The UK's Office for National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has got its hands on this year's census data. Such a massive data loss would be embarrassing even for a government with such an amazing record of data protection failures. LulzSec's Twitter page has no mention of the supposed …
glad I filled mine in badly
I'm glad I followed the advice on various websites & used a modified name, just the year of birth, a squiggle instead of my usual signature, etc.
If you get fined a grand what will be funny about that? You might think you can argue your way out of it, but I doubt it. I'm pretty sure it's a strict liability jobby, so your only hope of getting out of the fine if you were prosecuted would be to prove you had filled in the form correctly and sunmitted it.
Arguing (as I suspect you would) that you didn't want your data to be compromised would count for absolutely zero.
Quick! Put up Ed Vaizey / Reg Bailey's filtering device so we can't see it!
Sent mine in the post, full of very accurate information about myself!
That is all.
Look if they really want to help with the family tree search then it is the previous 10 that'd be more useful.
Awaits all the thumbs down ;-)
"We Never Forget Who We're Working For"
As Lockheed Martin's tagline:
Presumably Lulzsec has got the the gen on the UK at the same time as the NSA / FBI / CIA / Department of Homeland Security then?
Bravo, chaps! This highlights utter, complete, total and endemic security failure throughout.
Indeed if this is true then the gov't and LM have a LOT of bloody explaining to do.
It's quite startling that you automatically assume a single anonymous and unconfirmed post on PasteBin to be true. The funny thing is your use of the word "incredible". You know what that means right?
Actually that posting reads like it was composed by a 419 scammer. Some bizarre use of the English language there, could that suggest it wasn't typed by a native English speaker?
A lot of explaining?
You think so? If it is true, I bet the explanation will go something along the lines of:
1. We are sorry (this is an optional step depending on how bad the publicity is at the time)
2. We will make sure lessons are learned (if lessons were so effective they would all be genious by now)
3. It wasn't our fault
4. It didn't matter anyway because (insert implausible excuse of choice)
Your critique of their English seems a bit harsh
Other than an extra comma in the first sentence that imposes a pause after "Bravo" and renders the word "chaps" as a little orphan it doesn't look too bad to me.
The gov't have a lot of explaining to do anyway.
They cant start by answering: "Why the holy fuck is UK census data going anywhere near LM?" "Could the contract have been better awarded to a UK company to spend some tax pounds at home?" (And no, I dont mean you Crapita.)
If this is true
All hell is gonna break loose and there will be a media frenzy. I really hope not to be perfectly frank. All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet. They will see it as another reason to take away any privacy you thought you may have. Lulzsec needs to go down for the good of everyone.
Typical, you're probably right, too.
Don't fix the problem, fix the likelihood of someone else discovering it.
Gubbernment at its most gubbern-mental
Think of the children, of course, educate them to distrust the lot of 'em.
I'm baffled why you should think so.....
There will be no media outcry if this is true, why should there be?
If you have nothing to hide you have nothing to fear.
What possible value could any body derive from the data? There'll be no information about any significant person on the database, I bet you! Yes, there will be lots of data on us proles but so what? It would be interesting to know what bits and how much of the data has been exposed - if it has. How was the data being held? Has the data been classified and what classification processes were used?
> What possible value could any body derive from the data?
You're joking? Identity theft heaven, all that data, who you're related to, so on, so forth..
The Government's inconsistent attitude to data security shows their real priorities
@"All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet."
They need to fix their appallingly lax data security rather than clamping down on everyone. But that would mean they need to blame themselves rather than seeking to blame everyone else for their failure to treat security seriously. But like all governments, they will never really want to blame themselves for anything, because in their mind, its always everyone else's fault.
Its a shame they take their own information security so much more seriously than public data security, as it would be interesting to know more leaks about what mistakes and underhanded deals they have been covering up. But like the MP's expenses claims shows, they keep their own data under very strict control. Shame they don't do it for our data, but it clearly shows where their real priorities are.
Sweep under the carpet?
If they have, surely the government will have to actually do something about data security. No more half hearted measures, no more letting companies off with pitiful fines (if any), and proper hard hitting penalty clauses in contracts with companies who are being given our data by the government.
and the governments of the world think they can be trusted with central identity systems. I'll keep my ID distributed for the decade to come and likely the one after methinks.
So angry about this
We are forced to fill it in, to provide our details to our government. So why was this handled by an American company?
If this is true and the census info is available, then comparisons should be drawn with Sony, so expect a 'welcome back' pack and ID theft cover. HA, like that would ever happen, everyone involved (government, external agencies) should be held accountable with their jobs.
When will our government learn? Why was this data ever on an internet facing server? Surely this information is worth so much it should have been keep on a secure network.
No bombing, no torture, forced is a bit of a stretch here.
Not one shred of it was ever confirmed. You got trolled.
forced - by law
In case you had not noticed, it is a criminal offence to not fill in a census form when requested, backed up by fines and a criminal record. Is that forced enough for you?
So everyone was legally required to provide data which has now (possibly) ended up in the wrong hands? Truly inspires confidence. The only positive I can think from all this is that it may trigger strong government intervention to stop this hacking group once and for all.
Wouldn't this sort of thing have national security implications?
Strong government intervention?
They're the cretins that created the circumstances that allowed this.
An angry mob would be a far better intervention...
