Tuesday 2 March 2010

Zombies!

The Government is wanting more and more of our information but don't worry they will be able to keep it 100% secure shouldn't they? I mean surely our security and governmental organisations have some sort of defence against known viruses don't they? Well apparently they don't. Manchester Police have recently been hit by the "Conficker worm" virus (link). This virus got into the system via an officers memory stick and spread quickly throughout the system. The virus itself has been around since at least November 2008 with the most recent variant being found in April 2009 (link), this to me would seem like ample time to set up some sort of defence to detect the virus before infection. With such sensitive and valuable data on the system a scan of any external memory devices should be run to ensure our information is safe, this is obviously not a priority of the police force.
In this case the infection was caught fast and the system was isolated meaning that the damage caused was minimal. If the virus had gone undetected for long it would open gateways for other more damaging viruses and hackers to enter through, this is very worrying considering what information is held on these types of systems.
Even though the damage was minimised the system still had to be taken down for three days. During these three days police couldn't access information to check for criminals and suspect vehicles effectively crippling the whole system. Now this may appear as a small and negligible problem in the long run but what happens if this kind of thing happens on the now developing National Identity Register (NIR)? If the NIR went down for a few days people would not be able to access any information on the system, effectively removing them from the planet for those few days. Any checks that need to be ran would be impossible and all transactions for that time would be halted.
This however, would be a best case scenario, one in which the virus was not detected early allowing it to spread could be so much worse. If a similar virus was allowed to mature and spread through the system peoples information would become readily open to attack from hackers and other viruses. This could lead to peoples information being effectively lost from the system, this person would then have to prove themselves against a system which is apparently fool proof in order to restore their identity. Furthermore peoples information could be easily stolen and sold on or used for identity fraud, with the amount of information held on the system this could be devastating.
This is not adequate protection.
The way that this system is designed to be interconnected across the entire country leaves many openings for some sort of virus to enter through. Unless their are thorougher checks on every device added to the system (this is neglecting any viruses picked up via other methods) an infection is inevitable. If a system the size of Manchester Police can fall prey to something like this what hope does a national system have? Sure, there may be a raised sense of security about it but an infection is inevitable.



Keep alert, stay free.