Latest News (RSS)

100,000 can view NHS medical records

Mon, 26 Apr 2010 00:00:00 GMT

Data released under the Freedom of Information Act has shown more than 100,000 non-clinical staff working at the NHS can gain access to private medical records.

Campaign group TaxPayers' Alliance, which put in the request, received responses back from 140 acute hospital trusts across the UK.

It had asked for information to be provided on the number of staff not directly involved in the treatment of patients who have access to the confidential records.

And having analysed the data, the Big Brother Watch group, part of the TaxPayers' Alliance, believes NHS workers such as porters, IT staff and hospital administrators can gain access to either paper or online versions.

Immediate access was defined as staff who could see at least a patient's name, date of birth and most recent medical history without needing the consent of the patient or the signature of another member of staff.

Alex Deane, director of Big Brother Watch, said the Government needed to address the problems as a matter of urgency.

A spokesman for the Department of Health said: "This report is awash with inaccuracies and manages to claim quite falsely that detailed medical records will be shared nationally - they won't.

"The authors are also confused, muddling the distinction between paper files, which allow any member of staff to see confidential information, and new electronic systems which strictly control access to those directly involved in a patient's healthcare."

Celebrities Twitter accounts hacked

Fri, 26 Mar 2010 00:00:00 GMT

The Twitter accounts of celebrities including Britney Spears, Lily Allen and even President Barack Obama have been hacked into by an unnamed jobless Frenchman.

The hacker whose username is "Hacker Croll" was arrested earlier this week in Clermont-Ferrand, France, after admitting to the crimes.

The 24-year-old, who was released on bail after being questioned by French police - with the FBI listening in - will stand trial in June.

If convicted he faces up to two years in prison and a �30,000 fine.

Prosecutor Jean-Yves Coquillat said: "He says it's the challenge, the game, that made him do it."

His technique was to get administrators' email passwords reset by correctly answering their security questions using information about his prey that he gathered from blogs and other public sites.

Twitter said in July that it was the victim of a security breach. Co-founder Biz Stone said then that the personal email of an unnamed Twitter administrative employee was hacked, and through that the attacker got access to the employee's Google Apps account.

Copyright � Press Association 2010

Facebook users face malware threat

Tue, 02 Feb 2010 00:00:00 GMT

The rise of social networking sites such as Facebook and Twitter has led to a surge in the number of malware attacks on unsuspecting users.

According to a recent study, malware attacks rose by 70% last year, while the number of users receiving spam via such sites also rose by 71%.

The relatively unrestricted nature of social networking sites is thought to be their Achilles heel when it comes to user security as malware can be spread more readily through messages that users believe are from friends or relatives.

According to internet security company Kaspersky Lab, attacks on social networking sites were 10 times more effective at spreading malware than email.

Graham Cluely, senior technology consultant for Sophos, said: "People are used to receiving spam and malware on e-mail, but are lulled into a greater sense of security on social networking sites, because they assume they are just getting messages from friends. They are more likely to open messages."

The study by IT security company Sophos illustrates the dangers that users face when they sign up to sites that require vast amounts of personal information.

Copyright � Press Association 2010

How to make friends and steal data

Sun, 15 Mar 2009 00:00:00 GMT

NCC Group plc is advising businesses to take extra care when considering physical security practices in the office.

While companies are busy considering the security implications of iPhones and other mobile technologies, hackers are still using tried and tested means to get hold of vulnerable data; namely walking right in and taking it.

Unless stringent measures are in place to monitor who comes in and out of a building, and for what purpose, it is all too easy for someone to have 'forgotten their pass' or breeze through a door talking on their mobile to avoid questioning.

NCC Group carry out social engineering tests as part of their overall penetration testing offering and Roger Rawlinson, Director of Assurance, says their success rate for getting in to company buildings is well over 95 per cent - a worrying figure.

"There are some simple ways you can avoid this kind of situation, but these methods do have to be adhered to. Firstly, never allow visitors to roam around unescorted, even if they have appointments and seem genuine.

