back to article Has UK gov lost the census to Lulzsec?

The UK's Office for National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has got its hands on this year's census data. Such a massive data loss would be embarrassing even for a government with such an amazing record of data protection failures. LulzSec's Twitter page has no mention of the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    oh no!

    Quick! Put up Ed Vaizey / Reg Bailey's filtering device so we can't see it!

  2. This post has been deleted by its author

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Laugh

        If you get fined a grand what will be funny about that? You might think you can argue your way out of it, but I doubt it. I'm pretty sure it's a strict liability jobby, so your only hope of getting out of the fine if you were prosecuted would be to prove you had filled in the form correctly and sunmitted it.

        Arguing (as I suspect you would) that you didn't want your data to be compromised would count for absolutely zero.

  3. James 47

    Eek!

    <sarc>

    Sent mine in the post, full of very accurate information about myself!

    </sarc>

  4. Shakje

    Bloody hell.

    That is all.

  5. Piro Silver badge
    Pint

    Absolutely incredible.

    Bravo, chaps! This highlights utter, complete, total and endemic security failure throughout.

    1. Anonymous Coward
      Flame

      Quite

      Indeed if this is true then the gov't and LM have a LOT of bloody explaining to do.

      1. Anonymous Coward
        Anonymous Coward

        A lot of explaining?

        You think so? If it is true, I bet the explanation will go something along the lines of:

        1. We are sorry (this is an optional step depending on how bad the publicity is at the time)

        2. We will make sure lessons are learned (if lessons were so effective they would all be genious by now)

        3. It wasn't our fault

        4. It didn't matter anyway because (insert implausible excuse of choice)

        The end

      2. It wasnt me
        Thumb Down

        The gov't have a lot of explaining to do anyway.

        They cant start by answering: "Why the holy fuck is UK census data going anywhere near LM?" "Could the contract have been better awarded to a UK company to spend some tax pounds at home?" (And no, I dont mean you Crapita.)

    2. Anonymous Coward
      Anonymous Coward

      @Piro

      It's quite startling that you automatically assume a single anonymous and unconfirmed post on PasteBin to be true. The funny thing is your use of the word "incredible". You know what that means right?

      Actually that posting reads like it was composed by a 419 scammer. Some bizarre use of the English language there, could that suggest it wasn't typed by a native English speaker?

      1. Craig Chambers

        Your critique of their English seems a bit harsh

        Other than an extra comma in the first sentence that imposes a pause after "Bravo" and renders the word "chaps" as a little orphan it doesn't look too bad to me.

  6. Anonymous Coward
    Anonymous Coward

    (untitled)

    Look if they really want to help with the family tree search then it is the previous 10 that'd be more useful.

    Awaits all the thumbs down ;-)

  7. LesC
    WTF?

    "We Never Forget Who We're Working For"

    As Lockheed Martin's tagline:

    EH?

    <conspiracy theory>

    Presumably Lulzsec has got the the gen on the UK at the same time as the NSA / FBI / CIA / Department of Homeland Security then?

    <\conspiracy theory>

  8. Anonymous Coward
    Facepalm

    If this is true

    All hell is gonna break loose and there will be a media frenzy. I really hope not to be perfectly frank. All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet. They will see it as another reason to take away any privacy you thought you may have. Lulzsec needs to go down for the good of everyone.

    1. g e
      Childcatcher

      Typical, you're probably right, too.

      Don't fix the problem, fix the likelihood of someone else discovering it.

      Gubbernment at its most gubbern-mental

      Think of the children, of course, educate them to distrust the lot of 'em.

    2. Anonymous Coward
      Meh

      I'm baffled why you should think so.....

      There will be no media outcry if this is true, why should there be?

      If you have nothing to hide you have nothing to fear.

      What possible value could any body derive from the data? There'll be no information about any significant person on the database, I bet you! Yes, there will be lots of data on us proles but so what? It would be interesting to know what bits and how much of the data has been exposed - if it has. How was the data being held? Has the data been classified and what classification processes were used?

      1. Juillen 1
        Holmes

        @AC

        > What possible value could any body derive from the data?

        You're joking? Identity theft heaven, all that data, who you're related to, so on, so forth..

    3. Asgard
      Big Brother

      The Government's inconsistent attitude to data security shows their real priorities

      @"All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet."

      They need to fix their appallingly lax data security rather than clamping down on everyone. But that would mean they need to blame themselves rather than seeking to blame everyone else for their failure to treat security seriously. But like all governments, they will never really want to blame themselves for anything, because in their mind, its always everyone else's fault.

      Its a shame they take their own information security so much more seriously than public data security, as it would be interesting to know more leaks about what mistakes and underhanded deals they have been covering up. But like the MP's expenses claims shows, they keep their own data under very strict control. Shame they don't do it for our data, but it clearly shows where their real priorities are.

  9. SuperNintendoChalmers
    Facepalm

    Sweep under the carpet?

    If they have, surely the government will have to actually do something about data security. No more half hearted measures, no more letting companies off with pitiful fines (if any), and proper hard hitting penalty clauses in contracts with companies who are being given our data by the government.

  10. Anonymous Coward
    Anonymous Coward

    lol

    and the governments of the world think they can be trusted with central identity systems. I'll keep my ID distributed for the decade to come and likely the one after methinks.

  11. Anonymous Coward
    Facepalm

    Oh dear

    So everyone was legally required to provide data which has now (possibly) ended up in the wrong hands? Truly inspires confidence. The only positive I can think from all this is that it may trigger strong government intervention to stop this hacking group once and for all.

    Wouldn't this sort of thing have national security implications?

    1. jonathanb Silver badge

      It has already

      http://www.bbc.co.uk/news/technology-13859868

      Teenager arrested on suspicion of hacking

      On Monday, the UK's Serious Organised Crime Agency (Soca) took its website offline after it was attacked by Lulz Security hackers.

      Doesn't specifically link the two but ...

    2. g e

      Strong government intervention?

      They're the cretins that created the circumstances that allowed this.

      An angry mob would be a far better intervention...

  12. Anonymous Coward
    Anonymous Coward

    So angry about this

    We are forced to fill it in, to provide our details to our government. So why was this handled by an American company?

    If this is true and the census info is available, then comparisons should be drawn with Sony, so expect a 'welcome back' pack and ID theft cover. HA, like that would ever happen, everyone involved (government, external agencies) should be held accountable with their jobs.

    When will our government learn? Why was this data ever on an internet facing server? Surely this information is worth so much it should have been keep on a secure network.

    1. Anonymous Coward
      Anonymous Coward

      forced?

      No bombing, no torture, forced is a bit of a stretch here.

      1. Peter Gathercole Silver badge
        FAIL

        forced - by law

        In case you had not noticed, it is a criminal offence to not fill in a census form when requested, backed up by fines and a criminal record. Is that forced enough for you?

    2. Sir Cosmo Bonsor
      FAIL

      You idiot

      Not one shred of it was ever confirmed. You got trolled.

  13. Whitter
    Alert

    Essex

    Is the Essex arrest the gov response then, or just a coincidence? They do happen after all.

  14. Cameron Colley
    Flame

    If this is true people should be shot.

    I do hope that anyone with a "...nothing to hide, nothing to fear..." attitude to the census has had a bit of a rethink now -- what with the possibility of us all having credit cards and loans taken out in our names now.

    I hope if it is true the people responsible for the decision to take all this personal information on the census are shot as the traitors they are -- after all the already gave us to a foreign company, and now they could have lost our names to every wannabe criminal in the world.

    1. Anonymous Coward
      Anonymous Coward

      @ "If this is true people should be shot"

      Yes. You're right. If people were help accountable for everything that they did with their lives, nothing would ever happen.

      Nothing.

      Never.

      Not. Ever.

