Met Police confirms ICT outage but plays down attack fears
Two weeks of IT woe for cop staff
Agentless Backup is Not a Myth
The Metropolitan Police Service is investigating the cause of a "major network issue" that has prevented staff using some IT services for almost two weeks.
A Met spokesman confirmed the problem was first identified on 9 June, but insisted no critical systems had been downed by the incident.
"As a result of a major network issue, the MPS is currently experiencing issues with a small number of ICT services, including printing services and system access for some MPS staff and officers," he told the Reg.
"MPS has taken significant steps to investigate this as a matter of priority. Progress has been made to restore a number of services and urgent work continues to resolve the issues and restore the remaining services to all staff and officers as quickly as possible.
"Where operationally required, staff and officers have been advised of workarounds and reverted to fallback procedures in the absence of certain applications to ensure this does not impact on the service to the public."
The Met said it has no reason to suspect the the network issues were caused by a deliberate cyber attack. "Investigations are still ongoing to identify the root cause and at this stage we are not ruling anything out. However, our anti-virus software continues to work effectively."
According to sources, a portion of the Met's computer system is offline, hindering some Police National Computer checks. It's possible "information leakage" by certain print servers could be blamed for the issue.
At the time of writing, the Met spokesman was unable to shed any light on this point or detail when the network woes would be resolved.
Previous research by the European Network and Information Security Agency highlighted the risks of printing and carelessly discarding sensitive biz documents. But Graham Cluley, senior tech consultant at Sophos, was unaware of any previous security attacks infecting actual printer hardware.
"Printers don't normally have a programming interface to run its own code, there could be data storage or management software but I haven't heard of malware [attacks] and if there were it would be hardware specific," he said.
"It would, however, be an interesting proof of concept." ®
COMMENTS
Can't run programs?
Er, postscript is a programming language...
Of course, I'm sure it's totally isolated from the parts with a network connection.. right?
old news is bad news in this case
Idlescan. The average printer IP stack is completely sequential, therefore if you can route to one and connect to it, then spoof a packet from it to a host abusing the trusted relationship network admins establish with printers, then re-connect the print server, you can see if the host responded to its trusted friendly printer by looking at the pid of the packet. Theres no emphasis on bringing it into current random packet pid's because, well, its just a printer right? wrong...
You can map out entire network topologies with ease using this technique. nmap even has it as a scan mode , nmap -sI on the latest versions.
Fyodor as usual has a great write up of it :-
http://nmap.org/book/idlescan.html
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