"Verify their credentials - find the phone number of the company they work for (don't ask the visitor for it!), and confirm they are who they say they are, particularly if their reason for being in your office seems out of the ordinary

"Discourage tailgating - ID passes should be worn at all times, by all staff. Some of my clients run incentives for staff to challenge those not wearing ID badges; a stooge is sent round the office once per month, and anyone that challenges them receives a cash reward. A cheap, simple way to get staff thinking about strangers in the office.

"If you have swipe card access to security doors, consider having swipes both in and out of the doors to makes the social engineers' life that much harder. Also, consider securing doors to more sensitive areas in the office, such as server rooms, exec offices and IT areas.

"Finally, remote working does identifying rogues in the office more difficult, although a similar problem has always existed for large companies with many employees. There's no way everyone can know everybody. It comes back to good badge discipline; if they aren't wearing a badge, challenge them. If they aren't accompanied, challenge harder, ring security, and don't listen to their excuses and reasons for being there, even if they quote the CEO's name. We should know, we do it all the time!"

Ends.

Press contact: Gemma Seaton @ MC2 (0161 236 1352)

China 'has most hacked computers'

Mon, 15 Feb 2010 00:00:00 GMT

China had the highest number of hacked computers used for malicious purposes than any other country in the final three months of 2009, a study has shown.

Internet security company McAfee said about 1,095,000 computers in China were infected in the final quarter of last year, more than the US total of 1,057,000.

The anti-virus firm said the latest figures were on top of the approximately 10 million infected machines each country already had. The firm collects information about online threats that target more than 100 million computers in 120 countries worldwide.

Such "zombie" computers often attack websites or send spamming emails by being grouped into networks known as "botnets", showing the vulnerability of business networks to infiltration, the Silicon Valley-based company said.

Online intruders are a growing security risk for governments and companies, indicated by Google's January announcement that its networks had been hacked by machines based in China.

Experts said the attacks were not linked to botnets, and the Chinese government said hacking was illegal and denied any involvement in Google's claims.

Copyright � Press Association 2010

Wi-Fi connections 'must be secure'

Thu, 11 Mar 2010 00:00:00 GMT

People who subscribe to broadband bundles may be at risk of cyber-attack unless they ensure their connections are secure, according to an expert.

Tony Neate, managing director of IT initiative Get Safe Online, said ensuring web connections and wireless connections are both vital for security.

He urged people to ensure they have anti-virus software, spyware and operating systems updates to secure their computers.

And he said wireless connections needed to be encrypted in order to prevent hackers using the networks.

Me Neate said: ""I have seen a massive upturn of people who are securing their wireless network with encryption."

In a recent survey carried out by broadband provider TalkTalk, who's Information Security Manager, George MacGregor was recently the keynote speaker at our Manchester RANT forum, it was revealed that up to seven million homes and businesses across the UK may be at threat from Wi-Fi hijacking because the broadband connections have not been secured.

Doctors' online resource taken down

Tue, 16 Feb 2010 00:00:00 GMT

Doctors should not be punished for failing to complete their appraisals because an online resource was taken down due to fears of hacking, Primary Care Trusts (PCTs) have been told.

The Department of Health contacted the PCTs after the NHS Appraisal Toolkit was withdrawn for three weeks when a security check suggested the system was not 'sufficiently robust to withstand modern-day hacking'. It came at the busiest time of the year for appraisals and could delay the route to revalidation for those using pilots of the system.

Although the Government confirmed there was no security breach, it said: "Given the importance of preserving confidentiality of staff and patient information, it is not acceptable to take any risks."

A spokesman for the Department of Health said: "As part of a routine security check it has been discovered certain aspects of the electronic NHS Appraisal toolkit, established nine years ago, are not sufficiently robust to withstand modern-day hacking. Ministers immediately instructed the website be taken offline until the supplier, SCHIN, can address these potential vulnerabilities."

The move was endorsed by the British Medical Association (BMA) and the Royal College of General Practitioners (RCGP). However, RCGP chair Professor Steve Field conceded the move was going to be "hugely disruptive, with GPs already feeling vulnerable enough about revalidation".

Copyright � Press Association 2010

Argentines hack into islands' paper

Mon, 22 Feb 2010 00:00:00 GMT

Argentine hackers have plastered their country's flag on the Falkland Islands' newspaper website after the Argentine government expressed outrage at a British oil exploration in the South Atlantic.