      Which would be a bit of a blessing to a lot of people, really.

      1. Cameron Colley
        Mushroom

        @Craiggy

        These people told us that we would give our details to a company in the US, or face imprisonment or fines. They told us that the information would be kept completely safe.

        I was threatened with financial problems or, even, imprisonment to hand over my details to a US company for processing and whatever the fuck they wanted. Now, it appears, the thugs who demanded my data with menaces may have given it to everyone also.

        The people who decided that it was necessary to demand personal details with menaces should be hung, drawn, woken up, and quartered.

        Forgive me if I have only hatred for someone who gave my details to a foreign power for the opportunity to have a better career.

  15. Anonymous Coward
    Mushroom

    If this is true...

    Shiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiit.

  16. The Fuzzy Wotnot
    Happy

    "security-illiterate UK government"

    I think LulzSec are a bunch of twats quite frankly but credit to them, they've got the Gov's measure down to a tee!

    1. Peter Gathercole Silver badge
      Stop

      "security illiterate"

      I think that all of the posters who take this statement at face value ought to read some of the UK government security standards. These definitely exist, and they were not written by people who are security illiterate. See http://www.cesg.gov.uk

      The problem is that they are difficult to interpret, and are couched in terms that many IT people don't understand (they talk a lot about data crossing security zones rather than being securely stored), and sometimes it seems like there is no real world help in ensuring that a particular application or solution meets the requirements (government security auditors will often tell you that something is not compliant, but will not offer any advice on how to make it so, nor suggest security mechanisms during system design). Thus implementing a security solution often become an iterative process of attrition with the security people.

      When I was last involved, it was even the case that some of the Infosec documentation describing what has to be done is classified as RESTRICTED, which does not help trying to implement what they say.

      Generally, it is not a lack of standards that cause this type of data breach, it is implementation (often by companies contracted to supply services), or ignorance of the standards by individuals working on such data. Although there should be safeguards, it often only takes one person to make a mistake to put at risk complete datasets, especially if there is any external route in to the systems implementing the solutions.

  17. Jim Carter
    Big Brother

    Scary? Yes. Problematic? Not sure.

    How much personal data do people give to Facebook?

    1. g e

      Yeah but

      That damned census had a lot of invasive questions on it.

      It actually read more like a benefit application form.

      1. AndrueC Silver badge
        Stop

        Eh?

        You must have filled in a different form to me then. I filled in about a dozen questions most of which could already be gleaned from other public sources. My criticism of the census questions is more along the lines of 'What the hell are they expecting to learn from that?'

        There was stuff on there that could be used for evil (DOB for instance) but very little that was 'invasive'. Or do you consider it a national secret that you have gas central heating?

        So yeah - not good but hardly the end of the world.

        1. Anonymous Coward
          Anonymous Coward

          Re: Eh?

          So like most people you didn't use your real signature then?

          1. Anonymous Coward
            Anonymous Coward

            Signature?

            "So like most people you didn't use your real signature then?"

            Well, no. There wasn't any facility on that web form to provide a signature.

          2. AndrueC Silver badge
            Thumb Down

            Signature?

            a)I filled it in online so they never saw my signature.

            b)I've given my signature to loads of people over the years - credit card slips, cheques, loan applications. Couriers delivering things.

            b)Very little that I do actually relies on a signature these days.

        2. The Fuzzy Wotnot
          Facepalm

          @AndrueC

          Exactly what I was thinking.

          The worst question on the census was something like , "how many kids do you have under 16 at your address and what's their names?", the rest was simply name address, how long have you lived at your address and do you travel to work by train, car or bus?!

          The biggest annoyance to me is that all that useful info is now all in one place for the ad scumbags and telephone cold-callers, before they would have to have assembled it themselves from various public registers.

        3. AndrueC Silver badge
          Thumb Up

          I should just add..

          ..that I am not praising the census. I think that, for what was asked, it was a fairly large waste of time and money. The previous one from what I remembered asked quite a lot of useful questions many of which could help with infrastructure planning.

          Then again the infrastructure I see is generally badly planned and poorly maintained so perhaps it's better this way. At least it took up less of my time :)

      2. Anonymous Coward
        Anonymous Coward

        Detail

        "It actually read more like a benefit application form"

        Indeed we can draw one of three conclusions from that statement.

        1. You didn't actually read the census form.

        2. You've never read a benefits application form.

        or 3. You've never read either.

        Actually there is a fourth, but I'm too polite to mention it here.

    2. Anonymous Coward
      Alert

      Querybook

      True, but you aren't legally required to provide your real name and address on Facebook - and if you do provide those details there are at least some privacy controls that can be used to restrict that data. This release on the other hand will be a mineable resource for evil doers and the evil do that they do do.

    3. Anonymous Coward
      Anonymous Coward

      here's a title

      Name, address, income ?

  18. Dangermouse

    Oh God, I hope so....

    Please, Jim, can you fix it for me for this to be true?

    Speaking as someone who's form "was posted, honest, it must of been lost" there was no way I would of trust *that* much information to the British Government and a single war-mongering organisation.

    1. GrahamS
      Black Helicopters

      *that* muich?

      > "no way I would of trust *that* much information to the British Government and a single war-mongering organisation."

      Did you actually read the census questions?

      There really wasn't anything particularly exciting in there. Facebook probably has more detailed information on me.

      1. Anonymous Coward
        Anonymous Coward

        Facebook?...

        "Facebook probably has more detailed information on me."

        I think that says it all.

        1. Oninoshiko
          Stop

          in fairness

          Facebook probably has more detailed information on me too, and I'm not a farcebook user.

  19. Anonymous Coward
    Stop

    Seeing as anyone can post to pastebin

    Shouldn't we be exercising a bit more caution?

  20. Anonymous Coward
    Mushroom

    Good grief

    Incompetence abound. This, if (when) released, will be a goldmine for scammers, stalkers, 419ers and other brigands. It will also mean that whatever trust is left for personal data security is blown away (which is a good thing in a small way "Can I take your name and address sir" "Not a chance, you'll just loose it!").

  21. Anonymous Coward
    Anonymous Coward

    In related news ...

    http://thenextweb.com/industry/2011/06/21/suspected-lulzsec-mastermind-arrested/

  22. Anonymous Coward
    Mushroom

    Goodbye trust

    If this proves correct, that will be the last straw for the miniscule trust that remains in anyone's ability to keep data safe in the UK - public or private sector.

    Completely useless wankers. A kicking would be far, far too good for them.

  23. Alex King
    Flame

    Oh FFS

    Isn't it about time we gave this bunch of pompous tits at LulzSec a massive punch in the face?

    I'm so fucking tired of these self-aggrandising little twats hiding behind the fig-leaf of testing security as an excuse for shits and giggles at everyone's expense.

    The more this kind of stupid crap goes on, the more of everyones taxes the government will spend on security in an ever escalating arms race and, perhaps more importantly, the less useful stuff can be done with data by legitimate users.

    All these bloody fools will achieve is to make everyone poorer, everyone's lives harder and restrict everyone's access to legitimate information, giving goverments and corporations the perfect excuse to be ever more restrictive and opressive.

    To defend these oiks in any way would be like blaming yourself when your bicycle gets nicked, because you only used three medium strength locks rather than locking it in a lead-lined bunker behind a 12-tonne door with triple timer-protected dedalocks on 57-digit combinations.

    JUST. LEAVE. OTHER. PEOPLE'S. SHIT. THE. FUCK. ALONE.

    1. Ru
      FAIL

      Point: Missed!

      The takehome lesson here is not 'lulzsec are a bunch of little shits'. It is that net security is so woefully inadequate and the attitude of the people responsible for your information is lax to the point of irresponsibility if not dereliction of duty.

