Security News

Parliamentary criticism of the National Cyber Security Centre's "Image over cost" London HQ is being shrugged off by the government because of the GCHQ offshoot's successful response to the WannaCry ransomware outbreak. George "Eleventy Jobs" Osborne, who at the time of NCSC's establishment in 2016 was the Chancellor of the Exchequer, overrode procurement processes and gave the panicking Cheltenham set at GCHQ their desired Westminster base - and not the grubby Shoreditch "Tech hub" the spies feared they'd be dropped into.

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans. Due to Brexit, the government can amend the UK's Network and Information Security Regulations to let the Information Commissioner's Office, the local data watchdog, dictate what kind of cybersecurity breaches must be reported to it.

In contrast, the Twitter hack we're referring to ultimately led to the takeover of just 45 accounts. The suspects were alleged to have previous form in hacking and trading in so-called OG accounts, where OG is short for original gangster.

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader. Uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year.

A British man has been charged in the United States in connection with a Twitter hack last summer that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday. Joseph O'Connor, 22, was arrested in the coastal resort town of Estepona, Spain, on an arrest warrant accusing him of involvement in a July 2020 hack of more than 130 accounts, and of hacks that prosecutors said took over TikTok and Snapchat accounts, including "One of the most viewed and followed" TikTok stars.

Northern Rail, one of the UK's local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week. Railways in the UK are operated under a licensed franchise system following the breakup of the state-owned British Rail, which was privatized gradually from 1994 to 1997.

The UK government is launching proposals to boost the legal status of digital identities, something it claims will ensure they are trusted as much as physical documents such as passports. The government today argued digital identities could help reduce cases of online fraud because they are much harder for criminals to access and replicate than other types of online personal data such as dates of birth.

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

MI5's UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers. McCallum's view is, "For as long as it's cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information - they are bound to keep doing so." The UK house also needs to be got in order - and in both cases the call is for new and stronger legislation.

Much to the derision of expert commentators on social media, the COVID-Status Certification Review details the government's approach to so-called vaccine passports and its response to concerns over their usage. "Any decision to require COVID-status certification will be a discretionary choice for individual organisations to make. However, it is possible that certification could provide a means of keeping events going and businesses open if the country is facing a difficult situation in autumn or winter," it said.