Tag Archives: BBC

Internet’s time servers secured in “worldwide effort”

March 20, 2014 Sam Richardson

The BBC is reporting a “worldwide effort” to strengthen “time servers” (computers that keep the time on the internet) as a way of thwarting hack attacks. It reports that there has been an “explosion” in the last few months of the number of attacks targeting these special servers. The story was first broken by security company Arbor.

Criminals used the time servers (also known as NTP servers) in a series of DDoS attacks. DDoS attacks aim to knock out a targeted network by flooding its servers with huge amounts of data. Roughly 93% of all vulnerable servers are now thought to be secure against this type of attacks.

The inspiration for this tightening in security came from an attack on the online game League of Legends, which was performed by Derp Trolling, who have attacked many other online gaming platforms in a similar manner.

The League of Legends gaming site (and others like it) were attacked by exploiting a weakness in older forms of the software that underpins the network transfer protocol (NTP). This type of attack is called an NTP reflection attack, which uses a spoofed IP address (mimicking the targets IP address) to overload it with responses from multiple NTP servers. This rush of data to the target server, or servers, causes them to crash.

The Network Time Foundation, which helped to coordinate the security measures, estimated that 1.6 million machines were at risk to reflection attacks. Work to reduce this number began early this year.

Despite 93% of servers now being more secure, an estimated 97,000 are thought to be open to abuse.�Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack, leaving plenty of room for hackers to manoeuvre.

The “explosion” in the number of attacks in recent months has been caused by copy cat hacking groups using the same methods as Derp Trolling. This has led to a spike in malicious network activity, hence why the internet community has responded with such a wide ranging strategy.

Iranian Government are Likely Culprit Behind BBC Hack

March 15, 2012

Simultaneous cyber attacks have been directed at the BBC with Iranian authorities thought to be the culprit.

Satellite feeds into Iran have been jammed as well as automated calls jamming their London phone lines.

The source of this type of attack is extremely difficult to pinpoint however the multiplicity of BBC broadcast feeds being jammed in Iran points a very convincing finger at the Iranian government.

The government have long been suspicious of western media and often the only people able to access BBC broadcasts have been those who own illegal satellite receivers.

In general the level of censorship means that the form of Internet the Iranian people have access to bares no resemblance to that available in the West.

In addition during troubled times the Iranian government have often being known to slow internet speeds to a point whereby it is impossible to send/upload evidential videos or even photos.

The attacks are nothing new and BBC Persian staff are forced to conduct their work outside of Iran with their families being the victim of harassment and even arrest.

Director General Mark Thompson stated on Wednesday �We regard the coincidence of these attacks as self- evidently suspicious,� but said no further details would be released at this time.

�Nation states are honing their cyber warfare and cyber espionage skills, and such activity can only be expected to increase. As a result, the accurate attribution of cyber attacks has never been more important,� commented Ross Brewer, CEO at LogRhythm.

Concerning Lack of Data Security Among UK Councils

December 15, 2011

A report by the BBC has presented some shocking findings made by a UK information watchdog.

The report highlighted the lax attitude which is being adopted by councils with regards to keeping data secure.

There are 1,035 cases of UK councils experiencing data loss between 2008 and 2011. Of particular concern in the report was the exposure of data relating to children, as well as other vulnerable members of society.

One incident in Wales involved Cardiff council wrongly sending the names and addresses of 2,400 children, on the child protection registry, directly to the NHS.

Kent and Buckinghamshire were among the councils which lost the most data, with 72 cases each. Just below them, Northamptonshire and Essex had 48 and 62 cases respectively.

Wales are arguably the worst in the UK at keeping data secure however, with 8 out of 22 councils experiencing data loss in the last three years. This prompted Anne Jones at the ICO in Wales to express �serious concern.�

�It�s vital that local authorities properly live up to their legal responsibilities to keep personal data secure, particularly where it is sensitive information about children and young people� said Jones.

Data loss is becoming increasingly more concerning with more users utilising an ever-increasing array of mobile devices. There is often no remote deletion policy in place for such hardware. In addition with many organisations pushing more of their infrastructure into the Cloud, the urgency to implement tighter security measures has never been more crucial.

Growing Number of Britons Online

November 18, 2011

More than 8.4 million Britons have never used the web, or 16.8% of the British population. A survey by the Office of National Statistics shows that more people are getting online, with the number of adults falling by almost 300,000 in the last quarter. �The recent figures compare substantially to the figure of a fall of 12,000 in the previous quarter.