      Sure, it sucks that a bunch of juvenile delinquents stole your stuff, but, get this: how on earth did a bunch of juvenile delinquents get to steal your stuff in the first place? If they can do it, so can pretty much anyone. And indeed, there's a pretty big chance that people already have, but because they are serious criminals you won't find out about it til your credit card bill comes.

      Regarding bikes? Your metaphor sucks. Its a bit like giving your bike to someone else to keep safe, only to discover they left it locked up on the street with a £5 bit of wire and a 3-digit combination lock and it vanished the moment their back was turned.

      You should be grateful that the people who have exposed such incompetence are not more malicious.

      1. Richard 81
        Thumb Down

        Except

        Except that if/when they post that information on the internet for anyone to see, what little justification they have for their little crusade goes right out the window. There's nothing socially responsible about Handing our data over to the people who will gladly fuck us over for real.

      2. Anonymous Coward
        Anonymous Coward

        @Ru

        "The takehome lesson here is not 'lulzsec are a bunch of little shits'. It is that net security is so woefully inadequate and the attitude of the people responsible for your information is lax to the point of irresponsibility if not dereliction of duty."

        And you've gleaned that from one one unconfirmed posting on PasteBin which appears to be a lie? Well done.

      3. Anonymous Coward
        Stop

        @Ru

        I'm not confirming that this was the mechanism used because I just don't know, but it is reported that Lockheed Martin's internal networks were compromised by the RSA failure reported several weeks back, so it would not surprise me if they used similar technologies for the UK Census.

        If you are implementing a solution that relies on a security product that is proved faulty after installation, can the blame be put completely put at your door?

        The fact that RSA keyfob one-shot password devices were in use in Lockheed Martin shows that someone was actually thinking about some security. RSA devices are widely used because they were trusted, and that problem has caught many organisations out.

        I am not saying that a single security measure is sufficient, but I wonder how many people commenting here have really tried to build a complete infrastructure that a) does not rely on third party security devices, and b) provides the level of security mandated by CESG. I'm sure that some have, but most have not.

        I'm not apologising for LM, but like so many things, it's actually much more difficult to do than most people think, and there are serious tradeoffs between security and cost.

        When I worked at government agencies in the past, the most secure systems were effectively on air-gapped networks, with multiple networks to each desk. This cost a lot of money, and ultimately meant that remote support was difficult to impossible. As you cut costs, you link things together using security products. This makes the environment vulnerable to third-party security failure. One bank I worked at had multiple security layers, and adjacent security layers could not be provided by the same technology. Very sensible, but also very expensive.

    2. Fuzz

      I'm agreeing here

      Should slack security be highlighted? Of course it should, publicly and people should be made accountable for it. Is this the right way to go about it? No.

      If I see someone in the street who's left their car door open with their wallet on the front seat do I?

      a) Point this out to them so they can deal with it

      b) Steal the wallet, sell the contents on ebay and then send a link for the completed auction to the owner.

      These people have to understand that they're not sticking it to the man here; they're not fighting the power. They're just messing with people's lives.

    3. Oliver Mayes

      Glad someone agrees with me

      If this is true then they need to be stopped immediately. It's one thing to attack a big corporation it's another entirely to steal private information on potentially millsions of innocent people and publish it on the internet.

      Again if true, this is them crossing the line into severe criminal activity needing harsh punishment.

      Of course there will be people suporting them and saying things like "Yeah, stick it to the man, expose those security failings LOL!!!" but how will they feel when it's their credit card details being used by criminals. I've already had my card details stolen like this three times this year from different reputable companies and had to waste time cancelling and re-issuing my cards.

      1. Dangermouse

        @Glad someone agrees with me

        What?

        So Lulzsec having this information = bad...

        but

        UK Gov, US Gov, EU, Arms Corp, whoever else the Gov sells it to = good?

        NOBODY should have this much info, plain and simple.

    4. noboard
      FAIL

      Errrmmm

      While I'm not a fan of lulzsec and they probably are a bunch of f*cknuts, moaning at them for getting the data is a bit short sighted. Yes they're probably doing it for kicks, but if they can do it so can criminal organisations that wont shout about it and the first thing you know is when the debt collectors come knocking.

      By all means think they're muppets, but never complain that people have publicly warned you that your private details are available to any crim with an internet connection.

      1. Alex King
        Thumb Down

        They haven't warned...

        ...they've threatened to publish, for no other reason than for 'lulz'. Totally ridiculous apologism for a criminal act here. Looks like a massive red herring anyway. Maybe it was an experiment to see how many people would defend them, just because they were going against 'the man'...

    5. tiggertaebo
      Black Helicopters

      Couldn't have said it better myself

      I was pretty much intending to post almost exactly the same thing but since you covered it quite well I don't think I will - I'll just say good on that man :)

      The only thing I would add is that at this stage we don't have any direct confirmation that the census hack itself has happened but the post is just as valid without it.

    6. SteveBalmer
      FAIL

      but but but

      they took away our OtherOS......

  24. Zog The Undeniable
    Mushroom

    If this is true

    The ConDems are finished. This is the identity theft to end them all.

    1. Tony Green

      I think you're forgetting...

      ...it was NewLab that gave Lockheed Martin the contract.

      1. IT veteran
        Stop

        But it was lost...

        On the ConDem's watch. That counts for a lot. Who is going to remember who issued the contract 10 years or so ago?

        At least, as my colleague has pointed out, this should put paid to all this craze in the govt about Cloud services.

      2. Anonymous Coward
        Stop

        I think *you're* forgetting

        the moronic nature of the british public, with a 5-second attention span. I've heard people banging on about "da cuts", (look at the ILF, for example) and blaming "da tories" when it turns out they were implemented 18 months before the election.

        Anyway, isn't one of the responsibilities of government that what happens on your watch is your fault, irrespective of who actually instigated it ? It's certainly why they claim the jobs are paid so much.

  25. Simbu
    Big Brother

    Excuse me...

    While i invest in some tin manufacturing businesses...

  26. Arrrggghh-otron

    Consequences?

    If they did get their hands on the census data... what would that mean for the promises that were made about the security of our census data?

    I'll hazard a guess. The contractor gets the blame and nothing changes in government/whitehall... that or 'these evil hackers' are hunted down and burnt at the stake.

  27. Anonymous Coward
    Anonymous Coward

    Never

    Never ever trust sending your details to the US .- if the government doesn't get it then the hackers will. I'd bet on the US gov getting it first though.

  28. Anonymous Coward
    Black Helicopters

    Chortle

    Not on it

    AC in case TheReg gets hacked (not that that would probably help at all)

  29. Absent
    Headmaster

    government efficency

    Going by the speed and efficiency of past government bureaucratic operations I'd be highly surprised if all the census data had been collected, entered and collated yet.

    1. Cowardly Animosity
      Meh

      blerf

      It'll be data from all those who completed the online form, methinks. Oh well, good luck to them, my life is not exciting enough for me to care!

  30. Tony Green
    Facepalm

    Is anybody really surprised?

    Having written to the ONS in January expressing my concerns about the use of Lockheed Martin and the security of my personal data, the stock reply from Helen Bray (2011 Census Stakeholder Management and Communications) had the wholly un-reassuring conclusion,

    "I hope you will be reassured by the measures taken to protect the confidentiality of census information".

    ...oddly enough, I wasn't reassured. But since the incompetents at Lockheed Martin seem to have lost my form anyway, with luck at least my info didn't get leaked.

    1. Anonymous Coward
      Stop

      Lockheed Martin

      Is this the same Lockheed Martin that hadn't bother to upgrade access to its VPN two months after it was publicly announced that RSA would have to replace 40 million tokens due to private keys having been stolen from RSA's server?

      http://www.pcpro.co.uk/news/security/367723/lockheed-martin-under-fire-over-rsa-breach

      >> " ... “Lockheed had slightly over two months from the time that EMC notified them and other RSA SecurID customers about their breach."

      and the same Lockheed Martin that that has its traffic intercepted and monitored by the NSA?

