IT in the dock

Things aren’t going well in the courts at the moment.

HMCTS suffers major IT issues
Significant IT issues at the HM Courts and Tribunal Service (HMCTS) have caused chaos across the UK’s courts as users have been unable to connect to the network and use IT systems that require access to it.

The issues began last week and are mainly affecting devices trying to connect to the main Ministry of Justice (MoJ) network, which is used by the department as well as all its agencies and several arm’s-length bodies.

Law courts in chaos as IT meltdown disrupts thousands of cases
The communication failures, which started last week, are a significant embarrassment for the Ministry of Justice, which is investing £1.2bn in a high-profile programme promoting online hearings which aims to replace the legal profession’s traditional reliance on mountains of paperwork.

The IT breakdown meant that staff at the MoJ were unable to send emails, wireless connections went down, jurors could not be enrolled and barristers could not register for attendance payments. Courts were left unsure of when some defendants were due to appear and some court files could not be retrieved, leading to prosecutions being adjourned.

The Register had reported on this a few days before, when the problem seemed to be restricted to just their CJSM (Criminal Justice Secure eMail) system.

Lawyers’ secure email network goes down, firm says it’ll take 2 weeks to restore
For reasons that were not immediately clear, Egress Technologies, provider of CJSM, said in an emailed update to users seen by The Register that restoring CJSM would involve wiping their mailboxes for up to two weeks.

It’s now more serious than that.

Nationwide UK court IT failure farce ‘not the result of a cyber attack’ – Justice Ministry
The Ministry of Justice has said a data centre outage was responsible for the widespread collapse of the UK’s civil and criminal court IT infrastructure over the past days.

In a statement to Parliament today, justice minister Lucy Frazer pinned the fault on Atos and Microsoft, saying there had been an “infrastructure failure in our suppliers’ data centre”.

Here’s a report from 2016, highlighting the issues the department was facing…

Ministry of Justice IT systems are ‘fragile and precarious’, say MPs
The Ministry of Justice (MoJ) must get to grips with its poor IT systems or risk “further demoralising essential staff”, the Public Accounts Committee (PAC) has warned. […]

“ICT systems in probation are inefficient, unreliable and hard to use,” the PAC said. “In a service that relies on successful joint working between multiple partners, it is essential that ICT supports, rather than frustrates, effective and efficient collaboration. This is far from the case for probation.”

… which led to the £1,000,000,000 plan to “transform courts with better use of technology”.

UK justice system set for ‘wholesale shift’ to digital
The reform programme foresees “a wholesale shift to accessing justice digitally” and flags up two “significant developments” that will affect the way courts and tribunals operate: “The first is our aim for all cases to be started online, whether or not they are scheduled for the traditional system or for online resolution. The second will be the completion of some cases entirely online, which will be much more convenient for everyone involved.”

How was that received? With not much confidence, it seems.

PAC doubts justice system transformation programme will be a success
Public Accounts Committee says it’s difficult to see how the government’s “extremely challenging” £1.2bn project to overhaul courts through use of technology “will ever work”.

I don’t know if that’s related to today’s IT breakdowns there, but it makes you wonder.

Stolen millions

More announcements of company data (our data) being stolen. The numbers involved each time are just incredible.

Hackers breach Quora.com and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. […] In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Whenever these stories are reported, the articles often end with a little summary of other recent snafus. The one above ended with:

Quora’s post is only the latest disclosure of a major breach. On Friday, hotel chain Marriott International said a system breach allowed hackers to steal passport numbers, credit card data, and other details for 500 million customers. In September, Facebook reported an attack on its network allowed hackers to steal personal details for as many as 50 million users. The social network later lowered the number of accounts affected to about 30 million.

A post from The Register, about that massive Marriott breach, concluded with this reminder of previous losses.

Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years
Few hacks of individual firm’s customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees’ breached by hackers.

Remember the hacking cough?

More hacking schadenfreude, but with an added GDPR element this time.

First, the hapless Tories.

Major security flaw in Tory conference app reveals users’ data
Commentators said the flaw raised questions over the ability of the government to harness technology to solve issues around the Irish border and customs checks. The app may also have breached data laws. Its privacy policy states that it “complies with … the European Union’s general data protection regulation (GDPR)”.

Boris Johnson’s profile immediately vandalised with hardcore pornography in Tory conference app security blunder
The highly serious blunder allowed anyone to access details of hundreds of MPs including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson – who have police protection and warn regularly of the hacking threat from Russia. But it also gave pranksters an opportunity to have fun with the profiles of prominent Conservatives.

And then Facebook. Again.

Facebook says at least 50 million users affected by security breach
Facebook said the FBI is now investigating. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located. The Irish Data Protection Commission has asked Facebook to clarify the breach “urgently.” If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

Facebook hack: Here’s what you need to do to secure your account
Critically, for European users, Facebook has been in touch with the Data Protection Commissioner in Ireland – where it is registered – to inform it of the breach. This will be the first data protection incident from one of the major tech companies since the enforcement of Europe’s General Data Protection Regulation (GDPR) in May. GDPR gives regulators the power to issue huge fines but this is yet to be tested. In a statement the Irish Data Protection Commission said Facebook hasn’t given it many details yet. It is “concerned” that despite Facebook discovering the breach on Tuesday, it hasn’t been able to “clarify the nature of the breach and the risk for users at this point”.

Fake degrees still big business

The scale of this still astounds me. All the work that goes into administering and assuring our degrees – let alone the work the students themselves undertake – is put in jeopardy if these fraudulent qualifications are not challenged.

Fake degrees, real news
But as this recent File on Four investigation by the BBC demonstrated, this Diploma Mill business is still booming and, according to the report, over 3,000 fake qualifications have been sold to individuals (and in one case a company) in the UK out of a worldwide total of 215,000 which netted a profit in excess of £37m in 2015. It seems that the investigation in Pakistan has ground to a halt “amid claims of government corruption” and sales are continuing, but now with a new twist: extortion.

Belltown University? Queens Bay University? Just two from a very long list indeed.

Your favourite passwords

As well as the obvious “12345678”, “password” and “qwerty” (I can’t believe people really use those?), it seems people’s names beginning with J are especially common.

Top 500 most common passwords visualized
Most common passwords. Is yours here? Also, after some deep analysis, we’ve discovered that passwords fit into 11 categories. See what they are.

If any of your passwords feature on that chart, please read this and change them. Right now.

The usability of passwords
Using more than one simple word as your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password. It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.

High tech in high office

For gadget geek in the Oval Office, high tech has its limits
Mr. Obama is the first true gadget geek to occupy the Oval Office, and yet his eagerness to take part in the personal technology revolution is hampered by the secrecy and security challenges that are daily requirements of his job. What counts as must-have features for many people — high-definition cameras, powerful microphones, cloud-connected wireless radios and precise GPS location transmitters — are potential threats when the leader of the free world wants to carry them around.

I guess he doesn’t have these problems any more.