back to article Has UK gov lost the census to Lulzsec?

The UK's Office for National Statistics and Lockheed Martin are racing to check if hacker group LulzSec has got its hands on this year's census data. Such a massive data loss would be embarrassing even for a government with such an amazing record of data protection failures. LulzSec's Twitter page has no mention of the …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    oh no!

    Quick! Put up Ed Vaizey / Reg Bailey's filtering device so we can't see it!

  2. This post has been deleted by its author

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Laugh

        If you get fined a grand what will be funny about that? You might think you can argue your way out of it, but I doubt it. I'm pretty sure it's a strict liability jobby, so your only hope of getting out of the fine if you were prosecuted would be to prove you had filled in the form correctly and sunmitted it.

        Arguing (as I suspect you would) that you didn't want your data to be compromised would count for absolutely zero.

  3. James 47

    Eek!

    <sarc>

    Sent mine in the post, full of very accurate information about myself!

    </sarc>

  4. Shakje

    Bloody hell.

    That is all.

  5. Piro Silver badge
    Pint

    Absolutely incredible.

    Bravo, chaps! This highlights utter, complete, total and endemic security failure throughout.

    1. Anonymous Coward
      Flame

      Quite

      Indeed if this is true then the gov't and LM have a LOT of bloody explaining to do.

      1. Anonymous Coward
        Anonymous Coward

        A lot of explaining?

        You think so? If it is true, I bet the explanation will go something along the lines of:

        1. We are sorry (this is an optional step depending on how bad the publicity is at the time)

        2. We will make sure lessons are learned (if lessons were so effective they would all be genious by now)

        3. It wasn't our fault

        4. It didn't matter anyway because (insert implausible excuse of choice)

        The end

      2. It wasnt me
        Thumb Down

        The gov't have a lot of explaining to do anyway.

        They cant start by answering: "Why the holy fuck is UK census data going anywhere near LM?" "Could the contract have been better awarded to a UK company to spend some tax pounds at home?" (And no, I dont mean you Crapita.)

    2. Anonymous Coward
      Anonymous Coward

      @Piro

      It's quite startling that you automatically assume a single anonymous and unconfirmed post on PasteBin to be true. The funny thing is your use of the word "incredible". You know what that means right?

      Actually that posting reads like it was composed by a 419 scammer. Some bizarre use of the English language there, could that suggest it wasn't typed by a native English speaker?

      1. Craig Chambers

        Your critique of their English seems a bit harsh

        Other than an extra comma in the first sentence that imposes a pause after "Bravo" and renders the word "chaps" as a little orphan it doesn't look too bad to me.

  6. Anonymous Coward
    Anonymous Coward

    (untitled)

    Look if they really want to help with the family tree search then it is the previous 10 that'd be more useful.

    Awaits all the thumbs down ;-)

  7. LesC
    WTF?

    "We Never Forget Who We're Working For"

    As Lockheed Martin's tagline:

    EH?

    <conspiracy theory>

    Presumably Lulzsec has got the the gen on the UK at the same time as the NSA / FBI / CIA / Department of Homeland Security then?

    <\conspiracy theory>

  8. Anonymous Coward
    Facepalm

    If this is true

    All hell is gonna break loose and there will be a media frenzy. I really hope not to be perfectly frank. All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet. They will see it as another reason to take away any privacy you thought you may have. Lulzsec needs to go down for the good of everyone.

    1. g e
      Childcatcher

      Typical, you're probably right, too.

      Don't fix the problem, fix the likelihood of someone else discovering it.

      Gubbernment at its most gubbern-mental

      Think of the children, of course, educate them to distrust the lot of 'em.

    2. Anonymous Coward
      Meh

      I'm baffled why you should think so.....

      There will be no media outcry if this is true, why should there be?

      If you have nothing to hide you have nothing to fear.

      What possible value could any body derive from the data? There'll be no information about any significant person on the database, I bet you! Yes, there will be lots of data on us proles but so what? It would be interesting to know what bits and how much of the data has been exposed - if it has. How was the data being held? Has the data been classified and what classification processes were used?

      1. Juillen 1
        Holmes

        @AC

        > What possible value could any body derive from the data?

        You're joking? Identity theft heaven, all that data, who you're related to, so on, so forth..

    3. Asgard
      Big Brother

      The Government's inconsistent attitude to data security shows their real priorities

      @"All that this will mean is that the UK will become even more 'Big Brother' and impose even more censorship on the internet."

