CYBER CRIME: Public sector '˜is out of date online' warns expert

THE public face of government, council, police and school websites have been rewritten by politically-driven and '˜show-off' hackers thousands of times in a bid to spread their message.

Monday, 24th July 2017, 7:19 am
Updated Monday, 11th September 2017, 12:43 pm
An expert says the public sector is out of date when it comes to hacking Picture: Shutterstock

A Johnston Press Investigations analysis of a database of website defacements reveals 685 such alterations to pages, nine on pages, 1,460 for, 154 for, 586 and 4,580

The group responsible for the attack on Hampshire County Council’s website carried out 1,838 attacks.

Dr Victoria Wang is senior lecturer on security and cybercrime at the University of Portsmouth’s Institute of Criminal Justice Studies.

Sign up to our daily newsletter

The i newsletter cut through the noise

She said a message, political or otherwise, is the end objective for any attack. But she said smaller organisations that house websites and sensitive information on the same server could see website defacing as an ‘attack vector’ followed by serious crime.

‘Technically, most sound organisations would not have their websites and their sensitive information sitting on the same server,’ she said.

‘So, a website defacement only damages the website.

‘Traditionally, servers that host websites tend to be neglected in terms of security. But organisations with limited IT resources would, for example SMEs. Thus, a website defacement, in this case, may become an attack vector that is followed by serious crimes, such as data theft, data breach, or denial of service attack.’

She added that usually this is not the case. She said: ‘There is often an element of individuals showing off their technical skills, for example young people hacking into a “challenging” high-profile organisation.’

The National Cyber Security Centre last month launched its Active Cyber Defence (ACD) programme, including a website checker.

Designed for cash-strapped public bodies, the tool checks internet pages.

The NCSC, set up in October last year, warned there are around at least 25,000 public sector websites, with many offering an ‘easy way’ in for cyber criminals as the pages had not been updated.

As of last month, 20 ‘urgent vulnerabilities’ had been fixed on using the tool.