Has UK gov lost the census to Lulzsec?
The UK's Office for National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has got its hands on this year's census data. Such a massive data loss would be embarrassing even for a government with such an amazing record of data protection failures. LulzSec's Twitter page has no mention of the supposed …
This topic is closed for new posts.
Not so sure...
It's not like pastebin is particularly hard to edit... I'll believe it when I see it.
Hmm...
If this has happened, it's just another reason for international law enforcement to really knuckle down and look for Lulzsec.
Having seen the recent flurry of Lulzsec hacks, I look forward to the corresponding flurry of Lulzsec arrests and then trials.
PERSEC issues
Great so now anyone with an axe to grind against anyone who is or has been a member of the military is now eagerly awaiting a target list containing names and addresses of said current and former service people and their families, opening the possibility of getting leverage over someone with security clearance or simply planting a car bomb or similar.
Hmm perhaps I should make a rather rapid house move or better still move overseas.
Hmm well if any Lulzsec member is resident in the US or UK they now (hopefully) might be on the receiving end of terror charges namely "supplying information of use to a terrorist" (or charges similarly worded)
No matter your thoughts on the governments foreign policy desires, this puts individual service people needlessly at risk
Oddly enough, this was predicted
By pretty much any of us who understand the real magnitude of what may have happened in RSA if the seed files *were indeed compromised/leaked*.
At a BBQ last Sunday someone asked me about how secure did I think our census data was.....well I suspect when this hits the press they'll be shitting themselves.
Too late :p
"which is a good thing in a small way "Can I take your name and address sir" "Not a chance, you'll just loose it!"
If the leak is true everyone will know your name and address already. And your job, income, phone number, childrens names, employers address...
sparse lulz
Says one lulzsec document 'Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons'. I understand that this is not a centralized movement and that this statement is hence hardly a manifesto, but irony aside isn't this information likely to be of enormous use to profiteering gluttons, ie marketing agencies? Or does nothing have to make sense as long as it's done for teh lulz?
Re: sparse lulz
No, it's entirely correct.
They are working to ensure that our privacy is overrun by spotty little no-life twats instead....
Has UK Gov Lost The Census To LulzSec
Well? Has it? Come on. Tell Us. It's no good asking a question if you can't answer it! No wonder the level of education is going down the pan these days.
This is the sort of question you'd expect to get in a GCSE paper.
A request...
Dear Mr. LulzSec, while you're about it, please could you get the data for the other censuses from 1841 onwards. A lot of amateur genealogists would be very interested.
Mine's the coat-of-arms ...
On the plus side, at least we'd get the results quicker!
I hope the data doesn't contain actual addresses and names, that would be a blow to every person in the UK. The data would be marketing companies dream come true. Imagine all the crappy marketing calls and letters we'd receive. It's bad enough as it is now.
Did you tick the box on the electoral register
that says 'do not include my details in the extended register'?
No?
Well then, the marketing droids have got your details already.
omg
OMFG!!! i told my Wife not to fill it in, but she did it anyway :-(
Maybe they'll just release a few choice records
Like Helen Bray's for example.
As for "according to source ive been relibale informed that the data hasnt been processed by the government yet. so there isnt anything for lulsec to steal." I guess the data that people entered online just went to a big printer to be printed out and re-entered by hand, rather than being stored somewhere. I think your source is as relibale as your spelling.
Jump
There's way too much jumping to conclusions here.
For starters, this was posted to PasteBin, jeez!
It's probably that kid in Essex doing it for a prank and being mistaken for a Lulz ringleader.
Secondly, the poster of the PasteBin item suggests they're going to re-format the dataset before releasing it anyway (if even true), so why would it be damaging to any individual?
The only entities it will be damaging to will be Lockheed Martin and the bubble that is UK government.
Get back to your Mail's, tch
Source?
Was it stolen from UK Gov servers? or the US contractors servers? .... or some other offshore where the data is being "processed"
60+ million deed poll requests coming up
Oh well atleast we don't have to wait 10 years for someone to mull over the data....
errr
"We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this"
I'd speak to people who know what they're doing, if these guys were any good, it wouldnt have happened in the first place.
But on the plus side spam 419 emails should effectively stop when this is released on piratebay
The title is required, and must contain letters and/or digits.
OOPS
That is all
We filled ours in on paper
...and I'd be quite surprised if they've got round to processing all the paper forms yet.
Would raw data from processed paper forms ever make it into an online database anyway?
I can understand hacking the data of those who submitted their census online might be easier, but given that Lockheed Martin are a large defence firm, and hence are presumably quite good at managing really secure data (the "if I told you I'd have to kill you" kind), you'd hope they could keep census data secure.
Why?
Why was British secure information entrusted to a foreign company, especially one whose government is open about its legal rights, over its commerce, to copy all information? Especially one with a long track record of damaging Britain, e.g. IRA support, restrictive trade practices against British firms, extradition of British citizens without proper evidence?
