Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacks 'Probably Compromised' UK Industry (bbc.com)

Posted by msmash on from the security-woes dept.

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.

19 comments

  1. Tea Time 'Likely Ruined' by Anonymous Coward · · Score: -1

    'Simply Awful' biscuits to blame
    Britons outraged

  2. Stop putting them there then! by Anonymous Coward · · Score: -1

    Stop putting them there then!

  3. The better question by ColdWetDog · · Score: 3, Interesting

    And one much harder to answer is 'who isn't compromised.

    Given the low hanging fruit that is Internet connected industrial controls, I'd have to Wild Ass Guess that virtually all of the big companies have had their products peeled open by one or various disreputable groups (I'm looking at YOU ALL Five Eyes). Or maybe all of them.

    What happens when it's back doors all the way down?

    (Don't answer that, please.)

    --
    Faster! Faster! Faster would be better!
    1. Re: The better question by Anonymous Coward · · Score: 0

      Quit acting paranoid and please install either a home, homepod, or echo inside your home for us.

    2. Re:The better question by Anonymous Coward · · Score: 1

      I consulted with a hospital who had default passwords on almost everything, connected everything from IV pumps to VOIP calls over their 802.11 without protection, had all sorts of confidential information on unsecured, open Windows file shares, did not have unique logins for users (so forget user access control or audit trails)... It was horrible. And they didn't care.

      The last straw was when I found out their entire patient information database for their EHR was wide open, world-readable and writable on a globally available Windows file share. I got the hell out of that shithole the fastest I could.

    3. Re:The better question by Gravis+Zero · · Score: 1

      And one much harder to answer is 'who isn't compromised.

      Companies that don't needlessly connect things to the internet (which is nobody). Companies that invest in real security instead of faux security (which is nobody).

      It's almost as if MBAs running businesses think security is a pointless expense.

      --
      Anons need not reply. Questions end with a question mark.
    4. Re: The better question by Anonymous Coward · · Score: 3, Insightful

      Be careful. Depending on your jurisdiction you may be required to notify one or more agencies if you discover something this bad.

    5. Re: The better question by Anonymous Coward · · Score: 0

      It looks like the FSB already know.

    6. Re:The better question by AHuxley · · Score: 1

      What happens when it's back doors all the way down?

      The UK followed the US down the wide open, unencrypted, plain text, network facing server path thanks to "contractors", public private partnerships, total out sourcing and supporting the private sector.
      Every plain text, open server facing the internet issue that was big news in the USA years ago is now been repeated in the UK.
      Is that coincidence? Incompetence? A total lack of computer crypto design understanding in the UK mil and gov?

      Or policy?
      The private sector cannot be expected to carry the costs of real encryption on every server and document so they requested plain text and total to access gov/mil networks.
      That extra crypto compliance cost would hurt profits.

      Plain text and no encryption is a level playing field that allows any contractor to bid with confidence for government/mil work.

      Who wants to pay for a gov or mil approved super computer in their office that needs support calls every hour for a new crypto key?
      Thats a waste of their profits. Extra staff wages for security cleared staff on site in the UK just to look after layers of gov crypto every hour?
      A lot of the contractors are multi nationals. That secure office in the UK is a few lawyers and two people with the needed gov/mil contacts and security clearances. All the real work is then done in the cheapest nations on earth in plain text. The result is networked back to the UK, signed over by the legal contractor as a front company and given back to the UK gov. Just in time thanks to a total lack of any gov mandated encryption slowing down profitable global networks.

      The end result might be navy ship "parts" from South Korea or parts from China. Better profits to have a ship in port been worked on by contractors ordering new parts on plain text parts lists again than a ship with working parts still at sea. Everyone is winning with new orders for more spare parts and contractor overtime. Parts arrive and are gathered together to make up the plain text parts list in the UK and sent to the port just in time. Cryptography would slow all that down and might even expose the true origins and costs of the "parts" due to ongoing internal security reviews. Plain text and no crypto is much better in so many ways just like in the USA. Cleaning up after hackers is just a gov cost that can be passed back to tax payers as private sector contractor overtime. Still winning even when systems need a big clean up. Working crypto is not good for billable hours trying to understand what happened to a wide open server that faced the internet.

      --
      Domestic spying is now "Benign Information Gathering"
  4. RED ALERT!!! by Anonymous Coward · · Score: 0

    Apparently... I done gots da firs pos! Firs pos! Dis use tuh beez hard! Liek muh massibs bwack coq.

    Firs pos!

    I is gonna partay wif sum fwied chigguns an some gRape drank, muh n words!!

    Mebbe I is gone beats muh neeglit an raep her.

  5. They want more toys by Anonymous Coward · · Score: 0

    New and shiny, and with no oversight.

  6. Russia is a rouge nation by WillAffleckUW · · Score: 1

    Seriously.

    (sorry, just wanted to misspell rogue)

    --
    -- Tigger warning: This post may contain tiggers! --
  7. The BBC is the PR arm of MI5 by Anonymous Coward · · Score: -1

    The BBC was set up to be the official propaganda organ of the British Secret Services before MI5/6 even had their names. Every senior BBC manager, producer and all journalists are vetted and approved by MI5 officers stationed in each major BBC location (and before some war-mongering, wahhabi-loving Clinton voting dribblers tries to challenge this FACT- it was quite a little public scandal last century when the presence of MI5 officers in BBC building was first admitted).

