Malware infested MPs' PCs inflate leak risk
"That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act." (Bernard Woolley, Yes Minister) The ongoing MPs' expenses row has brought public opinion of politics and politicians in the UK, never very high, towards unplumbed …
MPs don't want a _tradesman_ to be able to tell THEM what to do. They're MPs, the ELECTED REPRESENTITIVES of their constituents. They don't have to listen to bloody proles!
Apart from the arrogance of the bloody interferring IT proles the MPs have much more important things to worry about. There's that new pron site that Julian told them about and then they've got their weekly expenses to submit, and then they have to show the new secretary the 'ropes'.
"Politicians ... need to get up to speed with the internet or else risk looking as hapless as fictional politicians like Hugh Abbot and Jim Hacker"
Bit late for that.
Every utterance from Jacqui Smith, Andy Burnham et al concerning the internet only serves to remind the rest of us of how utterly and hopelessly clueless they are about it.
...with a VPN based thin client solution?
That's what the French parliament uses, as well as the Gendarmerie and tax ministry. And look, Canonical is based in the UK so you can give them the contract and they'll then provide the MPs with cushy jobs (and free install DVDs)!
... for them to get out of bed with MS and completely ditch Windows. At least their IT staff could then concentrate almost entirely on preventing hacking of their networks rather than having to spend 99% of their time worrying about viruses and other Windows specific malware.
I assume most of the infections came because of Gordon and Darling clicking on those 'consolidate your debts' and 'negative equity?' spam emails!
<pedant>
"In the past 12 months 86 per cent of computers on the estate have been attacked by malware, 78 per cent of which were cleaned automatically by Parliament's anti-virus software, with 8 per cent needing a visit by an engineer. There are 4,991 computers on the estate."
So about 600 still infected then?
</pedant>
They should be forced to have Phorm, the little wankers are problably surfing for pr0n most of the time. Websense will save them!
...pwned in last year"?
Come on, that's NOT what it says at all. 86% have been attacked and 78% were successfully defended automatically by their existing security measures; a long way off perfect, sure, but way WAY off what your sub-heading implies.
As far as use of encryption's concerned, I'd have thought PGP was something of a red herring; better to start with ensuring that all internal traffic is encrypted and use policy-based NAC to ensure that only authorised devices, and even then only authorised devices that meet minimum security requirements can connect in to the network. THEN you can worry about PGP or whatever.
All that said, it's still a huge leap from what's reported to "4 out of 5 machines pwned". Must try harder.
Seems like I'll be first to mention that switching to Linux would save on license fees and make them more secure. As all most of them use the PC's for is email, surfing and a few documents it makes sense unless someone wants to watch a drm porno dvd
PGP, or indeed GPG would work very well in a decentralised adversarial environment. Some built in non-repudiation function for MPs would also be quite nice!
You never know, now that the denizens of the Commons will not be spending so much on expenses, maybe they will put some money towards something useful...?:D
There is recent evidence to show that some of them do that at home. Do the team think they do that in the House as well as at home?
Cleaned by AV does mean pwned. Successful defence is keeping the malware out in the first place.
86% is roughly six out of seven, not four out of five.
Being a Mac user and having the superior intellect necessary to rise above the Windows dross would probably preclude you from standing as a MP. ( And you may have the morals not to try & diddle the taxpayer out of their hard earned)
let the flames begin....
On a completely different note, is John Hemming MP is the only programmer in Parliament at present?
Either it's five for five or you need to celebrate their accomplishment. I have been reading this site for 4 years now and from what I have seen in the past the British government are just about the worst bunch of lusers on the planet when it comes to data security they just can't do it. Would Linux help yes and no it would stop the malware but the users could still just leave burned cd's and printed material in cars and restaurants nothing is ever safe from idiots. May I suggest just forbidding them the use of computers completely they don't need them really it's just a headache.
I sense outrage in The Force.
I was going to suggest a more secure solution than they use, but the leaks appear to be a rather good thing.
The statement is not precise. "86% attacked" implies Nick's interpretation, "78% automatically cleaned" implies Geoff's. I'd imagine a large about of that 78% was indeed blockings, while all of the 8% that required an engineer, and some unspecified amount of the 78%, was indeed the detection of something already resident.
If all the data on the ExpensesTards PCs were encrypted then the techies wouldn't be able to flog all the juicy bits of data to the papers.
PS, seems unlikely any one could be more crooked, expect perhaps the kind pair from the lords.
That's a nonsensical statement; if you were to send me an email with a virused attachment and my AV software caught it and cleaned it, would it have got to my machine? Yes. Would you have "pwned " my machine? Would you bollocks. Security works best in layers. In an ideal world, would the malware never have got as far as the machines in question? Certainly. Given that it's not an ideal world, however, does the fact that it was caught at the machines mean that they were "pwned"? No. It means that they were caught by one layer of security, albeit later than one would ideally like.
Uh-huh.
The biggest threats to MP-Constituent confidentiality is probably the army of (un)civil servants prepared to acquaint themselves in advance with concerns that MPs might raise along with a suitably obfuscated/obscure informal network of sharing between each of them.
In which case the compromised computers expressed as a percentage is probably 100%
An (un)civil servant memo: manage your elected representative
They're perfectly correct, and using government-approved mathematics, just like the Treasury.
A terrible week at Westminster...
An awful week at Westminster ...
It couldn't get any worse ...
Don't be daft!
This is an excellent week at Westminster, it could not be better (well, ok if the way parliamentary parties have usurped democracy were tackled proper then that might just be a bit better?), it really could not be a more fitting improvement.
Some devilish and widespread practices have been laid bare and we should also recall that the people involved voted AGAINST greater accountability. Now ain't that something?
As for the heroes that helped to expose it, can they now move on to the (un)civil service?
My guess is that civil servants won't be less than a penny behind MPs in terms of expenses or perks if not several thousand GBP in front.
Tis time it were sorted!
> In March, for example, we reported that police failed to record a crime, still less investigate,
> when Alun Michael MP discovered a malware infection on his office PC.
Just a guess, but may I refer you to another article TheRog published today?
http://www.theregister.co.uk/2009/05/15/soca_hacking/
in my organisation by one simple policy change - Don't Let Them Run As Admin.
That's the reason they get pwned.
Can't this be solved ...with a VPN based thin client solution?
Almost certainly, and as a fringe benefit they could handle a fair bit of their routine business, reading documents and writing stuff, from home. Wherever that happened to be.
Now persuading them that it's a good idea to do, that's the real challenge.
Sign up, sign up for The Register's weekly IT security newsletter - click here