Why does a census require so much information that is not needed to count the number and distribution of heads? If we are all British, is it not a dubious practice to demand what "race" or "colour" we think we are? What religion we profess? I may be wrong about these demands. I left the country for another European one that still has the original meaning for the word, "free". So I never saw the form.
Why are Reg. writers and readers writing ever more in American English ("gotten", USA misspellings) while purporting to be UK based? Often while complaining about the USA and definitely (perhaps I should say, hopefully) being much more careful with their technical programming as a compiler or interpreter is not forgiving? Does not our native language merit some care? Or does their technical ability not extend to finding the British dictionary in their chosen word processing programme and they are too careless or badly educated to notice?
1.25 out of 3
I was with you on the first paragraph. Then about a quarter of the second.
The rest is just stupid fluff.
"Does not our native language merit some care?" no, not really. Languages change. Get used to it.
I could very well ask why you refer to cow meat as beef. That's a Normanism. Our Saxon language needs protecting. To which the Britons in the back will cry 'hang on a minute!'*
*Actually I can't pronounce what they'd cry.
Do any of you think this will change *ANYTHING*
Watch for "lessons learned", "trust exercise", "public reassurance" in any news about it.
They lost 25 million records that were far more useful to ID theft people and the good people of the UK who mostly post anything and everything to facebook collectively shrugged and probably tutted, yet not one of them did anything.
If we were to *do* anything, for instance publicly demonstrate with a million person march on whitehall, we would tagged and bagged as troublemakers, a few people would be assaulted by the police and the whole thing would be mostly ignored by policy makers.
Alternatively you could've just not fill it in... there was plenty of scope for excuses;- lost in the post, i wasn't living here on that day, I live in my second duck house on a moat...
It gets worse
One of the worst effects of this - besides the leaking of everyone's data and the fact that the government are likely to target the hackers rather than sorting themselves the fuck out - is that compromising the security of census data will massively discourage people from participating fully in the census. Census data is enormously useful for all sorts of things that benefit everybody, and this sort of shit will ruin it. If this turns out to be true, shame on LH and the government for their abysmal approach to security, and shame on Lulzsec for not taking the implications into account.
For goodness sake
Who are these muppets? Apart from the census, the followup census survey was incredibly irritating. The guy was told no I don't want to take part and still proceeded to come back 3 times. All this despite two complaints to the ONS. I guess his manager had a performance target to hit...
Slow down just a second..
I see everyone running around, getting their knickers in a twist.
All that we *do* know, for real, is that somoene has posted a message to Pastebin saying that someone has gotten their hands on the data.
If I said that I had my hands on Pippa Middleton's bum, it would (unfortunately) not make it true.
Let's just wait and see what the lulzboat tweets...
...then again... their feed has been quite quiet this morning.
Not all processed
Bet the online stuff was pretty well processed by now, those of us who filled our form in reluctantly and with our very worst handwriting (in a petty attempt to make sure Lockheed warmongers didn't make a profit on our census) are pretty safe.
Which is funnier?
a) Stealing and publishing the entire census data.
b) Posting a claim to have done so on irc and pastebin?
And which is more likely?
If you're panicking about this already then I have some truly excellent tinfoil hats you can buy for a one-off knock-down price of six easy-pay installments of ONLY £99.99 see press for details not available in the shops all stock must go.
Before you bay for blood
stop and think!
if a rag tag group of people likely scattered around the world can pull this off from homes/public wifi what could a group organized & supported by a state pull off (think China).
The difference is by announcing it to all the world it draws attention to the problem where as i would wager that any thing they are targeting has probably been probed and cataloged by much more sinister groups then lulz merchants
IF this is true
and it's a big if, I'd expect Lockheed to be fined within an inch of their lives for this breach of the DPA, but I doubt that will happen either. They'll just claimn they haven't got any money and get a small slap on the wrists.
But, you know that the current Gov probably won't give two shits about the company since they can distance themselves from the contract, the previous boss signed that one so they may just screw them to the wall for the political points.
Either way, the blue touch paper has been lit all we can do is sit back and watch the show....
Zactly
"But, you know that the current Gov probably won't give two shits about the company since they can distance themselves from the contract, the previous boss signed that one so they may just screw them to the wall for the political points."
Even if this turns out not to be true the current governnment can use it to score points off the previous administration. It seems that today a lot more people are aware that their census data went to a foreign company than were aware of that yesterday. And a lot of people are outraged by that even more than the possibility that the posting of pastebin was genuine. A government minister worth his salt should be able to make Mr Bean very unconfortable questioning him about his party's tendency to give contracts to US companies. After all that's not just about security, there's also the issue of taxpayers money going offshore and employment going offshore too. All of that even though the labour government made a big deal about spending locally.
