Jump to content

BRFCS

BY THE FANS, FOR THE FANS
SINCE 1996
Proudly partnered with TheTerraceStore.com

[Archived] NHS Ransomware attacks - Multiple hospitals now trying to operate with zero IT facility


Recommended Posts

22 minutes ago, Glenn said:

You want to legislate against something you admit you have no understanding of? There is a place for people like you, but sadly that place seems to be the cabinet office.

What we have is an American Spy Agency, develop a bunch of spying tools, for spying.  You then have a bunch of state-sponsored Russian hackers who find these tools and at the behest of the Russian government leak them through a Russian propaganda machine hiding in the Ecuadorian embassy.

Thankfully the American Spy Agency, once they learned they;d been hacked, worked with the vendors whose software they had hacked to patch the holes before the accused rapist hiding in the embassy made them public.

Which part of that scenario is legislation going to fix?  

 

 

I understand the internet is dangerous when it isn't secure, and that service providers aren't properly regulated and need to take more responsibility for their content. 

With the regards to the NHS, why didn't it have its own internal internet system, or is that the sort of question a cabinet member would ask ? 

Link to comment
Share on other sites

  • Replies 81
  • Created
  • Last Reply
Just now, jim mk2 said:

 

I understand the internet is dangerous when it isn't secure, and that service providers aren't properly regulated and need to take more responsibility for their content. 

With the regards to the NHS, why didn't it have its own internal internet system, or is that the sort of question a cabinet member would ask ? 

I'm not against more regulation of service providers (in fact I think in a lot of cases it would weed out the charlatans), stuff like PCI-DSS (for the card payment industry) as much as everyone hates it, has actually raised the bar in that area. My point is there is nothing involving the tools getting into the wrong hands that legislation would fix.

Should we be legislating that organisations should patch their systems quicker? Well, that's almost the discussion Biddy and I are having. But infosec is all risk management, what the bigger risk, a piece of medical equipment fails because of a patch that hadn't been sufficiently tested or the device fails because it's compromised by a hacker? The first is much more likely, so whilst I don't like their logic, I do understand it.

As for why don't the NHS have their own private network, they do. The trouble is these days people design tools and systems to access the internet (or "the cloud" if you will), so the network is connected to the internet, not air gapped. This isn't as stupid as it seems, think about modern hospital equipment, having the manufacturer remotely monitor it's functionality, and prov actively fix it before it breaks, that's great for the NHS, but that data has to get from the equipment to the vendor somehow and that somehow would be the internet.

Link to comment
Share on other sites

  • Backroom

This is an issue that the Government should have been working on non-stop to ensure the best possible protections were in place.

Instead they've invested more time in making sure they can spy on the average citizen as and when they please.

Their priorities lay bare exactly what our current Government care about - and it isn't our welfare. We're guilty until proven innocent.

Link to comment
Share on other sites

Just now, DE. said:

This is an issue that the Government should have been working on non-stop to ensure the best possible protections were in place.

Instead they've invested more time in making sure they can spy on the average citizen as and when they please.

Their priorities lay bare exactly what our current Government care about - and it isn't our welfare. We're guilty until proven innocent.

I don't think the 2 are really related. IT infrastructure is often the first cut made when money is tight, as it's a cost that rarely sees benefit until things like this occur. Public sector finances have been under constraint for many years.

Having back access channels into data is both desirable from a national security perspective, and a major risk point for hackers, it's just one of those things  that needs to be dealt with as far as I'm concerned. 

Link to comment
Share on other sites

  • Backroom
Just now, Baz said:

I don't think the 2 are really related. IT infrastructure is often the first cut made when money is tight, as it's a cost that rarely sees benefit until things like this occur. Public sector finances have been under constraint for many years.

Having back access channels into data is both desirable from a national security perspective, and a major risk point for hackers, it's just one of those things  that needs to be dealt with as far as I'm concerned. 

Considering this ransomeware reportedly came about through leaked NSA tools I'd say they are directly related. 

Link to comment
Share on other sites

Just now, DE. said:

Considering this ransomeware reportedly came about through leaked NSA tools I'd say they are directly related. 

My point is that the people who run the networks in the NHS etc know that these tools are there, and therefore should have plans to combat it.

Whether the tools should exist or not is debatable. It's an additional pain in the arsenal for IT, but it's not an excuse to shift blame in my opinion. And that's if it's the NSA tools that are the cause, I don't think that's proven yet.

Link to comment
Share on other sites

  • Backroom
Just now, Baz said:

My point is that the people who run the networks in the NHS etc know that these tools are there, and therefore should have plans to combat it.

I think you might be surprised! 

Link to comment
Share on other sites

The fact this was a known attack, with a patch available since March is a bit of a red herring as far as I'm concerned. Zero Days (newly discovered attacks for which there is yet no patch) are being found all the time, what if this outbreak was using a zero day instead? That's why I'm saying the key to combatting this stuff isn't fasert patch cycles (though that is always a good thing), it's secure architecture in the first place.

The worm needed smb v1 (which is old and broken), the only reason to leave smb v1 enabled is if you have any xp hosts. So if you simply HAVE to support a 16 year old operating system that Microsoft haven't support since 2014 (and I understand with specialist medical equipment in a cash strapped industry you might have to) you keep it segmented away from everything else, not have it on one massive, flat, network.

