Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Privacy United Kingdom

Hacks 'Probably Compromised' UK Industry (bbc.com) 19

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.
This discussion has been archived. No new comments can be posted.

Hacks 'Probably Compromised' UK Industry

Comments Filter:
  • The better question (Score:4, Interesting)

    by ColdWetDog ( 752185 ) on Tuesday July 18, 2017 @12:15PM (#54833331) Homepage

    And one much harder to answer is 'who isn't compromised.

    Given the low hanging fruit that is Internet connected industrial controls, I'd have to Wild Ass Guess that virtually all of the big companies have had their products peeled open by one or various disreputable groups (I'm looking at YOU ALL Five Eyes). Or maybe all of them.

    What happens when it's back doors all the way down?

    (Don't answer that, please.)

    • by Anonymous Coward

      I consulted with a hospital who had default passwords on almost everything, connected everything from IV pumps to VOIP calls over their 802.11 without protection, had all sorts of confidential information on unsecured, open Windows file shares, did not have unique logins for users (so forget user access control or audit trails)... It was horrible. And they didn't care.

      The last straw was when I found out their entire patient information database for their EHR was wide open, world-readable and writable on a g

      • by Anonymous Coward

        Be careful. Depending on your jurisdiction you may be required to notify one or more agencies if you discover something this bad.

    • And one much harder to answer is 'who isn't compromised.

      Companies that don't needlessly connect things to the internet (which is nobody). Companies that invest in real security instead of faux security (which is nobody).

      It's almost as if MBAs running businesses think security is a pointless expense.

    • by AHuxley ( 892839 )
      What happens when it's back doors all the way down?

      The UK followed the US down the wide open, unencrypted, plain text, network facing server path thanks to "contractors", public private partnerships, total out sourcing and supporting the private sector.
      Every plain text, open server facing the internet issue that was big news in the USA years ago is now been repeated in the UK.
      Is that coincidence? Incompetence? A total lack of computer crypto design understanding in the UK mil and gov?

      Or policy?
      The
  • Seriously.

    (sorry, just wanted to misspell rogue)

Comparing information and knowledge is like asking whether the fatness of a pig is more or less green than the designated hitter rule." -- David Guaspari

Working...