Indeed I should think that the government could use this to make a strong case for ringfencing similar contracts to British or at least EU contractors. The US seem to make damn sure all their government contracts stay in the US (no problem there) lets stop that being a one way street.
To borrow from the Queen
This is rapidly turning in the Annus Horribilis of on-line security.
If any one wants me i'll be in the bomb shelter in case someone manages to hack a nuclear weapons installation.
LulzSec needs to go down!
Then there will be no-one stealing my census data!!11!eleventy-one
Does anyone else think @LulzSec sound very English?
seems probable
I'm with you, anyone could have slapped together that 'lulzsec' announcement and stuck it up on on pastebin, 'for the lulz'.
"The UK's Office and National Statistics and Lockheed Martin are racing ...
... to check if hacker group LulzSec has gotten its hands on this year's census data."
If they had got hold of that much data they would be able to tell from the electricity bill!
Although this probably never happened, would anyone be really surprised if it had?
Well, if it's true...
I look forward to my new (government supplied) identity - because if it is true, we're all fscked with the ones we currently have.
Really?
Unless you've been ex-directory for a couple of decades and made your electoral roll data private then all the information that anybody needs to steal your identity is already easily available. If you've done any social networking at all and if anybody in your extended family has signed up to one of these dreary genealogy websites then there's even more online. With your full name and access to Pipl, I could probably have filled in your census form on your behalf then phoned your bank and cancelled your direct debit to the Donkey Rescue Society.
If your identity was worth stealing then somebody would already have stolen it. And now that The Bad Guys (allegedly) have access to tens of millions of handy identities in one place, yours is worth even less.
D'oh yourself.
Seeing as you asked
"Unless you've been ex-directory for a couple of decades"
Yup
"and made your electoral roll data private"
Yup
"If you've done any social networking at all and if anybody in your extended family has signed up to one of these dreary genealogy websites then there's even more online."
No on both.
"With your full name and access to Pipl, I could probably have filled in your census form on your behalf then phoned your bank and cancelled your direct debit to the Donkey Rescue Society."
I doubt it. I can't find me on Pipl and I know everything about me, on account of being me.
"If your identity was worth stealing then somebody would already have stolen it. And now that The Bad Guys (allegedly) have access to tens of millions of handy identities in one place, yours is worth even less."
That is not the point. If everyone's info is available, then anyone could pretend to be anyone else or anyone could find enough info to victimise anyone else.
That's a major headache for everyone.
@Beer Monster
I just browsed through the first few pages of your el reg posts, followed a link to a biker forum you use and found your home town and date of birth. And my coffee didn't even cool down enough to sip in the time it took to do it.
No social networking, eh?
Social Networking
1) Modding a forum isn't social networking. It's working
2) You found a town and a date. One of them is false.
re: Modding a forum isn't social networking. It's working
Oh. Good. Grief.
Is undignified back-pedalling "work" as well?
Don't complain about LulzSec
If it had not been them this month it would have been someone else in the months to come.
Anyway: the CIA already has a copy.
Prediction...
The government willl label it a terrorist attack, rush a bunch of new laws through parliament on the back of that to further restrict our freedoms, including resurrecting the idea of compulsory biometric id cards for all UK citizens.
Two month later, they'll leave the nations DNA records on a train.
Nope
Don't you realise that the whole ID card thing was nothing to do with this government or the last one for that matter. It was the civil cervix who were behind that. The trouble was that the last government had an incredible talent for letting the big wigs within the civil service control them. Sir Humphry would have been so proud. If he was real. The civil service have over the last few years developed an obsession with the idea that a big database will solve any problem (somebody proabably went on a data mining course) and they managed to convince theBlair government of that. The Brown government didn't really count since it spent its tenure flapping around like a flappy thing.
The current government are against the whole idea of the ID card scheme, but not for the reasons you'd hope. They are against it because they realise that it would cost an absolute fortune to set up and would not be anywhere near cost effective. If it would save money in the medium term they would be right on it,. It won't so they aren't.
That this, if true, would be such a massive deal
should IMHO shift *more* of the blame onto the government/LM for insufficient security. Not saying there isn't a more responsible way of pointing out said insufficient security though.
well hopefully less Indians........
Well hopefully the damned government and private sector will stop shipping in cheap IT Resource from India in the hope of lowering wages, while at the same time shipping out our data overseas. Don't forget the DVLA lost a load of data that was sent to the US for processing.
It's about time that Lulzsec caused some MAJOR financial problems at the banks and retail companies and outsourcing companies so that they finally understand that scrimping on IT people is NOT the way to save money in the long term. Pay for good people...get good infrastructure and software. None of this bloody outsourcing lark
And I say this as an Asian guy..so none of that racist stuff thank you...
This topic is closed for new posts.
