Urban75 Home About Offline BrixtonBuzz Contact

Data breaches/IT security failures at Sellafield, the British Library, the Guardian and UK businesses

My two cents on this is, they are asking for more budget. Amplify the threat ( which admittedly should already be high on this but with the current administration, imbeciles they are, you really have to make a noise).
I know this to be fact because I know which things we had to keep out of the news and which things we had to “jazz” up. Nothing is given to you as news without it being vetoed and approved. Anything that affects the share price is tantamount to treason.
 
Boris Sprinkler said:
My two cents on this is, they are asking for more budget. Amplify the threat ( which admittedly should already be high on this but with the current administration, imbeciles they are, you really have to make a noise).
I know this to be fact because I know which things we had to keep out of the news and which things we had to “jazz” up. Nothing is given to you as news without it being vetoed and approved. Anything that affects the share price is tantamount to treason.
Click to expand...
Don't talk such arrant tosh
 
doesnt seem that unreasonable to me.......boris is just speculating....the military does this kind of thing all the time, talking up existing events to get more money in the budget...fact is we can't say either way
 
ska invita said:
doesnt seem that unreasonable to me.......boris is just speculating....the military does this kind of thing all the time, talking up existing events to get more money in the budget...fact is we can't say either way
Click to expand...
On the one hand he is right that everything in the news has been approved by someone somewhere, generally an editor of some sort. That's obvious. You advert the military doing 'this sort of thing' to get more money. Do they really? They're not that successful at it then, given eg the way there's been an aircraft carrier without aircraft for years. Not to mention their day to day budget declining https://commonslibrary.parliament.uk/research-briefings/cbp-8175/
 
If you read the article, it talks about a LinkedIn social engineering attempt. That is very different to being hacked. It’s the first step on the NIST attack phase. No one got hacked. They are being targeted for potential exploitation. By making a noise about it, they can get a bigger budget.
We did it every year. I mean, all the business world is for is to justify your existence.
I’m sure Pickman's model with all his years in Information Security can correct me if I’m wrong.
 
Boris Sprinkler said:
If you read the article, it talks about a LinkedIn social engineering attempt. That is very different to being hacked. It’s the first step on the NIST attack phase. No one got hacked. They are being targeted for potential exploitation. By making a noise about it, they can get a bigger budget.
We did it every year. I mean, all the business world is for is to justify your existence.
I’m sure Pickman's model with all his years in Information Security can correct me if I’m wrong.
Click to expand...
Let me just point you to your talk about stories that affect the share price being seen as treason. Is it really? What about a) profit warnings being issued or b) stories that lead to the share price rising? Are they seen as treason? You make much of your experience in information security - millions of pms of support - but say nothing of your knowledge of pr or journalism
 
Oh so you didn’t like my phrasing.
I worked closely with public affairs departments. I know what type of story they wish to keep out of the news and those which they manufacture and then inform the news brokers of.
 
Making an existing company reasonably well protected against ransomware is actually pretty expensive to do well without breaking the business while you do it.

You need expensive tools, like an EDR ( crowdstrike, sentinel1, etc ) with the MDR option ( eg falcon overwatch ), you need a good MFA deployment which needs to cover things like your VPN, email and anything else important, you need to make sure Active Directory is well setup, you need immutable backups plus some decent staff to run this.

None of this is cheap, and many companies are finding out the hard way they were badly protected.

If you’ve been doing IT on the cheap, you might get totally fucked over and it’ll probably be a surprise.

Alex
 
alex_ said:
Making an existing company reasonably well protected against ransomware is actually pretty expensive to do well without breaking the business while you do it.

You need expensive tools, like an EDR ( crowdstrike, sentinel1, etc ) with the MDR option ( eg falcon overwatch ), you need a good MFA deployment which needs to cover things like your VPN, email and anything else important, you need to make sure Active Directory is well setup, you need immutable backups plus some decent staff to run this.

None of this is cheap, and many companies are finding out the hard way they were badly protected.

If you’ve been doing IT on the cheap, you might get totally fucked over and it’ll probably be a surprise.

Alex
Click to expand...
It depends on how mature the company is and how large their IT estate is and what line of business you are in if you feel you have to seek out expensive solutions.
If its a large corporation with a lot of M&A activity, multinational with a lot of geopolitical concerns. By all means address these risks with a follow the sun modeled Security analyst and incident response team. However, this is very expensive.
From a personal perspective, I always preferred open source solutions. IR and security incident reporting need to be place in order to find the actual real world applicable risks that you need to address with your budget. Having a big bucks solution is waste of money if you have no clue as to the current state of your network. You need to educate your end users as to how to detect and avoid risks that may apply to them and how to report anomalous behavior. Particularly since it became more and more apparent when speaking with major vendors security teams, that it was far more efficient to in-house the knowledge required to build your own regex expressions and (later) yara files than wait for getting a virus sample Mcafee or whoever to rebuild their pattern recognition and then push to 120,000+ hosts. Conficker was a great one to have on a network with very lax file share permissions. We were trialling Norman Sandbox at the time which made disassembly easy and we were able to assist the AV vendor in getting that to their recognition files. However, the issues came with managing such a global network and various vendors, resources and time zones.
The big bucks solutions are nothing but a waste of money if your other stuff is not in order.
 
