BBC Reporting "Cyber Attack" on NHS IT Systems

[leicsmac]

45 minutes ago, sphericalfox said:

that's nothing...

 

The world is in safe hands.

 

http://www.bbc.co.uk/news/world-us-canada-36385839

 

The whole of the NMCC network concerning nuclear response is kept deliberately backward in this way as much as possible - completely standalone machines, retro technology etc, for the exact reason you hint at - to stop it from being compromised in any way. There's no way launch codes would be kept on any kind of digital medium, for instance - hard copy only.

 

The only are that is really cutting edge is the communication network that links all of them and how it has been hardened.

[Col city fan]

What utter cvnts would do something like this? Have they got nowt better to do.

For fooks sake.

[Wymsey]

Some news outlets believe the hackers didn't do this for the money.

 

Yes, they did it for the "fun" and "banter" as ''no one can get me because I'm behind a computer screen", that's all...

 

Fancy targeting healthcare trusts in particular, where their aim is to make ill people better; under an overall company that is struggling financially and already in crisis in other areas such as time constraints and lack of proper leadership?

I do find this black-hearted, really do.

[leicsmac]

18 minutes ago, Wymeswold fox said:

Some news outlets believe the hackers didn't do this for the money.

 

Yes, they did it for the "fun" and "banter" as ''no one can get me because I'm behind a computer screen", that's all...

 

Fancy targeting healthcare trusts in particular, where their aim is to make ill people better; under an overall company that is struggling financially and already in crisis in other areas such as time constraints and lack of proper leadership?

I do find this black-hearted, really do.

 

Some folks - and an awful lot of them are script kiddies - simply do not care: they have no real comprehension of the consequences of what they do and even if they did they'd dismiss it using the latest pseudo-social Darwinism babble they've got from certain YouTube celebs they frequent.

[Col city fan]

8 hours ago, leicsmac said:

Some folks - and an awful lot of them are script kiddies - simply do not care: they have no real comprehension of the consequences of what they do and even if they did they'd dismiss it using the latest pseudo-social Darwinism babble they've got from certain YouTube celebs they frequent.

Spot on.

I believe there are an ever increasing number of people who literally do not give a shite. They would do ANYTHING for 'a laff'

In this case, if caught I'd give them life imprisonment.

[Foxhateram]

5 minutes ago, Col city fan said:

Spot on.

I believe there are an ever increasing number of people who literally do not give a shite. They would do ANYTHING for 'a laff'

In this case, if caught I'd give them life imprisonment.

Beat them up and tell them to go to A and E while the virus is still implemented. They will soon turn it off when they realise it is them that needs the NHS to work smoothly. 

 

So many self centered people in society today. It's every man for himself. Sickening.

[Col city fan]

17 minutes ago, foxhateram said:

Beat them up and tell them to go to A and E while the virus is still implemented. They will soon turn it off when they realise it is them that needs the NHS to work smoothly. 

 

So many self centered people in society today. It's every man for himself. Sickening.

The problem of course is the nanny fookin state under which we live. I'm convinced it does not dissuade these type of tossers against performing such vile acts. They know they'll get off with a suspended sentence or some other meaningless punishment, underpinned by some fancy lawyer who would plead they didn't mean any harm etc. 

[DJ Barry Hammond]

9 hours ago, Wymeswold fox said:

Some news outlets believe the hackers didn't do this for the money.

 

Yes, they did it for the "fun" and "banter" as ''no one can get me because I'm behind a computer screen", that's all...

 

Fancy targeting healthcare trusts in particular, where their aim is to make ill people better; under an overall company that is struggling financially and already in crisis in other areas such as time constraints and lack of proper leadership?

I do find this black-hearted, really do.

 

Its not a bad way to advertise your 'services' to prospective interest groups so to speak. 

[Col city fan]

22 minutes ago, DJ Barry Hammond said:

 

Its not a bad way to advertise your 'services' to prospective interest groups so to speak. 

Meaning what?

[Nick]

15 minutes ago, Col city fan said:

Meaning what?

I think he means that approaches by tech companies break into systems so people know they are vulnerable then sell them the solution to prevent it happening to them again.

[sphericalfox]

47 minutes ago, Swan Lesta said:

I think he means that approaches by tech companies break into systems so people know they are vulnerable then sell them the solution to prevent it happening to them again.

