http://www.bbc.co.uk/news/uk-12371056 Interesting article, until... How is providing a dodgy link in a spoofed White House email a 'sophisticated attack'? I'm sure that there will be plenty of clever attacks on this (and most other) countries, on a daily basis, but what is the point when people keep making the same old basic mistakes.
Never open document.exe. Long live hiding file extensions. And get Microsoft ForeFront (Security Essential but business edition)
The UK government should be spending there time on educating the staff on basic internet safety. It is ridiculous that these idiots still click links in unknown emails.
So some office drones clicked on a dodgy link in a spoof email. Where do they find these people. More significantly, their PCs had no anti-virus. Where do they find their IT people?!? And all of a sudden it's OMG THE UK IS UNDER CYBER-ATTACK!!!!!!111!!1111ONEONEONE Where do we find those politicians...
I don't know whether to be more worried that Hague is calling that a "Cyber-Attack", or that it actually worked.
The UK almost certainly is subject to genuine cyber-attacks every day (from China and others), but I'd be very surprised if they went out and published the details of these attacks. I doubt the folks over at GCHQ are entirely innocent in this department either...
I'm sorry to say i laughed when i read this article, the fact that they still have people making the same mistakes even when its common sense not to open an attachment or link in an email unless you were explicitly expecting it. Also the fact that they're calling that a sophisticated attack worrys me greatly. *sigh* when will they learn
remember the glory days of the 'love bug'? The blis of sending it down to it (in .txt) with full breakdown and instructions for removal only for 10 seconds later them send me a missive Vb exploits ahhhhhhhhhhhhhhhhhh babies
And the whole thing became a national news story. Where do we find these reporters? I was flipping through the Air Force Freedom of Information Act archives the other day and there was an entry about "Operation catch an eagle". The IT folks at one of the major commands created a phishing email and sent it out to everyone in the command. Anyone who responded got their account yanked and had to undergo remedial IT training. Maybe if more agencies did this the situation would improve. Someday I would like to compromise a spam site and everyone who clicked on it got a huge message about 'YOU ARE THE PROBLEM WITH THE INTERNET!". IIRC South Korea did that a while back, but I have no idea if it got the point through. Maybe you could create a trojan that when the user clicks on it rootkits in anti-virus software. I don't know if it would accomplish anything, but damn it would be entertaining!
This has been said "off the record" but in public in the past, especially by the US. I'm surprised there hasn't been a wikileak on this yet, but then maybe that's to come.
OK, it's worrying about the ignorance of users in government, but it's also worrying about the level of IT support in government: for starters, why are they not using up to date AV software? Moreover, presumably all internet traffic goes through a proxy/firewall, so why is traffic not screened as it enters Whitehall? With the all-pervasive nature of technology, and especially the Internet, in today's society, having a government that is so out of touch with technology is just not good enough.
because not all our data is TOP-SECRET UBER SECURE stuff dude. I work for said government and we have more than enough data protection and encryption on hand to deal with most issues. I.e. we can't send attachments to an external source with a massive hand of encryption forcing itself in there and screwing everything up lovely. Also please remember that not everything gets sent to one HUGE server, despite what the Daily Mail states. I wish it did, then I catch more fraudulant little gits in the act, but it just doesn't work like that. Data Protection Laws provide a necissary barrier against this kind of extreme-centralised government database. Alot of traffic is screened, AV is updated daily at my place, we even have two networks to log into at work before we can even access our programs. We're as secure as can be bro.
Almost nothing i handle is secret but my company still has every thing described by fibble and this email would not have hit my inbox. This is basic security, i'd expect the stuff that is Top Secret to be handled in a more secure fashion than that employed by a consultancy. Maybe this goes back to the conversation earlier about public sector pay and it not being suffcient to compete with the private sector.
Hmmm not really. I'd just expect it to be deleted by the person who recieves it. But there again we have a heck-tonne of protection on our e-mail accounts chap including incoming filters. I'll agree that the issues some people have with tech is the fact that they go "ARGH I CANT DO TECHNOLOGYMAKING!" which is frustrating for people like me who do. No?
I can only think of one firm I've worked at that prevented me downloading the credit card numbers of every customer on to usb.... and even that could be bypassed.
Its been my experience that relying on your end user to have the smallest amount of sense is a poor game plan . Every thing I design is taken from that assumption and still users can surprise me at the unexpected level of difficulty they can find them selves in.