    The BBC lies to sell wars and social engineering agendas. Today in Blair's 'academy schools' despotic perverts with no true educational credentials run the facilities like Orwellian prisons- with the BBC cheerleading the child abuse every step of the way. When Blair wanted to invaded Iraq, against the will of the British people, the BBC ran anti-Iraq lies day and night. The worst example was 'saddam's mobile biological warfare units" that were actually jest British manufactured weather balloon inflations. When the manager of the company first saw the BBC falsehood, he contacted the corporation news department to correct the actual use of the devices. The BBC simply set MI5 on the company to supress the truth til it was too late.

    During Blair's war on Sebia in 'defense' of Kosovo, the BBC lied day and night about non-existent 'atrocities' in Kosovo. The real atrocity was when Blair bombed the equivalent of the BBC headquarters in Serbia, murdering many ordinary workers like make-up girls. The building was struck when a BBC journalist contacted the British military to report that the last foreign correspondent had left for the night, so only Serbian civilian workers would be murdered by Blair's bomb.

    The Serbs were so outraged by this unthinkably evil war crime that they assassinated Jill Dando, a prominent pro-war BBC personality, shortly afterwards. In the aftermath of the assassination, top BBC personnel were given round the clock police protection. But the BBC forgot to mention this fact to the public when they lied and lied and lied to get an innocent patsy convicted for killing Dando. Blair didn't want it publicly admited that Dando died as a result of him mass murdering innocent TV people in Serbia- and the BBC lied in court to help convict the patsy. A particularly vile BBC personality, Ross, who was the presenter partner of Dando, actually spent significant time spreading lies about the patsy after his conviction. Years later when Blair was safe, the patsy was exonorated and pardoned.

    The BBC has a long history of employing KNOWN pedophiles, and providing them with facilities and 'safe havens' to carry out their crimes on the BBC dime. Savile, of course, was provided with 'rape rooms' where he could take his victims while 'on the BBC job' so to speak. But a less well known example is the depraved star of Steptoe and Son (wilfrid brambell) who, Gray Glitter style, used his generous BBC pay and travel perks to rape boys in the far east. Jonathon King was actually given a 'youth' show on BBC2 to facilitate his lust for underage boys.

    The BBC needs its employees to 'be on message'. Christian religious propagandists at the BBC are expected to be outspoken supporters of Israel- and British religious programming on Sundays glorifies and excuses the atrocities of Israel on a regular basis.

    The BBC ran day-n-night support for war criminal Clinton during her election run, and demonised Trump whenever possible. The BBC led the propaganda attacks against Putin and Assad for daring to liberate Alleppo from british backed wahhabi terror gangs. The same BBC has been glorifying US mass murder of civilians in Mosul and Raqqa over the last few months.

    If you understand what the phrase 'Deep State' means (the force behind the long term agendas of the ruling classes that continue unchanged by elections that apparently place conflicting political forces into office), you'll understand why the Deep State needs perfect social engineering propaganda provided by organs like the BBC.

    The BBC spent the 60s selling a very an

    1. Re: The BBC is the PR arm of MI5 by Anonymous Coward · · Score: 0

      Do you believe this mixture of fact and fiction or is it more Russian propaganda? Much of it reads like the product of a rancid and deluded mind (all that paedophile stuff, blaming the Serbs for the murder of Jill Dando) but I incline to the latter theory, particularly for putting Serbian 'atrocities' in quotes and you've also included the standard Krembot giveaway "secular Syria". Tell us about its democratically elected leader, why dontcha?

  8. Irresponsible Journalism the New Norm by RobotRunAmok · · Score: 0

    >> a document reportedly produced by British spy agency

    WHAT DOES THAT EVEN MEAN??

    >>A follow-up by the BBC indicated that the document was legitimate

    Who is following up on the BBC to see if *they're* legitimate, Or are we supposed to take this government media arm at face value now?

    We have gone completely down the rabbit hole...

    1. Re:Irresponsible Journalism the New Norm by M_Hulot · · Score: 1

      >> a document reportedly produced by British spy agency

      WHAT DOES THAT EVEN MEAN??

      I means that the document appears to be produced by a British spy agency, specifically GCHQ, but this cannot be verified with certainly.

      >>A follow-up by the BBC indicated that the document was legitimate

      Who is following up on the BBC to see if *they're* legitimate, Or are we supposed to take this government media arm at face value now?

      Everyone needs to make their own assessment of the accuracy of news outlets. I see no reason to doubt the BBC on this claim i.e. that GCHQ didn't explicitly deny the document.

      I'm not really sure what point you are making. Why would the BBC lie about this technical and, to my mind, plausible report?

    2. Re:Irresponsible Journalism the New Norm by dwye · · Score: 1

      Mr. RobotRunAmok is paranoid and distrusts government announcements that the sky is blue and water wet, especially when the government agency is citing another such agency as the source. This is despite the fact that there are so many weasel words in the announcement that it merely says that "hackers" exist and may not all be playing golf poorly.

  9. You are basically saying by Anonymous Coward · · Score: 0

    that the NSA/CIA "probably exist". Industrial, political, financial espionage and sabotage is part of what they do. Have you had your head stuck in the sand for the last few years?

  10. No big deal by Anonymous Coward · · Score: 0

    Successive governments for the last 30 years have insured we have no industry left - just services.