      Is there no UK data that ultimately ends up in the hands of the US Govt?

      1. heyrick Silver badge
        FAIL

        @ AC

        The NSA doesn't need to bother snooping. Thanks to the Patriot Act, any data held on American soil is fair game for examination.

        The question here isn't about LulzSec or a red-herring hack post, but more WTFingF is the British government doing handing sensitive data on its citizens (even if the questions are boring, you can infer a hell of a lot from that much data) to a FOREIGN company where it will almost certainly be of interest to the FOREIGN government. If the British government does not feel competent to manage the census collection and collation, and there is no single British organisation capable, then the answer is bloody obvious - skip it. Wait until it can be coped with. Nationally, within the borders of the country concerned.

        Fail icon, because the British government is a laughing stock. Whatever LulzSec may or may not have done, the data is far out of their (the govt's) control by now. Congratulations.

        1. Anonymous Coward
          FAIL

          @heyrick

          Just because a US contractor is working on a project does not mean that the data is being stored on US soil. I don't know about the Census, but I do know about the DVLA, where the contractors are IBM and Fujitsu, and I can tell you that there is no wholesale storage of your car or license data anywhere outside of Swansea and Salford (although the D90 mainframe in Salford should have been decomissioned by now). That's where the servers are, and that is where the contractors work.

          There was simply no method of moving the data onto either IBM's or Fujitsu's corporate networks, and severe penalties (including prosecution) to for anybody who did. This was understood, and is drummed into all people working on the contract on a monotonously regular basis.

          In case you hadn't noticed, there are very few companies prepared to work on large government bids that are not mutinationals.

  31. Anonymous Coward
    Anonymous Coward

    ive been told this is impossible

    according to source ive been relibale informed that the data hasnt been processed by the government yet. so there isnt anything for lulsec to steal.

    i hope he is right, otherwise this is a massive loss for the government, and it could be a massive issue for everyone in england and wales

    1. Anonymous Coward
      Unhappy

      er ...

      some people filled the forms in online - so surely a subset is available. Maybe not processed, but in a raw form ?

  32. Marcus Aurelius
    Devil

    OMG

    My sekret membership of the Sith will be revealed.

    1. TeeCee Gold badge
      Coat

      Re: OMG

      Who's the other one?

      Always two there are. No more, no less.......

      1. Peter Murphy
        Thumb Up

        Never understood that line.

        What if you're a Sith apprentice and your master gets run over by a bus? Then you're well and truly fucked.

        Remember, kids: redundancy is your friend! Whether you're storing UK census information or supa-secret evil Jedi knowledge: a backup in time saves nine.

  33. Anonymous Coward
    FAIL

    Why do I *really* want this to be true ...

    You know it's wrong, but somehow good ...

    I just want to see people replay the assurances that were given before the census, (along with some saved webpages) and have our leaders tell us how wrong they were.

  34. <spez>
    Mushroom

    so....

    ...as was mandatory to fill it in, where can i claim my bit of data protection compensation for allowing my details out?

    I think I know where I can go for it.

  35. EddieD

    Irritating, but..

    Not significant - there are probably more damaging leaks of my data from other places - e.g. websites with my credit card details, medical history from my doctor's office, than from the census, which, when it comes down to it lists my name and address (in the phone book, with my phone number), my date of birth (not hard to find), my vocation and salary (as I work for a publically funded organisation it's a matter of open record) and very little else.

    I do hope though, that the ICO fines the holders of this data a significant sum.

    Per record, of course.

    1. Anonymous Coward
      Anonymous Coward

      Fines!

      Fines are just passed on to the taxpayers - gaol terms are not.

  36. Atonnis
    FAIL

    This is going a bit too far...

    Look, if you want to f--k around and piss off a few companies and 'for teh lulz' then, even if I don't think it's funny, I won't care that much.

    However, if it's gotten to the point that the private information of every UK citizen is stolen and made available for anyone who wants it....that's just going too far. You're now putting peoples' lives at risk, in many different ways, not just from over-the-top fancies like terrorism (yeah yeah) but more from the risk that people will be able to find others who have had to make themselves lost for their own protection.

    1. Anonymous Coward
      Anonymous Coward

      Yes but...

      Those of us who considered our jobs might put at risk from "over-the-top fancies like terrorism (yeah yeah)" lied about our jobs, earnings and anything else vaguely related.

      When asked what my role was, I wrote something along the lines of "paperwork and stuff".

      Call me cynical, psychic or whatever but I kinda saw something like this happening.

      Wouldn't want to be someone who'd admitted to being UK Govt in NI though!

  37. Anonymous Coward
    FAIL

    Truly shocking

    Heads will roll. On the Moment Magnitude scale, this is the equivalent of a 9.0+.

    1. hplasm
      Big Brother

      Heads never roll..

      'Lessons are learnt".

      Twats.

  38. PinkImpala
    FAIL

    Not holding my breath for a tweet

    Seeing as how the police arrested a guy this morning, reportedly for being part of LulzSec

  39. Richard 120
    Coat

    Fucking Govt

    They're just bloody useless, the lot of them. Even the ones that aren't in control (oh wait, that's all of them)

    What we need is a benevolent dictatorship.

    My wife has been practicing her skills at running an almost benevolent dictatorship at our home for years. I'd say she's up to the task by now.

  40. This post has been deleted by its author

  41. TrishaD
    FAIL

    Oh Dear

    I note that its now being claimed that an alleged 'ringleader' for Lulzsec has now been arrested. In Essex.

    If any of this proves actually proves to be true, then it may at least serve some useful purpose - to expose the utter idiocy of our government in entrusting personal data regarding UK subjects to a commercial organisation in the US,

    No doubt the US will go for extradition -

    'We want your citizen to stand trial in our country for stealing your data'.

    1. Elmer Phud
      Megaphone

      Ringleader?

      No, I'm Spartacus!

  42. TonyHoyle

    Not so sure...

    It's not like pastebin is particularly hard to edit... I'll believe it when I see it.

  43. Anonymous Coward
    Thumb Down

    Oddly enough, this was predicted

    By pretty much any of us who understand the real magnitude of what may have happened in RSA if the seed files *were indeed compromised/leaked*.

    At a BBQ last Sunday someone asked me about how secure did I think our census data was.....well I suspect when this hits the press they'll be shitting themselves.

  44. Anonymous Coward
    Stop

    PERSEC issues

    Great so now anyone with an axe to grind against anyone who is or has been a member of the military is now eagerly awaiting a target list containing names and addresses of said current and former service people and their families, opening the possibility of getting leverage over someone with security clearance or simply planting a car bomb or similar.

    Hmm perhaps I should make a rather rapid house move or better still move overseas.

    Hmm well if any Lulzsec member is resident in the US or UK they now (hopefully) might be on the receiving end of terror charges namely "supplying information of use to a terrorist" (or charges similarly worded)

    No matter your thoughts on the governments foreign policy desires, this puts individual service people needlessly at risk

  45. TonyHoyle

    Too late :p

    "which is a good thing in a small way "Can I take your name and address sir" "Not a chance, you'll just loose it!"

    If the leak is true everyone will know your name and address already. And your job, income, phone number, childrens names, employers address...

  46. Anonymous Coward
    Anonymous Coward

    Hmm...

    If this has happened, it's just another reason for international law enforcement to really knuckle down and look for Lulzsec.

    Having seen the recent flurry of Lulzsec hacks, I look forward to the corresponding flurry of Lulzsec arrests and then trials.

