Zombies!

The Government is wanting more and more of our information but don't worry they will be able to keep it 100% secure shouldn't they? I mean surely our security and governmental organisations have some sort of defence against known viruses don't they? Well apparently they don't. Manchester Police have recently been hit by the "Conficker worm" virus (link). This virus got into the system via an officers memory stick and spread quickly throughout the system. The virus itself has been around since at least November 2008 with the most recent variant being found in April 2009 (link), this to me would seem like ample time to set up some sort of defence to detect the virus before infection. With such sensitive and valuable data on the system a scan of any external memory devices should be run to ensure our information is safe, this is obviously not a priority of the police force.
In this case the infection was caught fast and the system was isolated meaning that the damage caused was minimal. If the virus had gone undetected for long it would open gateways for other more damaging viruses and hackers to enter through, this is very worrying considering what information is held on these types of systems.
Even though the damage was minimised the system still had to be taken down for three days. During these three days police couldn't access information to check for criminals and suspect vehicles effectively crippling the whole system. Now this may appear as a small and negligible problem in the long run but what happens if this kind of thing happens on the now developing National Identity Register (NIR)? If the NIR went down for a few days people would not be able to access any information on the system, effectively removing them from the planet for those few days. Any checks that need to be ran would be impossible and all transactions for that time would be halted.
This however, would be a best case scenario, one in which the virus was not detected early allowing it to spread could be so much worse. If a similar virus was allowed to mature and spread through the system peoples information would become readily open to attack from hackers and other viruses. This could lead to peoples information being effectively lost from the system, this person would then have to prove themselves against a system which is apparently fool proof in order to restore their identity. Furthermore peoples information could be easily stolen and sold on or used for identity fraud, with the amount of information held on the system this could be devastating.

This is not adequate protection.

The way that this system is designed to be interconnected across the entire country leaves many openings for some sort of virus to enter through. Unless their are thorougher checks on every device added to the system (this is neglecting any viruses picked up via other methods) an infection is inevitable. If a system the size of Manchester Police can fall prey to something like this what hope does a national system have? Sure, there may be a raised sense of security about it but an infection is inevitable.



Keep alert, stay free.

Safe as (card) houses

Now as you will probably have guessed I am indeed against the new ID card scheme and there are many reasons for this which will be explain through the time I maintain this blog. One reason I appose the system greatly is the blatant risk this scheme creates regarding our personal information's security. Now if the government is going to collect and hold so much information about us then the least you'd expect is that it would be kept safe. We are promised gold standard security regarding our information held on the database but what does this really mean?

Now the way the database is designed for information to be passed around means that it is stored online meaning that security is not as simple as locking a door. I do not claim to be an expert when it comes to Internet security but what I do know is this, any information held on the Internet will ever be 100% secure. There will always be people who can hack through firewalls and play with the information which, when it involves your very identity, could be disastrous to your life. Now when hacking is brought up in debate many people will say that this is not a risk as the security system that will be put in place will be created by the government and thus it will be almost impossible to hack making it absurd to imagine people being able to pay a local hacker to damage others information. However this will simply not be the case. The problem being that just because it is the government in charge doesn't instantly make a system more secure, many cases can show this ideal of superior security to be flawed.

Firstly let's begin with the American government and the pentagon. This is an organisation with billions of dollars at its disposal and with secrets that would lead you to conclude that they need the best security in the world. Somebody simply hacking into the system without the backing of criminal masterminds and a whole team of experts seems absurd doesn't it? Yet this is exactly what Gary McKinnon, a 43 year old Asperger's syndrome sufferer, did (link). Now if the information is so delicate that it warrants his extradition (link) then surly their security would be top notch? It has also come to light that the Iraqi resistance have been hacking into US drones using nothing more then a £16 piece of software which is widely available to the public (link). If it is possible for war machines to be hacked into by such simple methods what hope do we have for this database which will be so central to our lives.

That is just the problem you see. The fact that this database and ID card will hold so much of your information that eventually peoples lives will become dependant on it making it a target for cyber terrorists or indeed cyber warfare (both are real threats shown by this link). Not only this but the fact that practically all of someones personal information will be held in this one place will make the database a huge target for fraudsters and other criminals. The huge amount of people who could find gain by hacking or simply damaging the database is staggering, meaning that sooner or later a way in will be found and the ramifications of this will be catastrophic.

The real question here is whether you trust our government to keep the astounding amount of information they want from you safe. This is the same government that lose Cd's containing very personal information (link) and leave laptops on trains (link). If they can't keep the amount of information they already have on us safe then how do they expect to keep the ludicrous amount of information they want on everyone in the UK safe. When past security specialists for the MoD warn that the system is a major threat (link) you know something is wrong. The prospect is terrifying.


Keep alert, stay free.