back to article Government Gateway online hack claims 'nonsense', say multiple folk in the know

Claims the Government Gateway online identity portal has been "hacked" have been dismissed as "nonsense" by the man originally responsible for the project and by two government information security experts. Earlier this week the Financial Times (behind paywall) reported that “tens of thousands” of Britons’ identities were …

  1. Doctor Syntax Silver badge

    "At any one time it only has the details of anyone who is in the early part of the registration process."

    So an ongoing compromise gets everybody who registers.

    1. Anonymous Coward
      Anonymous Coward

      I'm not sure the point of the comment, or did my humour detector fail on this overcast day?

      1. Doctor_Wibble

        Took me a moment but I think it's simply meaning that a compromise that has been active and in continued use for a while will have been able to get the details of everyone registering during that time.

  2. just another employee

    "it is true that the gateway, which was developed in 2001, badly needs replacing."

    Why?

    Because it has been running for 14 years without a TalkTalk style incident?

    Or because some 15 year old script kiddie doesn't yet know how to break it ?

    Sorry - just because something has been around for a while is NOT the reason to replace it. (Unless we are talking about that sandwich in my work drawer with a best-by date of 15/03/08..)

    1. Anonymous Coward
      Anonymous Coward

      Re: "it is true that the gateway, which was developed in 2001, badly needs replacing."

      It maybe that it "badly needs replacing" because it looks old and clunky, however that's more of a best before than use by date issue.

      if you look at the "badly needed" gov.uk web site perhaps old and clunky isn't that bad after all.

      A Coward

      1. Dave Bell

        Re: "it is true that the gateway, which was developed in 2001, badly needs replacing."

        It maybe depends on the underlying tech, the server hardware and OS, and keeping that in a reliable state may be getting tricky. Besides, we know how much else was done with hot 2001 tech that could have problems. Anything that needs you to use Adobe Flash or Apple Quicktime, for instance.

        Which Browser does your bank want you to use?

        It's arguable that far too many of these projects have grossly underestimated the long-term support effort needed, It's not the data storage, it's the interface with the users.

      2. Mark Cathcart

        Re: "it is true that the gateway, which was developed in 2001, badly needs replacing."

        Like El reg website itself... Reflowing text... Responsive ui, not so much

    2. Afernie

      Re: "it is true that the gateway, which was developed in 2001, badly needs replacing."

      If it's been running for 14 years, it may be OK, or you may end up with fun and games with certain browsers depending on the technologies used. I got this while looking at the digital certificate login option on Chrome (Windows 7), so judge for yourself:

      "Sorry, you cannot register with, or log in to the Government Gateway using this certificate provider and web browser combination. These certificates are not currently supported on the Macintosh operating system and Netscape 6.x version browsers on all platforms."

  3. mastodon't

    We're all doomed

    "Government Gateway online hack claims 'nonsense', say multiple folk in the know"

    “Believe only half of what you see and nothing that you hear.” ― Edgar Allan Poe

  4. Terry 6 Silver badge

    The trouble is...

    ...that "badly needs replacing " NOT EQUAL TO "needs replacing badly"

  5. Chozo

    Pilger's law: 'If it's been officially denied, then it's probably true'

    1. Doctor Syntax Silver badge

      "Pilger's law: 'If it's been officially denied, then it's probably true'"

      Or the Yes Minister version: never believe a rumour until it's been officially denied.

  6. D Moss Esq
  7. Anonymous Coward
    Anonymous Coward

    Evidense Based analysis anyone ?!?

    "So in my view this is nonsense" - Project manager

    "Highly unlikely" - anonymous security guy

    Why do these comments sound like "These are not the droids you are looking for..."

    How about somebody actually CHECKS ?!?!

    1. Tim99 Silver badge

      Re: Evidense Based analysis anyone ?!?

      This is my view. No go and find the evidence for it...

  8. Anonymous Coward
    Anonymous Coward

    Philippines made the same false claim, but got called out for it!

    The problem with pretending that "hackers got nothing" or "not possible" or whatever other bogus ass-covering claim get made, is that the hackers already know what they got.

    Look at the Comelec hack. The government said that same thing, so the hackers posted the data to prove it.

    These guys are *selling* the data, so they're obviously not going to post it all for free to prove it.

    Face the music. You got hacked. They stole it. Take the blame, don't play it down, and FIX THE PROBLEMS!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019