      They need to fix their appallingly lax data security rather than clamping down on everyone. But that would mean they need to blame themselves rather than seeking to blame everyone else for their failure to treat security seriously. But like all governments, they will never really want to blame themselves for anything, because in their mind, its always everyone else's fault.

      Its a shame they take their own information security so much more seriously than public data security, as it would be interesting to know more leaks about what mistakes and underhanded deals they have been covering up. But like the MP's expenses claims shows, they keep their own data under very strict control. Shame they don't do it for our data, but it clearly shows where their real priorities are.

  9. SuperNintendoChalmers
    Facepalm

    Sweep under the carpet?

    If they have, surely the government will have to actually do something about data security. No more half hearted measures, no more letting companies off with pitiful fines (if any), and proper hard hitting penalty clauses in contracts with companies who are being given our data by the government.

  10. Anonymous Coward
    Anonymous Coward

    lol

    and the governments of the world think they can be trusted with central identity systems. I'll keep my ID distributed for the decade to come and likely the one after methinks.

  11. Anonymous Coward
    Facepalm

    Oh dear

    So everyone was legally required to provide data which has now (possibly) ended up in the wrong hands? Truly inspires confidence. The only positive I can think from all this is that it may trigger strong government intervention to stop this hacking group once and for all.

    Wouldn't this sort of thing have national security implications?

    1. jonathanb Silver badge

      It has already

      http://www.bbc.co.uk/news/technology-13859868

      Teenager arrested on suspicion of hacking

      On Monday, the UK's Serious Organised Crime Agency (Soca) took its website offline after it was attacked by Lulz Security hackers.

      Doesn't specifically link the two but ...

    2. g e

      Strong government intervention?

      They're the cretins that created the circumstances that allowed this.

      An angry mob would be a far better intervention...

  12. Anonymous Coward
    Anonymous Coward

    So angry about this

    We are forced to fill it in, to provide our details to our government. So why was this handled by an American company?

    If this is true and the census info is available, then comparisons should be drawn with Sony, so expect a 'welcome back' pack and ID theft cover. HA, like that would ever happen, everyone involved (government, external agencies) should be held accountable with their jobs.

    When will our government learn? Why was this data ever on an internet facing server? Surely this information is worth so much it should have been keep on a secure network.

    1. Anonymous Coward
      Anonymous Coward

      forced?

      No bombing, no torture, forced is a bit of a stretch here.

      1. Peter Gathercole Silver badge
        FAIL

        forced - by law

        In case you had not noticed, it is a criminal offence to not fill in a census form when requested, backed up by fines and a criminal record. Is that forced enough for you?

    2. Sir Cosmo Bonsor
      FAIL

      You idiot

      Not one shred of it was ever confirmed. You got trolled.

  13. Whitter
    Alert

    Essex

    Is the Essex arrest the gov response then, or just a coincidence? They do happen after all.

  14. Cameron Colley
    Flame

    If this is true people should be shot.

    I do hope that anyone with a "...nothing to hide, nothing to fear..." attitude to the census has had a bit of a rethink now -- what with the possibility of us all having credit cards and loans taken out in our names now.

    I hope if it is true the people responsible for the decision to take all this personal information on the census are shot as the traitors they are -- after all the already gave us to a foreign company, and now they could have lost our names to every wannabe criminal in the world.

    1. Anonymous Coward
      Anonymous Coward

      @ "If this is true people should be shot"

      Yes. You're right. If people were help accountable for everything that they did with their lives, nothing would ever happen.

      Nothing.

      Never.

      Not. Ever.

      Which would be a bit of a blessing to a lot of people, really.

      1. Cameron Colley
        Mushroom

        @Craiggy

        These people told us that we would give our details to a company in the US, or face imprisonment or fines. They told us that the information would be kept completely safe.

        I was threatened with financial problems or, even, imprisonment to hand over my details to a US company for processing and whatever the fuck they wanted. Now, it appears, the thugs who demanded my data with menaces may have given it to everyone also.

        The people who decided that it was necessary to demand personal details with menaces should be hung, drawn, woken up, and quartered.

        Forgive me if I have only hatred for someone who gave my details to a foreign power for the opportunity to have a better career.

  15. Anonymous Coward
    Mushroom

    If this is true...

    Shiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiit.

  16. The Fuzzy Wotnot
    Happy

    "security-illiterate UK government"

    I think LulzSec are a bunch of twats quite frankly but credit to them, they've got the Gov's measure down to a tee!