  47. Anonymous Coward
    Anonymous Coward

    sparse lulz

    Says one lulzsec document 'Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons'. I understand that this is not a centralized movement and that this statement is hence hardly a manifesto, but irony aside isn't this information likely to be of enormous use to profiteering gluttons, ie marketing agencies? Or does nothing have to make sense as long as it's done for teh lulz?

    1. TeeCee Gold badge
      Mushroom

      Re: sparse lulz

      No, it's entirely correct.

      They are working to ensure that our privacy is overrun by spotty little no-life twats instead....

  48. taxman
    Childcatcher

    Has UK Gov Lost The Census To LulzSec

    Well? Has it? Come on. Tell Us. It's no good asking a question if you can't answer it! No wonder the level of education is going down the pan these days.

    This is the sort of question you'd expect to get in a GCSE paper.

  49. Gary F

    On the plus side, at least we'd get the results quicker!

    I hope the data doesn't contain actual addresses and names, that would be a blow to every person in the UK. The data would be marketing companies dream come true. Imagine all the crappy marketing calls and letters we'd receive. It's bad enough as it is now.

    1. Loyal Commenter Silver badge

      Did you tick the box on the electoral register

      that says 'do not include my details in the extended register'?

      No?

      Well then, the marketing droids have got your details already.

  50. David Haworth 1
    Coat

    A request...

    Dear Mr. LulzSec, while you're about it, please could you get the data for the other censuses from 1841 onwards. A lot of amateur genealogists would be very interested.

    Mine's the coat-of-arms ...

  51. karl 15
    Unhappy

    omg

    OMFG!!! i told my Wife not to fill it in, but she did it anyway :-(

  52. Kevin 43
    FAIL

    Source?

    Was it stolen from UK Gov servers? or the US contractors servers? .... or some other offshore where the data is being "processed"

  53. R J Tysoe

    Maybe they'll just release a few choice records

    Like Helen Bray's for example.

    As for "according to source ive been relibale informed that the data hasnt been processed by the government yet. so there isnt anything for lulsec to steal." I guess the data that people entered online just went to a big printer to be printed out and re-entered by hand, rather than being stored somewhere. I think your source is as relibale as your spelling.

  54. b166er

    Jump

    There's way too much jumping to conclusions here.

    For starters, this was posted to PasteBin, jeez!

    It's probably that kid in Essex doing it for a prank and being mistaken for a Lulz ringleader.

    Secondly, the poster of the PasteBin item suggests they're going to re-format the dataset before releasing it anyway (if even true), so why would it be damaging to any individual?

    The only entities it will be damaging to will be Lockheed Martin and the bubble that is UK government.

    Get back to your Mail's, tch

  55. Marvin O'Gravel Balloon Face

    That reminds me...

    I still need to post mine back.

  56. rwbthatisme
    FAIL

    60+ million deed poll requests coming up

    Oh well atleast we don't have to wait 10 years for someone to mull over the data....

    1. Anonymous Coward
      Anonymous Coward

      Deed poll

      All in the name Spartacus.

  57. Anonymous Coward
    Anonymous Coward

    Do any of you think this will change *ANYTHING*

    Watch for "lessons learned", "trust exercise", "public reassurance" in any news about it.

    They lost 25 million records that were far more useful to ID theft people and the good people of the UK who mostly post anything and everything to facebook collectively shrugged and probably tutted, yet not one of them did anything.

    If we were to *do* anything, for instance publicly demonstrate with a million person march on whitehall, we would tagged and bagged as troublemakers, a few people would be assaulted by the police and the whole thing would be mostly ignored by policy makers.

    Alternatively you could've just not fill it in... there was plenty of scope for excuses;- lost in the post, i wasn't living here on that day, I live in my second duck house on a moat...

  58. richard 7
    FAIL

    The title is required, and must contain letters and/or digits.

    OOPS

    That is all

  59. Tom Wood

    We filled ours in on paper

    ...and I'd be quite surprised if they've got round to processing all the paper forms yet.

    Would raw data from processed paper forms ever make it into an online database anyway?

    I can understand hacking the data of those who submitted their census online might be easier, but given that Lockheed Martin are a large defence firm, and hence are presumably quite good at managing really secure data (the "if I told you I'd have to kill you" kind), you'd hope they could keep census data secure.

  60. Anonymous Coward
    Unhappy

    Why?

    Why was British secure information entrusted to a foreign company, especially one whose government is open about its legal rights, over its commerce, to copy all information? Especially one with a long track record of damaging Britain, e.g. IRA support, restrictive trade practices against British firms, extradition of British citizens without proper evidence?

    Why does a census require so much information that is not needed to count the number and distribution of heads? If we are all British, is it not a dubious practice to demand what "race" or "colour" we think we are? What religion we profess? I may be wrong about these demands. I left the country for another European one that still has the original meaning for the word, "free". So I never saw the form.

    Why are Reg. writers and readers writing ever more in American English ("gotten", USA misspellings) while purporting to be UK based? Often while complaining about the USA and definitely (perhaps I should say, hopefully) being much more careful with their technical programming as a compiler or interpreter is not forgiving? Does not our native language merit some care? Or does their technical ability not extend to finding the British dictionary in their chosen word processing programme and they are too careless or badly educated to notice?

    1. Richard 81

      1.25 out of 3

      I was with you on the first paragraph. Then about a quarter of the second.

      The rest is just stupid fluff.

      "Does not our native language merit some care?" no, not really. Languages change. Get used to it.

      I could very well ask why you refer to cow meat as beef. That's a Normanism. Our Saxon language needs protecting. To which the Britons in the back will cry 'hang on a minute!'*

      *Actually I can't pronounce what they'd cry.

  61. David 39
    FAIL

    errr

    "We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this"

    I'd speak to people who know what they're doing, if these guys were any good, it wouldnt have happened in the first place.

    But on the plus side spam 419 emails should effectively stop when this is released on piratebay

  62. Anonymous Freetard

    Not all processed

    Bet the online stuff was pretty well processed by now, those of us who filled our form in reluctantly and with our very worst handwriting (in a petty attempt to make sure Lockheed warmongers didn't make a profit on our census) are pretty safe.

  63. Anonymous Coward
    Anonymous Coward

    For goodness sake

    Who are these muppets? Apart from the census, the followup census survey was incredibly irritating. The guy was told no I don't want to take part and still proceeded to come back 3 times. All this despite two complaints to the ONS. I guess his manager had a performance target to hit...

  64. Anonymous Coward
    Stop

    Slow down just a second..

    I see everyone running around, getting their knickers in a twist.

    All that we *do* know, for real, is that somoene has posted a message to Pastebin saying that someone has gotten their hands on the data.

    If I said that I had my hands on Pippa Middleton's bum, it would (unfortunately) not make it true.

    Let's just wait and see what the lulzboat tweets...

    ...then again... their feed has been quite quiet this morning.

  65. Some Beggar
    Meh

    Which is funnier?

    a) Stealing and publishing the entire census data.

    b) Posting a claim to have done so on irc and pastebin?

    And which is more likely?

    If you're panicking about this already then I have some truly excellent tinfoil hats you can buy for a one-off knock-down price of six easy-pay installments of ONLY £99.99 see press for details not available in the shops all stock must go.

  66. Graham 15
    FAIL

    It gets worse

    One of the worst effects of this - besides the leaking of everyone's data and the fact that the government are likely to target the hackers rather than sorting themselves the fuck out - is that compromising the security of census data will massively discourage people from participating fully in the census. Census data is enormously useful for all sorts of things that benefit everybody, and this sort of shit will ruin it. If this turns out to be true, shame on LH and the government for their abysmal approach to security, and shame on Lulzsec for not taking the implications into account.

  67. liquidphantom
    Mushroom

    To borrow from the Queen

    This is rapidly turning in the Annus Horribilis of on-line security.