It has already
Teenager arrested on suspicion of hacking
On Monday, the UK's Serious Organised Crime Agency (Soca) took its website offline after it was attacked by Lulz Security hackers.
Doesn't specifically link the two but ...
If this is true...
Is the Essex arrest the gov response then, or just a coincidence? They do happen after all.
"security-illiterate UK government"
I think LulzSec are a bunch of twats quite frankly but credit to them, they've got the Gov's measure down to a tee!
I think that all of the posters who take this statement at face value ought to read some of the UK government security standards. These definitely exist, and they were not written by people who are security illiterate. See http://www.cesg.gov.uk
The problem is that they are difficult to interpret, and are couched in terms that many IT people don't understand (they talk a lot about data crossing security zones rather than being securely stored), and sometimes it seems like there is no real world help in ensuring that a particular application or solution meets the requirements (government security auditors will often tell you that something is not compliant, but will not offer any advice on how to make it so, nor suggest security mechanisms during system design). Thus implementing a security solution often become an iterative process of attrition with the security people.
When I was last involved, it was even the case that some of the Infosec documentation describing what has to be done is classified as RESTRICTED, which does not help trying to implement what they say.
Generally, it is not a lack of standards that cause this type of data breach, it is implementation (often by companies contracted to supply services), or ignorance of the standards by individuals working on such data. Although there should be safeguards, it often only takes one person to make a mistake to put at risk complete datasets, especially if there is any external route in to the systems implementing the solutions.
If this is true people should be shot.
I do hope that anyone with a "...nothing to hide, nothing to fear..." attitude to the census has had a bit of a rethink now -- what with the possibility of us all having credit cards and loans taken out in our names now.
I hope if it is true the people responsible for the decision to take all this personal information on the census are shot as the traitors they are -- after all the already gave us to a foreign company, and now they could have lost our names to every wannabe criminal in the world.
@ "If this is true people should be shot"
Yes. You're right. If people were help accountable for everything that they did with their lives, nothing would ever happen.
Which would be a bit of a blessing to a lot of people, really.
These people told us that we would give our details to a company in the US, or face imprisonment or fines. They told us that the information would be kept completely safe.
I was threatened with financial problems or, even, imprisonment to hand over my details to a US company for processing and whatever the fuck they wanted. Now, it appears, the thugs who demanded my data with menaces may have given it to everyone also.
The people who decided that it was necessary to demand personal details with menaces should be hung, drawn, woken up, and quartered.
Forgive me if I have only hatred for someone who gave my details to a foreign power for the opportunity to have a better career.
Scary? Yes. Problematic? Not sure.
How much personal data do people give to Facebook?
That damned census had a lot of invasive questions on it.
It actually read more like a benefit application form.
True, but you aren't legally required to provide your real name and address on Facebook - and if you do provide those details there are at least some privacy controls that can be used to restrict that data. This release on the other hand will be a mineable resource for evil doers and the evil do that they do do.
here's a title
Name, address, income ?
You must have filled in a different form to me then. I filled in about a dozen questions most of which could already be gleaned from other public sources. My criticism of the census questions is more along the lines of 'What the hell are they expecting to learn from that?'
There was stuff on there that could be used for evil (DOB for instance) but very little that was 'invasive'. Or do you consider it a national secret that you have gas central heating?
So yeah - not good but hardly the end of the world.
So like most people you didn't use your real signature then?
Exactly what I was thinking.
The worst question on the census was something like , "how many kids do you have under 16 at your address and what's their names?", the rest was simply name address, how long have you lived at your address and do you travel to work by train, car or bus?!
The biggest annoyance to me is that all that useful info is now all in one place for the ad scumbags and telephone cold-callers, before they would have to have assembled it themselves from various public registers.
"So like most people you didn't use your real signature then?"
Well, no. There wasn't any facility on that web form to provide a signature.
"It actually read more like a benefit application form"
Indeed we can draw one of three conclusions from that statement.
1. You didn't actually read the census form.
2. You've never read a benefits application form.
or 3. You've never read either.
Actually there is a fourth, but I'm too polite to mention it here.
a)I filled it in online so they never saw my signature.
b)I've given my signature to loads of people over the years - credit card slips, cheques, loan applications. Couriers delivering things.
b)Very little that I do actually relies on a signature these days.
I should just add..
..that I am not praising the census. I think that, for what was asked, it was a fairly large waste of time and money. The previous one from what I remembered asked quite a lot of useful questions many of which could help with infrastructure planning.
Then again the infrastructure I see is generally badly planned and poorly maintained so perhaps it's better this way. At least it took up less of my time :)
Incompetence abound. This, if (when) released, will be a goldmine for scammers, stalkers, 419ers and other brigands. It will also mean that whatever trust is left for personal data security is blown away (which is a good thing in a small way "Can I take your name and address sir" "Not a chance, you'll just loose it!").
Seeing as anyone can post to pastebin
Shouldn't we be exercising a bit more caution?
If this proves correct, that will be the last straw for the miniscule trust that remains in anyone's ability to keep data safe in the UK - public or private sector.
Completely useless wankers. A kicking would be far, far too good for them.
In related news ...
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Video of US journalist 'beheading' pulled from social media
- Netflix swallows yet another bitter pill, inks peering deal with TWC
- The Register to boldly go where no Vulture has gone before: The WEEKEND