jump to navigation

Hackers attack the Euromillions lottery October 29, 2012

Posted by Mark Hillary in Current Affairs, Internet.
Tags: , , , , , , , , , , , , , , , , , , ,
add a comment

Hackers attacked the French site for the Euromillions lottery last weekend. Visitors to the site hoping for a flutter found messages in both French and Arabic warning them of the evils of gambling – with a hacking group called ‘Moroccanghosts’ claiming credit for the attack.

Clearly a group of hackers with an ideological objection to gambling thought that the most effective way to get their message across would be to destroy the Euromillions website. But is this just the start of a wider trend?

During the Occupy demonstrations various hacking groups took pleasure in flexing their muscles by vandalising the websites of companies they had an issue with – usually a particular complaint such as tax avoidance. If a company were perceived to be dodging tax by shunting profit and loss around the world so tax could be paid in the most favourable locations then it would be fair game for an attack.

It’s now a serious risk for any company, even those who pay their taxes and look after their employees, because it doesn’t need to be ideologically disgruntled hackers that destroy an online corporate footprint – it could be rival firms or governments who want to cause maximum damage to the reputation of an organisation.

This has all led to IT security becoming a considerably more complex area than just a few years back where the focus was on virus and worm control. Now, industrial espionage doesn’t need to be performed by spies wearing black jumpers and carrying tiny cameras – if a corporate system is not secure, hackers can just go straight in through the virtual front door.

And even now, the law offers scant protection in this area. Of course it remains illegal to mount a hack on a corporate website, but when the attack can be launched from anywhere, can be automated, can be masked through various anonymous hops around the world, it’s one area of business where hoping for the law to help is no real protection at all.

Fingers crossed

 

Photo by Jaina licensed under Creative Commons

Is technology moving too fast for the law? April 30, 2012

Posted by Mark Hillary in Current Affairs, Internet, Software.
Tags: , , , , , , , , , , , , , ,
add a comment

Three people have been arrested by police recently as part of the investigation into the alleged naming of Sheffield United footballer Ched Evans’ rape victim on Twitter.

The right to victims of rape and sexual assault to remain anonymous is an area of the law that faces an enormous challenge in this era of information freedom. Many victims would not go to the police if they knew that their name would be splashed across the newspapers – whether a celebrity is involved or not – and traditional newspapers and broadcasters have always respected the law in this respect.

But now there is Twitter. It takes just one tweet from somebody with inside knowledge of a case and the victim details are published and cannot be erased. Those wanting to avoid detection can easily create a new Twitter account in a different name within minutes.

The implication is clear. Technology can be used by people with inside knowledge of a subject to broadcast it to the media and general public, with very little fear of recrimination.

This affects many areas of life where sensitive information is managed. Jurors tweeting their opinion as a trial proceeds are already disrupting court proceedings. Medical professionals are tweeting about celebrities receiving treatment – and assuming that they can go to a hospital without news of their condition being broadcast to the world.

In technological terms, the genie has already escaped. We cannot turn back the clock to an age before Twitter so it appears that the approach to this problem can only be the improved education of professionals who deal with sensitive information and greater measures – such as immediate dismissal – for medical or legal professionals who misuse social networks. It is not ideal, but then the world has changed forever.

Scales of Justice, Old Bailey, London

Photo by Andrew Middleton licensed under Creative Commons

Shutting down Twitter August 17, 2011

Posted by Mark Hillary in Government, Internet.
Tags: , , , , , , , , , , , , , , , ,
1 comment so far

The recent civil unrest in several English cities that turned from a political protest into looting and criminality within a couple of days has led lawmakers to explore the social networks blamed for organising the wave of crime.

Though many commentators are pointing out that cars should not be banned because lawbreakers may have used a vehicle to get to the riots, some in government appear adamant that social networks need to be controlled during times of civil disobedience.

It sounds like a cross between the controlled Internet of China and the Egyptian government behaviour – faced with the Arab spring and a popular uprising, the government forced telephone operators to shut down their networks. For a couple of days there was no Internet in Egypt. Citizens resorted to dial-up connections via international phone calls to get any news out of the country.