Maybe Microsoft hired some parents' cellar based goon to implement their 'get our upgrade policy'? 

[Carl the Llama]

2 hours ago, foxhateram said:

Beat them up and tell them to go to A and E while the virus is still implemented. They will soon turn it off when they realise it is them that needs the NHS to work smoothly. 

 

So many self centered people in society today. It's every man for himself. Sickening.

 

2 hours ago, Col city fan said:

The problem of course is the nanny fookin state under which we live. I'm convinced it does not dissuade these type of tossers against performing such vile acts. They know they'll get off with a suspended sentence or some other meaningless punishment, underpinned by some fancy lawyer who would plead they didn't mean any harm etc. 

Was this done by someone in the UK then?

[midland_red]

LESSONS LEARNED

1) the practice of spy agencies (America's NSA, but also Britain’s GCHQ and equivalents in Russia, China etc) of finding software vulnerabilities and then hoarding them, rather than reporting to them to the software company to be fixed - is the root cause of this disaster. These exploits invariable leak out as happened in this case, and spy agencies are making us all less secure as a result

2) Heads need to roll for not deploying a critical Microsoft security patch. Hospitals which did deploy it were safe, those that didn't got it big time.

3) Patch deployment policies need to be urgently reviewed. And again, why did some hospitals deploy promptly, and some didn't?

4) Balkanisation of the NHS into separate trusts has made matters much worse. One issue for the NHS is that specialist equipment may only work on old versions of Windows, which is why Windows XP can be so prevalent. Vendors can - and do - refuse to guarantee an upgrade path. But with one central purchasing authority the NHS would have been in a stronger position to ensure compliance with evolving Microsoft software

5) What were systems running obsolete software doing connected to the public internet? If they have to exist they should have been rigorously airgapped or isolated on a separate network.

6) Consistent NHS underfunding is another root cause. Security is expensive, and cash-strapped managers won't spend money on it, preferring instead to take a gamble (An issue in the private sector toot BTW - at the time of the hack a couple of years ago TalkTalk had no security executive..). There seems to have been little or no threat analysis performed.

7) NHS top leadership – and the politicians – have been asleep on the job. Microsoft gave years of notice that support for Win XP would end in 2014, time enough to prepare a migration plan. Why wasn;t' progress on these plans being monitored (but see point 6 above – systems migration is a long and expensive business)

8) we are cursed with politicians who are technically illiterate – see Amber Rudds' waffle, and I'm not sure Jeremy Corbyn was much better. There is only one politician in the UK who I would trust to understand this – David Davis, who, of course fought so hard against mass surveillance of the citizens.

 

[m4DD0gg]

1 hour ago, midland_red said:

LESSONS LEARNED

1) the practice of spy agencies (America's NSA, but also Britain’s GCHQ and equivalents in Russia, China etc) of finding software vulnerabilities and then hoarding them, rather than reporting to them to the software company to be fixed - is the root cause of this disaster. These exploits invariable leak out as happened in this case, and spy agencies are making us all less secure as a result

2) Heads need to roll for not deploying a critical Microsoft security patch. Hospitals which did deploy it were safe, those that didn't got it big time.

3) Patch deployment policies need to be urgently reviewed. And again, why did some hospitals deploy promptly, and some didn't?

4) Balkanisation of the NHS into separate trusts has made matters much worse. One issue for the NHS is that specialist equipment may only work on old versions of Windows, which is why Windows XP can be so prevalent. Vendors can - and do - refuse to guarantee an upgrade path. But with one central purchasing authority the NHS would have been in a stronger position to ensure compliance with evolving Microsoft software

5) What were systems running obsolete software doing connected to the public internet? If they have to exist they should have been rigorously airgapped or isolated on a separate network.

6) Consistent NHS underfunding is another root cause. Security is expensive, and cash-strapped managers won't spend money on it, preferring instead to take a gamble (An issue in the private sector toot BTW - at the time of the hack a couple of years ago TalkTalk had no security executive..). There seems to have been little or no threat analysis performed.