Boris Sprinkler said:
It depends on how mature the company is and how large their IT estate is and what line of business you are in if you feel you have to seek out expensive solutions.
If its a large corporation with a lot of M&A activity, multinational with a lot of geopolitical concerns. By all means address these risks with a follow the sun modeled Security analyst and incident response team. However, this is very expensive.
From a personal perspective, I always preferred open source solutions. IR and security incident reporting need to be place in order to find the actual real world applicable risks that you need to address with your budget. Having a big bucks solution is waste of money if you have no clue as to the current state of your network. You need to educate your end users as to how to detect and avoid risks that may apply to them and how to report anomalous behavior. Particularly since it became more and more apparent when speaking with major vendors security teams, that it was far more efficient to in-house the knowledge required to build your own regex expressions and (later) yara files than wait for getting a virus sample Mcafee or whoever to rebuild their pattern recognition and then push to 120,000+ hosts. Conficker was a great one to have on a network with very lax file share permissions. We were trialling Norman Sandbox at the time which made disassembly easy and we were able to assist the AV vendor in getting that to their recognition files. However, the issues came with managing such a global network and various vendors, resources and time zones.
The big bucks solutions are nothing but a waste of money if your other stuff is not in order.
Click to expand...

Presumably the people who built your own malware detections are paid with beans ?

You’ve just outlined a different type of “none of this is cheap”

Alex
 
Exactly. So on top of my responsibilities we would spend a lot of time managing vendors and working on procurement and third party management. But you cannot run the products you mentioned until the basics are in order.
 
Getting end users to think about cyber security was always the hardest in my experience. Followed by getting management to actually give a shit and then spend money on the solution.
 
hash tag said:
I gather the British Library had a back up system which was also destroyed. Sounds like it's going to cost over £6 million to put right which is getting on for 50% of it's reserves. What a pointless waste and at a time when it's undergoing a massive expansion. 😓😡
Click to expand...
i read they were ransomed for 600k but chose not to pay it and going to down this route instead...an interesting choice!
 
Their communication hasn't been great. Received an email in November to say that PLR payments would be delayed and silence since then. An update would be nice. From googling, I've discovered that some limited services will be up and running on 15 Jan. Will still be a few months before they're back to something like normal.
 
ska invita said:
i read they were ransomed for 600k but chose not to pay it and going to down this route instead...an interesting choice!
Click to expand...
That would be giving in to these people forever and a day. I think it's UK policy not to pay ransoms and quite right to.
Back up on 15th Jan 🤔 time will tell.
 
alex_ said:
That’s not a backup system!
Click to expand...
FWIW I was told by one of the BL reading room security guards a few days after the attack had happened that they didn't have a backup system in place.

I've also heard (FWIW again) that those at risk aren't the BL's 'customers', but their staff.

'Customer' details held on their system - from what I recall - are names and addresses, but no financial data; last time I remember going there paying for photocopies / scans, it was via card dispenser machines that took cash or credit cards.

But the BL's staff bank details, tax codes etc will have been on the HR payroll system ... If true, I hope their unions are pushing hard on this.

The above is all rumour however, since, as has been rightly pointed out by others, the BL management have told their staff to say nothing to anyone.

15 January FFS! It's a national disgrace.
 
Well that’s it. If everything had been electronically transferred and dispatched, then right now they are concentrating on preserving those systems. They are not obliged to talk about what they are doing since the data they seek to preserve, as you mention, not customer financial data.
Which will be kept on different systems. Many organizations handling customer payment data will outsource that part of the operation to pci certified handlers. As getting that certification is an exercise in such pedantry that it’s not worth it for most.
 
Got a letter in the post from an ex-employer. Their HR system got done, with everyone's bank details. They've generously offered me a free year of some identity theft watch system (Experian). Woo. Though to be fair to them, I don't know what else they can do other than apologise. They develop gambling software, so the hackers are going to be sorely disappointed that they only got into the HR system. Hacking the other database is surely where the good stuff is, but it sits in an isolated network out in Gibraltar so it's relatively safe.
 
scalyboy said:
FWIW I was told by one of the BL reading room security guards a few days after the attack had happened that they didn't have a backup system in place.

I've also heard (FWIW again) that those at risk aren't the BL's 'customers', but their staff.

'Customer' details held on their system - from what I recall - are names and addresses, but no financial data; last time I remember going there paying for photocopies / scans, it was via card dispenser machines that took cash or credit cards.

But the BL's staff bank details, tax codes etc will have been on the HR payroll system ... If true, I hope their unions are pushing hard on this.

The above is all rumour however, since, as has been rightly pointed out by others, the BL management have told their staff to say nothing to anyone.

15 January FFS! It's a national disgrace.
Click to expand...
Also at risk is anyone and the companies they work for who have exchanged emails with anyone at BL.
I cant recall seeing mentioned before; lots of authors are dependent on fees from BL in respect of books published.
I reckon they are being optimistic with their timescales for getting it all sorted. Im no IT person and have no real idea of
the scale of it, but it could be months yet before being sorted.
 
You must log in or register to reply here.

Similar threads

hash tag
Blind Date in the Guardian
2
Replies
48
Views
2K
MickiQ
MickiQ
Kid_Eternity
Is a revolution possible in the UK?
2 3 4 5 6
Replies
166
Views
4K
krtek a houby
krtek a houby
ska invita
  • Poll
Do you support the UK increase in the military budget?
3 4 5 6 7
Replies
180
Views
5K
ska invita
ska invita
E
Rewatching the 1997 General Election (bbc iplayer) and memories of it
2 3 4 5
Replies
132
Views
4K
isvicthere?
isvicthere?
tim
Anyone worried about the UK becoming a one party state?
2
Replies
51
Views
2K
Elohim
E
Back
Top Bottom