The figures echo Google CEO, Eric Schmidt�s belief over the summer that the UK is lagging behind in technology and a national campaign has been set up to get more British people online.� The Race Online 2012 campaign is a strong response to Schmidt�s comments and is hoping to inspire thousands of local digital champions.� Getting online is becoming more and more essential to daily life, particularly with nine out of ten new jobs now requiring online applications.� It has been found that internet users are able to command around ten per cent higher salaries than non-users.

When analysing the statistics, the largest age group online is those aged 16-24, with 98.6% of them using the internet.� But the greatest fall of non-users was amongst those aged 75 and over, numbering 164,000 and yet they are the slowest age group with 72.4% still to get online.

It wouldn�t be surprising that the younger ages are fastest and are of a greater number online and the older ages are longer on the take up.� What is most interesting is the number of adults between 25 and 74 because more than half of adults not online are disabled.� 36.3% of disabled adults have not used the internet compared to 10.8% of abled adults.

Research by Ofcom and the BBC show that many still doubt the benefits and have an �initial lack of confidence in taking their first steps online� and further suggested that families and friends play a key role for nearly all recent adopters of the web.� It is on this basis that the Give an Hour campaign, led by digital champion Martha Lane Fox, is encouraging 30 million daily users in the UK to help their friends and families get online.

“A growing gap exists between those who are online and those who are not, as the internet becomes more of an essential utility for consumers,” said Jonathan Stearn of Consumer Focus.

“The Government must provide even more targeted support to those who lose out the most. That means tackling real barriers over cost, access, security fears, and computer skills.”

China Accused of 5 Year Hacking Spree

August 4, 2011

McAfee claims that it has uncovered one of the largest cyber attacks ever.

More than 70 government agencies and corporations have had data extracted over a period of five years. International organisations have been infiltrated ranging from the UN to the International Olympic committee.

According to Dmitri Alperovitch, McAfee�s vice president of threat research the evidence points to �a nation state� being the culprit.

�Even we were taken aback by the audacity of the perpetrators� Alperovitch.

At the moment China is highest in the list of suspects. Beijing however have denied involvement calling all accusations �groundless.� Earlier this year Google also pointed the finger at China when some of their source code went missing.

Jim Lewis, a cyber expert with the centre for strategic and international studies was quoted by the Reuters news agency as stating that it was �very likely China was behind the campaign due to some of the targets being of particular interest to Beijing.�

Furthermore Raj Samani, McAfee�s Chief European Technology Officer has already said to the BBC that he suspects the attacks to be still going on �This is a whole different level to the �Night Dragon� attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad.�

As many companies have been distracted by the very public attacks of groups such as LulzSec and Anonymous there have been secret attacks going on, conducted by an unknown. Graham Cluley, a security expert with Sophos told the BBC, �sometimes it�s not about stealing your money or publicly leaking your data. It�s about quietly stealing your information, which can have a very high political, military or financial value.�

Although the intent of the hackers is unclear, what is clear is that they have been able to make off with valuable data and this story will intensify the US government�s push to fortify its cyber security.

BBC device losses cost close to �250,000

August 12, 2010

The BBC has been forced to admit that it has lost nearly a quarter of a million pounds worth of laptops and smartphones over the last two years, although at this point, the cost of the resultant data loss is unknown.

Security firm Absolute Software shed light on the high cost after it put in a request under the Freedom of Information Act.

The loss of mobile devices by BBC employees, including 17 BlackBerry smartphones, cost over �22,000, while the cost of losing nearly 150 laptop computers came closer to ten times that amount.

These devices were both lost and stolen and just one per cent of them were ever recovered by the broadcaster. It said in a statement that once it was made aware of a loss or theft it would initiate procedures to deal with data security breaches, although it would not explain precisely what these steps would involve.

Absolute Software’s Dave Everitt criticised the BBC for this significant loss of equipment over a relatively short period and argued that far more of the devices could have been recovered if they were not only properly protected but also if they had the necessary software onboard to allow them to be remotely tracked.

Mr Everitt pointed out that licence payers were seeing their money being spent on these devices which were subsequently lost, ultimately leaving them to foot the bill.

The BBC stated that any security breach, data loss or device theft was considered to be a serious matter, but admitted that within an organisation of its size it was impossible to completely rule out the loss of laptops and mobile phones.

Data security expert Paul Vlissidis said that the BBC and other organisations would need to expand their focus beyond protecting data stored centrally on internal systems in order to encompass the ever expanding use of portable devices.

Mr Vlissidis pointed out that although encryption would effectively protect data provided the device was powered down completely after ever use, many employees simply leave laptops in sleep mode, which allows criminlas to bypass encryption immediately.

The Information Commissioner’s Office (ICO) has said that it will not investigate the loss of the devices as the BBC has made it aware of most incidents and has not given it reason to suspect that licence payers’ data has been compromised.