    If any one wants me i'll be in the bomb shelter in case someone manages to hack a nuclear weapons installation.

    1. Anonymous Coward
      Anonymous Coward

      Anus horibilis more like

      That is all

  68. PsychicMonkey
    Pint

    IF this is true

    and it's a big if, I'd expect Lockheed to be fined within an inch of their lives for this breach of the DPA, but I doubt that will happen either. They'll just claimn they haven't got any money and get a small slap on the wrists.

    But, you know that the current Gov probably won't give two shits about the company since they can distance themselves from the contract, the previous boss signed that one so they may just screw them to the wall for the political points.

    Either way, the blue touch paper has been lit all we can do is sit back and watch the show....

    1. Anonymous Coward
      Anonymous Coward

      Zactly

      "But, you know that the current Gov probably won't give two shits about the company since they can distance themselves from the contract, the previous boss signed that one so they may just screw them to the wall for the political points."

      Even if this turns out not to be true the current governnment can use it to score points off the previous administration. It seems that today a lot more people are aware that their census data went to a foreign company than were aware of that yesterday. And a lot of people are outraged by that even more than the possibility that the posting of pastebin was genuine. A government minister worth his salt should be able to make Mr Bean very unconfortable questioning him about his party's tendency to give contracts to US companies. After all that's not just about security, there's also the issue of taxpayers money going offshore and employment going offshore too. All of that even though the labour government made a big deal about spending locally.

      Indeed I should think that the government could use this to make a strong case for ringfencing similar contracts to British or at least EU contractors. The US seem to make damn sure all their government contracts stay in the US (no problem there) lets stop that being a one way street.

  69. Anonymous Coward
    Stop

    Before you bay for blood

    stop and think!

    if a rag tag group of people likely scattered around the world can pull this off from homes/public wifi what could a group organized & supported by a state pull off (think China).

    The difference is by announcing it to all the world it draws attention to the problem where as i would wager that any thing they are targeting has probably been probed and cataloged by much more sinister groups then lulz merchants

  70. Anonymous Coward
    Anonymous Coward

    It hasn't happened

    That is all.

    1. lurker

      seems probable

      I'm with you, anyone could have slapped together that 'lulzsec' announcement and stuck it up on on pastebin, 'for the lulz'.

    2. Anonymous Coward
      Anonymous Coward

      "The UK's Office and National Statistics and Lockheed Martin are racing ...

      ... to check if hacker group LulzSec has gotten its hands on this year's census data."

      If they had got hold of that much data they would be able to tell from the electricity bill!

      Although this probably never happened, would anyone be really surprised if it had?

  71. Anonymous Coward
    Anonymous Coward

    LulzSec needs to go down!

    Then there will be no-one stealing my census data!!11!eleventy-one

    Does anyone else think @LulzSec sound very English?

  72. The Beer Monster

    Well, if it's true...

    I look forward to my new (government supplied) identity - because if it is true, we're all fscked with the ones we currently have.

    1. Some Beggar
      Facepalm

      Really?

      Unless you've been ex-directory for a couple of decades and made your electoral roll data private then all the information that anybody needs to steal your identity is already easily available. If you've done any social networking at all and if anybody in your extended family has signed up to one of these dreary genealogy websites then there's even more online. With your full name and access to Pipl, I could probably have filled in your census form on your behalf then phoned your bank and cancelled your direct debit to the Donkey Rescue Society.

      If your identity was worth stealing then somebody would already have stolen it. And now that The Bad Guys (allegedly) have access to tens of millions of handy identities in one place, yours is worth even less.

      1. The Beer Monster

        D'oh yourself.

        Seeing as you asked

        "Unless you've been ex-directory for a couple of decades"

        Yup

        "and made your electoral roll data private"

        Yup

        "If you've done any social networking at all and if anybody in your extended family has signed up to one of these dreary genealogy websites then there's even more online."

        No on both.

        "With your full name and access to Pipl, I could probably have filled in your census form on your behalf then phoned your bank and cancelled your direct debit to the Donkey Rescue Society."

        I doubt it. I can't find me on Pipl and I know everything about me, on account of being me.

        "If your identity was worth stealing then somebody would already have stolen it. And now that The Bad Guys (allegedly) have access to tens of millions of handy identities in one place, yours is worth even less."

        That is not the point. If everyone's info is available, then anyone could pretend to be anyone else or anyone could find enough info to victimise anyone else.

        That's a major headache for everyone.

        1. Some Beggar
          FAIL

          @Beer Monster

          I just browsed through the first few pages of your el reg posts, followed a link to a biker forum you use and found your home town and date of birth. And my coffee didn't even cool down enough to sip in the time it took to do it.

          No social networking, eh?

          1. The Beer Monster

            Social Networking

            1) Modding a forum isn't social networking. It's working

            2) You found a town and a date. One of them is false.

            1. Some Beggar
              FAIL

              re: Modding a forum isn't social networking. It's working

              Oh. Good. Grief.

              Is undignified back-pedalling "work" as well?

  73. alain williams Silver badge

    Don't complain about LulzSec

    If it had not been them this month it would have been someone else in the months to come.

    Anyway: the CIA already has a copy.

  74. This post has been deleted by its author

  75. Jayw
    Black Helicopters

    Prediction...

    The government willl label it a terrorist attack, rush a bunch of new laws through parliament on the back of that to further restrict our freedoms, including resurrecting the idea of compulsory biometric id cards for all UK citizens.

    Two month later, they'll leave the nations DNA records on a train.

    1. Anonymous Coward
      Anonymous Coward

      Nope

      Don't you realise that the whole ID card thing was nothing to do with this government or the last one for that matter. It was the civil cervix who were behind that. The trouble was that the last government had an incredible talent for letting the big wigs within the civil service control them. Sir Humphry would have been so proud. If he was real. The civil service have over the last few years developed an obsession with the idea that a big database will solve any problem (somebody proabably went on a data mining course) and they managed to convince theBlair government of that. The Brown government didn't really count since it spent its tenure flapping around like a flappy thing.

      The current government are against the whole idea of the ID card scheme, but not for the reasons you'd hope. They are against it because they realise that it would cost an absolute fortune to set up and would not be anywhere near cost effective. If it would save money in the medium term they would be right on it,. It won't so they aren't.

  76. Anonymous Coward
    WTF?

    well hopefully less Indians........

    Well hopefully the damned government and private sector will stop shipping in cheap IT Resource from India in the hope of lowering wages, while at the same time shipping out our data overseas. Don't forget the DVLA lost a load of data that was sent to the US for processing.

    It's about time that Lulzsec caused some MAJOR financial problems at the banks and retail companies and outsourcing companies so that they finally understand that scrimping on IT people is NOT the way to save money in the long term. Pay for good people...get good infrastructure and software. None of this bloody outsourcing lark

    And I say this as an Asian guy..so none of that racist stuff thank you...

  77. Anonymous Coward
    Mushroom

    That this, if true, would be such a massive deal

    should IMHO shift *more* of the blame onto the government/LM for insufficient security. Not saying there isn't a more responsible way of pointing out said insufficient security though.

  78. Steve Evans

    Blimee...

    Well given how the small print added by HM Govt allowed world+dog to delve into information which used to be kept secret for 100 years, it would come as no surprise to find that at least one of those departments leaks like a sieve.

  79. Ikoth
    FAIL

    Wake up call...

    I think the point that everyone is spectacularly missing is that the entire IT industry needs to rapidly get its shit together.

    The recent spate of high profile security breeches just prove what many of us have suspected for a long time - the entire framework upon which online security is based is fundamentally flawed and its high time the big brains out there came up with a radical new approach to protecting networked systems, and I don't just mean employing increasingly illegible "Captcha" boxes.