7) NHS top leadership – and the politicians – have been asleep on the job. Microsoft gave years of notice that support for Win XP would end in 2014, time enough to prepare a migration plan. Why wasn;t' progress on these plans being monitored (but see point 6 above – systems migration is a long and expensive business)

8) we are cursed with politicians who are technically illiterate – see Amber Rudds' waffle, and I'm not sure Jeremy Corbyn was much better. There is only one politician in the UK who I would trust to understand this – David Davis, who, of course fought so hard against mass surveillance of the citizens.

 

Regarding point 2 & 3 a lot of this is down to 3rd party managed services not doing their job correctly, in part because these legacy NHS IT systems (think W2K and even NT) run operating theatre critical appliations, the risk of trying to patch them is huge so they never end up getting done.

 

Private sub contractors and well known IT companies queue up to rinse the **** out of the NHS because they are so poorly run. I have seen over charging as much as 200% on retail price for IT equipment and no one questions a thing. I have seen IT managers in the NHS pay for the same services not once, not twice, not thrice but four times! In addition the same IT managers literally doing sweet fa working 9am to 5.30pm with a strict 1 hour lunch but at the same time have a PA!!

[Foxhateram]

1 hour ago, Carl the Llama said:

 

Was this done by someone in the UK then?

Not neccesarily. It's a world wide issue that society is becoming more seperated and each generation becomes more solitary in their thinking. It's not just here.

[Carl the Llama]

28 minutes ago, foxhateram said:

Not neccesarily. It's a world wide issue that society is becoming more seperated and each generation becomes more solitary in their thinking. It's not just here.

That's kind of my point, bit redundant threatening them with NHS shutdown or blaming our government for the actions of what may well be foreign nationals

[Livid]

You don't here many of these cases being brought to court or any kind of Interpol swoop.  When you do it's usually some kid in his bedroom who hadn't quite covered his tracks. 

 

Are we just trying to hold back the tide here? 

[Collymore]

31 minutes ago, Livid said:

You don't here many of these cases being brought to court or any kind of Interpol swoop.  When you do it's usually some kid in his bedroom who hadn't quite covered his tracks. 

 

Are we just trying to hold back the tide here? 

Most of the time they are head hunted by the intelligence agencies to work for them targeting who they want and helping them to improve their defence.

 

If they refuse they're locked up and the key would be thrown away. That's how the world works I'm afraid, it might sound Hollywood but it does happen. 

 

 

[Foxhateram]

8 hours ago, Carl the Llama said:

That's kind of my point, bit redundant threatening them with NHS shutdown or blaming our government for the actions of what may well be foreign nationals

I never did blame our government kind sir. Only alluded to the fact we need to change future generations for the sake of the planet. 

[Livid]

7 hours ago, Collymore said:

Most of the time they are head hunted by the intelligence agencies to work for them targeting who they want and helping them to improve their defence.

 

If they refuse they're locked up and the key would be thrown away. That's how the world works I'm afraid, it might sound Hollywood but it does happen. 

 

 

Do you think the locking them up and throwing away the key for a few of them may at least send out a message.

[Sharpe's Fox]

[Carl the Llama]

12 hours ago, foxhateram said:

I never did blame our government kind sir. Only alluded to the fact we need to change future generations for the sake of the planet. 

Right but you need to take my comment in context of both posts that I quoted, not just your one 

[orangecity23]

On 13/05/2017 at 12:34, orangecity23 said:

GCHQ and the NSA have been buying zero day exploits -vulnerabilities in Windows and Mobile OS's, which they pay the people who discover them to not disclose to Microsoft or the mobile manufacturers. They intentionally prevent security vulnerabilities in computer systems which we all use from being fixed because they want to use them for snooping or planting spyware on their targets, whilst everyone else in the world is left open to those vulnerabilities being discovered by cyber criminals and exploited.

 

 

Microsoft has now issued a blog which confirms that this attack was made using exploits that were stolen from the NSA  https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.000bi5yyf12twdrz104kfp70qrzfk

 

This problem is present in all versions of Windows since XP, and was only patched out by Microsoft in March this year. It is possible that the NSA have been sitting on this problem for years, and they were careless enough with the information for it to be stolen. This just raises further questions - when it was first stolen, did the NSA bother to inform Microsoft that it was now in "rogue" hands? Or did they just wash their hands of it and carry on badgering tech companies to build in back doors into Operating Systems and apps that could be exploited by any number of potential attackers, and risks the security of vital infrastructure and private citizens all over the world.