 2009 incident cost council tax payers £1.5m in lost parking ticket revenue and security consultant fees.

Officers and civilian staff have been warned against using unauthorised USB flash drives and advised to run regular security scans using up to date anti-virus software. GMP employs 8,200 police officers and 4,100 civilian staff.

A GMP spokesman said it was yet to determine if an infected memory stick was to blame for the spread of malware across the force's systems, though it is the more likely scenario than the alternative explanation of infection from a connected network that took advantage of unpatched systems at GMP.

Jason Holloway, sales manager Northern Europe for secure USB drive vendor SanDisk, said: "Conventional USB flash drives are a key method for spreading these infections stealthily, and without the drive’s user being aware – as both Ealing and Manchester Councils found last year."

"Virus scanning has to extend beyond the PC to all types of removable storage. Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users can’t turn off, disable or work around the protection, and would stop these infections from spreading."

Graham Cluley, a senior security consultant at Sophos, agreed with Holloway that the Conficker infection at GMP can most likely be traced back to an infected memory stick. Organisations need to control access to USB ports to clamp down on what has become a major route of virus infection over recent years, he added.

"Conficker, which was first encountered in late 2008 and created a hystericane of media interest in March last year, spreads via a variety of methods - but my guess is that it's most likely that it infected the police systems via an infected USB stick," Cluley wrote in a blog post on the GMP outbreak. "After all, they've had well over a year to put the Microsoft patch in place.

"Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years. The problem was such that it encouraged Microsoft to improve the way AutoPlay worked in Windows 7." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.