    1. Anonymous Coward
      FAIL

      hang on a moment ...

      the *IT* industry needs to get it's act together ??????

      No, matey. The *management* industry needs to get it's act together. I am sure the number of IT managers who have managed to implement encryption and secure networking access policies are far outweighed by the bosses who dish out unencrypted laptops and memory sticks, and think an Excel spreadsheet is somehow "protected".

      1. Ikoth

        Wake Up Call,,,

        Yes the IT industry. The ENTIRE infrastructure needs redesigning to be inherently secure and by that I mean everything - protocols, hardware, software, all of it.

      2. Some Beggar
        WTF?

        @AC 14:11

        What the hell is the "management industry"?

  80. Anonymous Coward
    Anonymous Coward

    Gary McKinnon

    So are the UK government now going to strong-arm the extradition of the boss of Lockheed Martin and potentially give him the ultimate sentence for being responsible for a data incident on this far greater scale?

    1. Anonymous Coward
      Anonymous Coward

      What?

      What data incident would that be then?

  81. Anonymous Coward
    Anonymous Coward

    3 stories

    Apologies - should really have tracked these down on El Reg.

    http://www.lockheedmartin.com/news/press_releases/2008/0828_lmuk-2011-census.html

    http://blogs.computerworld.com/17995/rsa_securid_hacked_2fa_fob_and_software_compromise

    http://www.cioinsight.com/c/a/Latest-News/RSA-Will-Replace-SecurID-Tokens-in-Response-to-Lockheed-Martin-Attack-409915/

  82. Cunningly Linguistic

    Any chance...

    ...they can sort out the 1921 census too, I don't really want to wait another 10 years, I may be dead then.

  83. Real Name
    FAIL

    From Lulzsec Twitter

    Not sure we claimed to hack the UK census or where that rumour started, but we assume it's because people are stupider than you and I.

  84. fixit_f
    Stop

    They just tweeted

    "Not sure we claimed to hack the UK census or where that rumour started, but we assume it's because people are stupider than you and I."

    So that means no then. Nothing to see here.

  85. goldcd

    A denial?

    LulzSec The Lulz Boat

    I'm not seeing "we hacked the UK census" on our twitter feed or website... why does the media believe we hacked the UK census?

  86. Steve Evans

    Lulz twitter speaks:

    "LulzSec

    I'm not seeing "we hacked the UK census" on our twitter feed or website... why does the media believe we hacked the UK census? #confusion"

  87. W2S

    So many lies being spread

    Lulz Sec have not and have never hacked the UK census. Its not a target for them and never will be.

    Twitter Quote: LulzSec The Lulz Boat

    Just saw the pastebin of the UK census hack. That wasn't us - don't believe fake LulzSec releases unless we put out a tweet first.

  88. John Munyard

    Anonymous

    How grateful and justified I now feel in not completing most of the census form. I wasn't the only person concerned about the processing of this data by Lockheed Martin and how it might be used.

    The Government bleated on batting aside all the concerns as if they were irrelevant. Who's right now? Bunch of incompetent tossers. Hacked by a bloody 19 year old....

  89. Anonymous Coward
    Trollface

    Bwahaha

    Everyone here has been trolled hard.

    1. Anonymous Coward
      Anonymous Coward

      "Trolled hard?"

      Maybe so, but the claim is believable because we know from experience that govts and their organisations, who bloody-well ought to know better, do have a habit of taking absolutely no care whatsoever of their/our data.

  90. brain_flakes
    Stop

    Proof or GTFO

    Anyone can claim to have stolen the census data, I'll believe it when I download it.

  91. Arnie
    Paris Hilton

    as someone else pointed out

    why the fuck isnt this data on a closed network.

    EPIC FAIL OF EPIC PROPORTIONS

    paris: cause even she knows how to shut the front door

    1. Martin Milan

      Erm...

      You're assuming the attack came from the outside. More likely, if it has indeed happened, to be an inside job me thinks...

  92. LRayZor
    Alert

    Obligatory Exploit by Numbers

    1. Select [Address] where [Occupants] = 1 and [Age] >= 25 and [Age] < 50 and [Location] = "Expensive Leafy Suburb" and [Job] = "Well Paid";

    2. Burglary

    3. Fence

    4. Profit

  93. Suboptimal Planet

    Find all the mutants^Wsame-sex civil partners

    If there are still any people out there who hate gays, they will be delighted by the tickbox for "Same-sex civil partner".

    Likewise, I'm sure some people will be pleased to have a database matching "country of birth", "ethnic group", "language", and (if they're lucky) "religion" with names, addresses, and phone numbers.

  94. tinytony

    good luck to them

    if the try to get loans in my name, i cant

  95. Anonymous Coward
    Anonymous Coward

    If...

    It's kind of amusing how many people here start their posts with "If this is true..." and then work up a huge head of indignation based on that rather big IF.

    Calm down guys, at least until we have some sort of confirmation that some data has actually been leaked. It all suggests to me that there are a lot of people out there in internet land just looking for something to get worked up about.

    1. AndrueC Silver badge
      Joke

      Well..

      >It all suggests to me that there are a lot of people out there in internet land just looking for something to get worked up about.

      Aside from porn what other uses does the interWeb have?

  96. Anonymous Coward
    WTF?

    Lulzsec suck

    I hope the pirate bay do the right thing and actually REMOVE this if it appears on there, as its not piracy related, althrough if they remove it, it would probably find its way to wikileaks instead!

  97. markfiend

    I'm fighting a losing battle I know...

    ...but I wish people would stop referring to script-kiddies and black-hats as "hackers".

    Hacker: A person who enjoys exploring the details of programmable systems and stretching their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

    http://www.catb.org/jargon/html/H/hacker.html

    1. Anonymous Coward
      Anonymous Coward

      Definitions

      The terms hack, hacker and hacking are older than their use to describe activities with computer code.

      You've lost that battle already. Language evolves. At one time "hacker" meant what you say it means. Before that it meant something else, and before that something else again. Linguistic purists could whinge about the word "hack" being used in your context because that's not what the definition was at their chosen point in time.

      And that's the thing about people who draw these pointless lines in the linguistic sand. It's not that they believe in the purity of language. It's just that they can't move with the times. They need to understand that their preferred dictionary merely documents the use of language at a given point in time.

      Check the definition of AINDERBY QUERNHOW in The Meaning of Liff. Except that probably means something else as well now.

      1. Anonymous Coward
        Anonymous Coward

        "Language evolves."

        exactly.

        I don't understand why you purists cant just invent a new word to mean "A person who enjoys exploring the details of programmable systems and stretching their capabilities"

        here's a few:

        1. aspie

        2. dick-hole

        3. trainspotter

        etc

        Just kidding, honestly! I enjoy "exploring the details of programmable systems" too, but I'm not such a massive asshole that I have to go around DEMANDING that people call me a specific word, and never use that word for anything else, because I SAID SO.

        In fact, people who enjoy programmable systems tend to have a higher than average intelligence. And those with a higher than average intelligence tend not to care what they are called. Sticks and stones... Don't throw the PCB out with the etching solution.

        1. Anonymous Coward
          Anonymous Coward

          Not only but also

          "In fact, people who enjoy programmable systems tend to have a higher than average intelligence. And those with a higher than average intelligence tend not to care what they are called. "

          True enough, but they also probably tend to suffer from more than the average number of disorders too.

  98. Mart 2
    Stop

    The answer to the title of this article is

    No.

    LulzSec The Lulz Boat

    Anyone in the world can copy and paste The Lulz Boat ASCII art and general lighthearted theme. Smarten up, check the feed first. #AntiSec

    Move along people...