    1. Peter Gathercole Silver badge
      Stop

      "security illiterate"

      I think that all of the posters who take this statement at face value ought to read some of the UK government security standards. These definitely exist, and they were not written by people who are security illiterate. See http://www.cesg.gov.uk

      The problem is that they are difficult to interpret, and are couched in terms that many IT people don't understand (they talk a lot about data crossing security zones rather than being securely stored), and sometimes it seems like there is no real world help in ensuring that a particular application or solution meets the requirements (government security auditors will often tell you that something is not compliant, but will not offer any advice on how to make it so, nor suggest security mechanisms during system design). Thus implementing a security solution often become an iterative process of attrition with the security people.

      When I was last involved, it was even the case that some of the Infosec documentation describing what has to be done is classified as RESTRICTED, which does not help trying to implement what they say.

      Generally, it is not a lack of standards that cause this type of data breach, it is implementation (often by companies contracted to supply services), or ignorance of the standards by individuals working on such data. Although there should be safeguards, it often only takes one person to make a mistake to put at risk complete datasets, especially if there is any external route in to the systems implementing the solutions.

  17. Jim Carter
    Big Brother

    Scary? Yes. Problematic? Not sure.

    How much personal data do people give to Facebook?

    1. g e

      Yeah but

      That damned census had a lot of invasive questions on it.

      It actually read more like a benefit application form.

      1. AndrueC Silver badge
        Stop

        Eh?

        You must have filled in a different form to me then. I filled in about a dozen questions most of which could already be gleaned from other public sources. My criticism of the census questions is more along the lines of 'What the hell are they expecting to learn from that?'

        There was stuff on there that could be used for evil (DOB for instance) but very little that was 'invasive'. Or do you consider it a national secret that you have gas central heating?

        So yeah - not good but hardly the end of the world.

        1. Anonymous Coward
          Anonymous Coward

          Re: Eh?

          So like most people you didn't use your real signature then?

          1. Anonymous Coward
            Anonymous Coward

            Signature?

            "So like most people you didn't use your real signature then?"

            Well, no. There wasn't any facility on that web form to provide a signature.

          2. AndrueC Silver badge
            Thumb Down

            Signature?

            a)I filled it in online so they never saw my signature.

            b)I've given my signature to loads of people over the years - credit card slips, cheques, loan applications. Couriers delivering things.

            b)Very little that I do actually relies on a signature these days.

        2. The Fuzzy Wotnot
          Facepalm

          @AndrueC

          Exactly what I was thinking.

          The worst question on the census was something like , "how many kids do you have under 16 at your address and what's their names?", the rest was simply name address, how long have you lived at your address and do you travel to work by train, car or bus?!

          The biggest annoyance to me is that all that useful info is now all in one place for the ad scumbags and telephone cold-callers, before they would have to have assembled it themselves from various public registers.

        3. AndrueC Silver badge
          Thumb Up

          I should just add..

          ..that I am not praising the census. I think that, for what was asked, it was a fairly large waste of time and money. The previous one from what I remembered asked quite a lot of useful questions many of which could help with infrastructure planning.

          Then again the infrastructure I see is generally badly planned and poorly maintained so perhaps it's better this way. At least it took up less of my time :)

      2. Anonymous Coward
        Anonymous Coward

        Detail

        "It actually read more like a benefit application form"

        Indeed we can draw one of three conclusions from that statement.

        1. You didn't actually read the census form.

        2. You've never read a benefits application form.

        or 3. You've never read either.

        Actually there is a fourth, but I'm too polite to mention it here.

    2. Anonymous Coward
      Alert

      Querybook

      True, but you aren't legally required to provide your real name and address on Facebook - and if you do provide those details there are at least some privacy controls that can be used to restrict that data. This release on the other hand will be a mineable resource for evil doers and the evil do that they do do.

    3. Anonymous Coward
      Anonymous Coward

      here's a title

      Name, address, income ?

  18. Dangermouse

    Oh God, I hope so....

    Please, Jim, can you fix it for me for this to be true?

    Speaking as someone who's form "was posted, honest, it must of been lost" there was no way I would of trust *that* much information to the British Government and a single war-mongering organisation.

    1. GrahamS
      Black Helicopters

      *that* muich?

      > "no way I would of trust *that* much information to the British Government and a single war-mongering organisation."

      Did you actually read the census questions?

      There really wasn't anything particularly exciting in there. Facebook probably has more detailed information on me.

      1. Anonymous Coward
        Anonymous Coward

        Facebook?...

        "Facebook probably has more detailed information on me."

        I think that says it all.

        1. Oninoshiko
          Stop

          in fairness

          Facebook probably has more detailed information on me too, and I'm not a farcebook user.

Page:

This topic is closed for new posts.

Other stories you might like