Could this really happen in the UK?

Former BT Chief Scientist Peter Cochrane dismissed the idea as bluff, suggesting that the government doesn’t understand how the Internet works and that information would always flow, despite any attempt to block it. Others are not so sure.

The Prime Minister himself announced to MPs last week that he is working with the police and intelligence services with a view to exploring the consequences of limiting access to these websites and services if they are being used for criminal purposes. The government already has extensive online intelligence tools available, such as wire-tapping and the boffins inside GCHQ.

So if they started actively requesting offending social media accounts are shut down, would the social networks listen? They might, but then again, would any serious criminals be broadcasting their plans in public? In which case the government would need to directly ask phone networks to suspend their entire 3G services.

In any case, in stark contrast to Egypt, many of the UK networks would refuse on principle, and where would we be then? I don’t believe there is any law that gives the government a right to instruct a phone company to just shut down because of a threat.

[Note: these are the views of the author and not necessarily reflected by Thomas Eggar]

Taking Bribes October 18, 2010

Posted by Mark Hillary in Government, IT Services, Outsourcing.
Tags: , , , , , , , ,
1 comment so far

Anyone doing business around the world will know about bribes. I myself have been offered several and – thankfully for my own conscience – I have always turned them down. But I’ve had to give bribes here and there to get myself out of various scrapes, such as my driver in Morocco paying off a policeman to avoid a speeding ticket, or the taxi driver in India who decided I was not going to be allowed out of my taxi until I paid a ridiculous fare.

But these are just travel experiences, small beer compared to genuine corporate bribes.

The serious fraud office in the UK is about to crack down on multinational firms offering bribes, the greasing of the wheels that used to be accepted just as how you had to “do” business in places where it is just accepted.The new Bribery Act replaces the patchwork of British laws that previously cover bribes. It will cover the corporate offence of making or receiving a bribe and though it has been delayed, it looks like it will be law by April 2011. That means companies all over the UK will need to look again at anti-corruption measures – if they have any measures documented in the first place.

But the question I would ask is, what is a bribe? I know that when I meet people from the BBC, they always pay for their own coffee or lunch. They won’t accept any free trips overseas for any reason. This helps them to retain a high degree of impartiality.But each summer, I’m offered tickets to the cricket and other big sporting events by people from the IT industry. Recently the trend has turned more to rock concerts as well – which suits me. And there is a natural tendency to look more favourably on a company that has bought you a nice box for a test match, but I personally look on it as improving the relationship – giving time to building ideas together – but not buying access.

I’d never write an article in the press about a firm or recommend them just because they bought me some sports tickets.Is the SFO going to explore this kind of entertainment, which is commonly used by people in IT, or is it just higher-level fraud that will keep them active?

Can a supplier contract exist without putting it in writing? August 23, 2010

Posted by Mark Hillary in IT Services, Outsourcing.
Tags: , , , , , , , , , ,
add a comment
Let’s shake on it. It’s a common enough agreement and it seems offensive to shake a on deal and then to refuse to take any further role in the business agreement until a contract is in place, but is the contract essential? Does the handshake really mean anything in law?

I have found myself in a situation several times where a company suggests that I work on a project, I do some work immediately because there is a sense of urgency or a deadline, and when we start talking commercials the agreement falls down. That can be annoying for me, as well as disappointing for the company I am working for, but does it always need to be like this?

It’s also common in outsourcing to find that these agreements are put in place and never documented. Either it’s because the supplier begins work urgently, before the formal agreement is signed, or there is some informal service agreement that is not in the contract. It can also be that two firms with an agreement carry on working after their official contract expires.
So if the contract doesn’t contain a specification of what is required or the contract has expired then is there really any contract at all?

Implied contracts do exist when parties have agreed orally or carried on working past the life of a contract, but it’s important to remember, the same terms don’t apply. Just because a condition was in the original contract, does not mean it can be applied when there is a dispute over the ongoing service.

So the handshake does have some value, even in law, but cannot replace a formal service contract.