  99. Anonymous Coward
    Thumb Down

    FFS

    The worst part of all of this is you can't opt out of the Census in the interest of privacy - because it would negate the value of the Census - but nobody can offer 100% security, yet they fine you for not completing the Census. Your privacy has a value, it's £1000.

    Hope someone accuses Lulzsec members of rape soon, I'm getting tired of this.

    1. Anonymous Coward
      Anonymous Coward

      but...

      ...you can not fill it in and then not answer the door to anybody you don't know. It's not hard :)

      Maybe this is why I'm not too bothered if the data has been compromised.

  100. Ten98

    lame comments on this story

    Lulzsec Twitter:

    "People should keep releasing fake LulzSec stuff. It helps filter out the peon masses from the respectable, fact-checking media outlets."

    You hear that TheReg? That's you, the peon masses.

    I find the reactions on here absolutely hilarious.

  101. Anonymous Coward
    FAIL

    This is why..

    I didn't give the government my census form!

    1. Anonymous Coward
      Anonymous Coward

      Eh?

      "This is why I didn't give the government my census form!"

      You didn't give the government your census form because you knew somebody was going to post some BS on pastebin. Go on, explain.

  102. Chronos
    FAIL

    Everybody is missing the two important points

    Point 1) The most telling part of this is LM "checking" to see if this has any legitimacy. That means it could have happened, even if it hasn't already, which means they need a rocket up their arses come what may of their investigation.

    Point 2) All this crap is going to lead to is more draconian Internet law. That's a government's fix for everything: We can't be wrong using such an open platform for sensitive data so we'll just slap those with a clue of how to use it and level the playing field. Soon enough you won't be able to use anything but port 80 and approved DNS without some goon knocking your door off its hinges. Bye bye, open platform.

    1. Anonymous Coward
      Facepalm

      "The most telling part of this is LM "checking" to see if this has any legitimacy."

      huh, would you prefer that they didn't check?

      dave: hey george your house is on fire

      george: i don't want to check, because that would lend legitimacy to your claim. i will just sit here and see if i get burned alive.

  103. Ten98

    Pathetic story, even more pathetic comments

    Quite frankly I expect more from the Reg than to blindly copy and paste the same story all the worthless news outlets are peddling today.

    There is absolutely no proof or even any credible suggestion that the census data has been taken.

    Someone has posted on Pastebin using the Lulzsec ascii and vaguely convincing wording that they have done so. Lulzsec have denied the hack, and all of the other hacks that they have carried out they've claimed responsibility for on their Twitter feed.

    I could log on to Pastebin right now and post a vaguely convincing fake Lulzsec post.. Jesus christ guys, how stupid are you?

    The census data is EXTREMELY secure. I doubt it's even hosted on a database connected to a network, let alone the internet.

    1. This post has been deleted by its author

      1. Peter Gathercole Silver badge

        re: bork bork bork

        The data capture system was on the Internet, but that does not follow that the main DB server is. They could have (although probably didn't) written each census record to tape, and then bulk-loaded it into a completely standalone database system.

        Most internet facing systems are a combination of an internet attached web server of some form, with only enough storage to hold transient data, together with a significant number of security layers, some of which may take part in the transaction, and one or more database servers.

        Thus, the database system is only indirectly attached to the Internet, and cannot be directly attacked. One bank I worked at had more than 10 different security zones between the front-end web servers and the systems holding the databases.

        The internet facing web server gathers your data, then commits it through secure protocols and intermediate systems to the backend, and then deletes the transient copy.

        Normally, the gathering system has no way of bulk-loading data back from the database machine. It may be able to get individual forms back (in order to allow you to edit them), but this needs to be done on an individual basis, and often the security checking is done off of the internet facing box.

        This means that even if the Web facing system is hacked, without some authentication information for each address, it will not be able to load data from the database.

        This is large web application design 101.

        It is normal for there to be multiple security zones, such that it is not possible at to use, at each boudary, any other protocol than the allowed one to get further into the network (implicit deny, explicit allow).

        Much more likely is that if there really was a breach, it would have been one of the routes that are used for remote system administration, and once in, a path to export the data was constructed, although even this has problems.

        As far as I can tell, there are around 25,000,000 residential addresses in the UK. If the census form could be encoded in 8KB, this would make an approximate size of raw data of around 200GB. This is not a huge amount of data as things stand today, but I would not be wanting to squirt it through a SSH tunnel over the Internet!

  104. Rentaguru

    all very well

    but it isn't stringing politicians and police from lamp-posts is it? Until that happens it isn't significant imho.

  105. Anonymous Coward
    Big Brother

    It was all going to be made public in 75 years time .... ....

    .... .... what's the problem with publishing it a few years early?

  106. Anonymous Coward
    Flame

    My Biggest Question

    Why in the name of anything holy was our national census data being processed by a defence contractor in the USA?

    No defence contractor anywhere should have access to the raw information far less one that is legally obliged by US law to submit it to the FBI, CIA, NSA, RIAA and any other criminal group you care to name.

    Even if it was done by a defence contractor, WTF was it done in the USA where they consider our weak attempts at data protection to be some sort of immoral restraint upon trade?

    Are there not enough underemployed people with keyboard skills in the UK where there is at least the concept of trying to keep my PID out of reach of commercial enterprises unless I want to give it?

    I am sure that Lulz could have nicked it from an insecure system in this country just as easily. At least the company responsible might have got in trouble. How much will this hurt Lockheed Martin?

    Answer - not much.

    Principle 8 of the Data Protection Act says "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.".

    Looks like that didn't happen, as so many times before...

    1. Ten98
      FAIL

      Facepalm

      Either you didn't read the previous comments before venting your moronic spleen, or you didn't read the Reg's own follow up story "Lulzsec Disavows Census Hack". or you did and choose to ignore them.

      Either way you're a moron. Your precious, precious information about how old you are, what GCSE's you have and where you live (which nobody is in the least bit interested in anyway) is perfectly safe.

      How much will this hurt Lockheed Martin? if by "this" you mean irresponsible journalists blindly writing stories without checking any facts, then not much.

      They will have to prove that nobody has accessed the Census records without proper authorisation. This will take some poor sysadmin a few hours at worst. Then his boss will ask him to DOUBLE check and TRIPLE check since, because so many news agencies are reporting it, it MUST HAVE HAPPENED, RIGHT?

      I fucking hate you people.

  107. J.H.
    Go

    192.com

    isn't all historical census data on 192.com anyway?

    looks like their business model just went down the toilet...

  108. b-a-r-k-i-n-g-m-a-d
    Devil

    What is surprising...

    What is surprising (or depressing) is how easily people belived the census data had been taken - i.e. no trust in the people holding this data.

  109. Anonymous Coward
    Anonymous Coward

    @Ten98

    Most of the post above yours still applies. Why is it being done by a US defence contractor? If any lawyer for the right acronym called, they would give up the data.

  110. Anonymous Coward
    Alien

    Conspiracy

    The message was posted so that when our census data starts appearing in odd places the gubmint can say, "That's 'cause it was stolen!" which sounds a lot better than, "We sold it to MarketingTsunami Ltd."

    This of course would be a conspiracy because more than one person is involved.

  111. Anonymous Coward
    FAIL

    LOL

    I'm glad I burned mine and all the follow-up letters.

    Wouldn't have minded inviting the girl in who came round to see if I needed help filling the form in though ;)

    I do not deal with war criminal corps, even foreign ones.

  112. Anonymous Coward
    WTF?

    What database?

    Last I heard, roomfuls of data entry clerks were sitting about twiddling their extremities and little or no data had actually been processed. Or was that another out-sourced government project...

  113. Michael Dunn
    Joke

    Lost census data?

    No! Lockheed Martin have bought a quantum computer, so all the data is present in "superposition" state and has become totally entangled.

This topic is closed for new posts.

Other stories you might like