The hacking into the English-language Penguin News came as a British rig from Scotland was set to search for oil. The activists posted the Argentine flag on the home page and a recording on the site of the song March of the Malvinas, Argentina's name for the Falklands - which has been disputed territory between Argentina and the UK.

They also wrote "the islands are Argentine" and claimed the hacking was a "tribute" to the country's soldiers who died during the Falklands War - Argentina lost a total of 649 servicemen - but the material has been removed from the site.

The Argentine government fears that it is being cut out of a share of any potential revenues. In 1982, the Argentine Junta ordered the occupation of the Falklands, which was British territory. Prime Minister Margaret Thatcher's Government sent a Task Force that successfully retook the islands.

Copyright � Press Association 2010

Cyber crime in Wales rises 67%

Thu, 06 May 2010 00:00:00 GMT

Cyber crime in Wales cost businesses nearly �400m in the past year as instances of attacks more than doubled, a report from online safety group e-Crime Wales found.

Internet fraud has risen by 67% in the principality in the past year and incidents have included the attempted hacking of passwords, data loss and the spreading of viruses.

The average Welsh business is losing more than 3% of its turnover - almost �2,000 - as a result of online crime. Based on turnover in 2009, the cost to businesses was an estimated �373m .

More than half of companies have increased their spending on IT security in the past year as e-Crime Wales says that businesses are becoming increasingly aware of the problem.

Businesses are becoming more vulnerable to new types of cyber-crime as more data is saved online with companies becoming more and more dependent on computer systems and the internet.

Wales has taken a lead on preventative measures in order to fight the growing threat of online criminality, which costs the UK �10bn in total.

Companies are kept informed of the latest developments in the fight against the problem, through an annual summit to promote online safety. In every Welsh police forces, there are dedicated e-Crime officers, something which makes the principality unique.

Andrea Barnard, e-Crime Wales police manager, said: "The integration of technology has huge benefits for Welsh businesses, enabling growth, reducing costs, increasing competitiveness and enhancing profitability. This is why we're committed to making Wales a safe place to do business online."

Copyright � Press Association 2010

UK's software piracy rate 'steady'

Mon, 17 May 2010 00:00:00 GMT

Although the commercial value of the pirated software installed in the UK reached �1 billion in 2009, the country recorded one of the lowest piracy rates in the world, a survey has found.

The Business Software Alliance's (BSA) seventh annual global software piracy study found that at 95%, Georgia had the highest rate of piracy last year, while the UK registered the sixth lowest at 27%.

The growth in the use of netbook computers has been partly credited for keeping the piracy figures in a steady state during the recession, as such machines pack legitimate pre-installed software.

Currently, netbook sales account for as much as 20% of the overall software market.

Michala Wardell, chair of the BSA UK Committee, said: "Although the UK has one of the lowest piracy rates in the world, 27% is nothing to be proud of.

"As we emerge from the most severe global economic recession in twenty years, we will continue to engage with government, businesses and consumers about the risks of stealing software - and the true impact that software piracy has on the UK's economy."

According to the study of 100 countries, the US, Japan and Luxembourg had the lowest piracy rates - while Georgia, Zimbabwe and Moldova witnessed the highest.

Copyright � Press Association 2010

This story features on the www.nccgroup.com corporate website.

NCC Group Secure Test warn businesses about 'Thin Client' security with new whitepaper

Mon, 24 Aug 2009 00:00:00 GMT

Secure Test, the IT security division of leading independent advisor, NCC Group plc, has produced an exclusive whitepaper - "Thin clients: Slim security" - detailing the security risks associated with the use of thin client devices.

Commenting on the need for the white paper, Director of Secure Test, Paul Vlissidis, commented: "It doesn't matter how new or improved the technology is, the same issues with security come up time and again. �

"Thin client devices are in widespread use as an alternative to large estates of desktops that often provide the first foothold on the ladder to full compromise, but, as we detail in our white paper, there are clearly many vulnerabilities that can be exploited in thin clients, which now need to be factored in to security plans.

"If a security evaluation was carried out before any purchase or roll out of a product in a business environment, then these kinds of issues would have been noted and the product used differently. As it is, we are still being seduced by marketing promises and the security issues are creeping in through the side door.

"Security should be part and parcel of the adoption of any new technology, yet it is clearly still not top of the agenda. Any cost saving or business benefit is far outweighed by the possibility of your data being compromised."

The white paper. "Thin clients: Slim Security" is available upon request. Please contact whitepapers@nccgroup.com for a copy.

Hackers hit autism support groups

Tue, 23 Mar 2010 00:00:00 GMT

Hackers have crashed the internet services of two Australian autism support groups and a third organisation may also have been hacked.

Australia's autism service provider Austism Spectrum Australia (ASPECT) is losing hundreds of dollars in online gifts each day after it was targeted early on Sunday. Austism Victoria's intranet service also went down.

Damage included the closure of web forums, a group email service and registration pages for events. Another target hit was the codeword-restricted intranet site for the autism training organisation Positive Partnerships.

The first two attacks, which experts said appeared to be deliberate, were traced to internet provider addresses in the US.

Copyright � Press Association 2010

Online bankers 'reusing passwords'

Wed, 03 Feb 2010 00:00:00 GMT

Almost half of online banking customers use the same login details to access their finances as they do for other password-protected websites, a study has found.

According to online security firm Trusteer, 47% of internet users stick with the same username and password for a number of websites, including banking facilities, leaving themselves exposed to a potentially devastating raid on their personal accounts.

The same study found that 73% of online bank users had a unique username but a generic password that was "repurposed" across numerous websites.

Trusteer said by failing to set up unique credentials for each website, internet users are making themselves an easy target for online fraudsters.

Amit Klein, CTO of Trusteer and head of the company's research organisation, said: "Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords.

"Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites."

Copyright � Press Association 2010

IT experts scammed casino out of �33,000

Fri, 12 Mar 2010 00:00:00 GMT

Casinos were cheated out of thousands after a pair of computer experts forged winning betting slips by hacking software that controlled betting machines.

The pair made the machines - which were remotely linked to live roulette wheels - print out winning vouchers for up to �600.

The computer contractors stole over �33,000 across four London casinos.

They made the machines print winning vouchers whatever the outcome on the wheel, Croydon Crown Court heard.

A cashier raised the alarm, realising a payout was impossible as only �10 had been wagered at odds of 35-1.

Officials began an inquiry and quickly traced a string of suspicious wins back to the two contractors, who were employed as problem analysts.

Andrew Ashley, 30, and Nimesh Bhagat, 31, were handed 12-month prison sentences, suspended for two years, at court today, the Metropolitan Police said.

Ashley, of Catford, south-east London, and Bhagat, of Balham, south-west London, each admitted an offence under the Theft Act 1968.

The two men were ordered to undertake 200 hours of community service and pay back around �16,000 each, a police spokesman said.

The convictions are believed to be the first where people have been caught mishandling the computer technology behind Britain's gaming industry.

Copyright � Press Association 2010

NHS website down over hacker threat

Wed, 10 Feb 2010 00:00:00 GMT

An NHS website used by doctors to complete appraisals has been taken offline over hacking fears.

The move to bring down the NHS Appraisal Toolkit site led the British Medical Association's (BMA's) General Practitioners Committee to warn that GPs face a 'real disruption' to their work.

Officials have withdrawn the site for three weeks after security checks exposed flaws that left it vulnerable to modern-day hacking, the Department of Health said. However, the Government added there was 'no evidence of any breach of security'. But it said the system must be updated to prevent any breaches taking place.

The move comes during doctors' busiest time of the year for organising appraisals - leading to fears that thousands of GPs will face disruption. The decision was made in agreement with the BMA and the Royal College of General Practitioners (RCGP).

A Department of Health spokesman said the website has been taken offline until the vulnerability issues can be remedied by supplier SCHIN. He added: "The Department is aware that some of the 27,000 active users of the service will have annual appraisals planned during the period that the system will be suspended and that this will be a matter of concern to them."

Copyright � Press Association 2010