Link to comment
Share on other sites

Unrelated, but as this thread has outed a fellow sysops, the Trust are looking for a new IT guy to keep their stuff running and have realised there is a difference between somebody that understands a LAMP stack and a web dev. Interested? Talk to  @StubbsUK

Link to comment
Share on other sites

7 hours ago, Glenn said:



As for why don't the NHS have their own private network, they do. The trouble is these days people design tools and systems to access the internet (or "the cloud" if you will), so the network is connected to the internet, not air gapped. This isn't as stupid as it seems, think about modern hospital equipment, having the manufacturer remotely monitor it's functionality, and prov actively fix it before it breaks, that's great for the NHS, but that data has to get from the equipment to the vendor somehow and that somehow would be the internet.

I think we are over thinking this but I'd be pretty certain that not many, if any client xp machines are connected directly to the internet in the NHS. I expect they will go via an authenticated proxy which will be firewalled off. So my guess is that it's not quite the open free for all people are making out. More than likely the malware got on via someone running in on their desktop (via email or download) and it went on from there.

With regards to internet connected devices for remote fix, basically they also shouldn't be directly connected. Again, only a guess in this instance but I would expect encrypted point to point VPN tunnels to be set up to partners with access rules that only allows them to get to the devices they look after. Again, probably more secure than people are making out.

And don't get me started on IoT. Who needs a fecking doorbell or light bulb connected to the internet. As consumers we are just saying "come and monitor me". Kind of like Glenn was saying the other week with the Amazon Echo. Who wants a device that's constantly listening to every word you say?  

Link to comment
Share on other sites

 

Speaking as a computer layman, if the internet is inherently unsafe and the hackers are always going to be one step ahead, isn't it time to reinvent the wheel and go back to using pen and paper?  

Link to comment
Share on other sites

  • Backroom

No, the internet is generally only unsafe if you're stupid, reckless or ignorant. Learning to use technology properly is the solution, not regression into the past.

Link to comment
Share on other sites

Vast organisations such as the NHS, Telefonica and many others across the world  have been hacked in the past 24 hours, while hacking in general has been a problem for companies, governments and individuals for years, so are they all "stupid, reckless and ignorant"?  

Link to comment
Share on other sites

Just now, jim mk2 said:

Vast organisations such as the NHS, Telefonica and many others across the world  have been hacked in the past 24 hours, while hacking in general has been a problem for companies, governments and individuals for years, so are they all "stupid, reckless and ignorant"?  

They haven't been hacked.

Link to comment
Share on other sites

  • Backroom
9 minutes ago, jim mk2 said:

Vast organisations such as the NHS, Telefonica and many others across the world  have been hacked in the past 24 hours, while hacking in general has been a problem for companies, governments and individuals for years, so are they all "stupid, reckless and ignorant"?  

Or, not and. You should know better than anyone how a simple change of wording can completely alter a sentence, so please don't do that.

It's easy to be one of the three (although for the record, these companies weren't hacked in the traditional sense) and you have more chance of struggling with these things if you're a vast organisation than a small one.

Hacking will always be a problem, but regressing is never the answer. It's not like using pen and paper is without significant issues which would likely cause far more problems in the long run than the occasional cyber attack. 

Link to comment
Share on other sites

https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends

From 2015, article on Governments decision not to continue with deal to support XP.

You'd think they'd either change your system or pay for the support on your old one. Not the Tories.

Amber Rudd has just blamed the NHS:rolleyes::-

“It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.”

Nothing to do with us guv. We're just the Government in charge.

Link to comment
Share on other sites

Just now, DE. said:

Or, not and. You should know better than anyone how a simple change of wording can completely alter a sentence, so please don't do that.

 

What changed ? 

Link to comment
Share on other sites

  • Backroom
Just now, blueboy3333 said:

https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends

From 2015, article on Governments decision not to continue with deal to support XP.

You'd think they'd either change your system of pay for the support on your old one. Not the Tories.

Amber Rudd has just blamed the NHS:rolleyes::-

“It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.”

Nothing to do with us guv. We're just the Government in charge.

A total deflection either way. I'd say it's far more likely the virus got in through somebody clicking something they shouldn't have in an e-mail or on a website than because there are Windows XP terminals.

Link to comment
Share on other sites

Just now, blueboy3333 said:

https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends

From 2015, article on Governments decision not to continue with deal to support XP.

You'd think they'd either change your system of pay for the support on your old one. Not the Tories.

Amber Rudd has just blamed the NHS:rolleyes::-

“It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.”

Nothing to do with us guv. We're just the Government in charge.

Classic blame shifting. Where's the money Jeremy ? 

Link to comment
Share on other sites

jim, it is like arguing for the return of the horse and buggy because less people get run over.

The benefits of technological advance usually outweigh the disadvantages many times over and there are usually ways to limit the risk of downsides causing real damage.

The problem is homo sapiens mark 1 can be lazy and don't always implement the preventative measures clearly available to them.

Mind that donkey in the road on the way home...

Link to comment
Share on other sites

Will respond to some of the posts, but in the mean time, people has just twigged this is about to get a whole lot WORSE.

Firstly, infections slowed because the worm portion had a kill switch preventing new infections that was triggered late yesterday afternoon, this explains the low infection rate in the US. However it's believed there are now three variants circulating with the kill switch removed!

Secondly. as Biddy points out, virtually all corporate firewalls will stop infection via a corporate network, but how many people currently have work laptops connected to their local coffee shop or other free wifi provider that are now being silently infected, only to connect that device to their corporate network (inside the firewall perimeter) on Monday morning!

 

Link to comment
Share on other sites

59 minutes ago, DE. said:

A total deflection either way. I'd say it's far more likely the virus got in through somebody clicking something they shouldn't have in an e-mail or on a website than because there are Windows XP terminals.

Not sure about that. All the 'experts' are saying it's unprotected XP that has caused this.

https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Announcements

  • You can now add BlueSky, Mastodon and X accounts to your BRFCS Profile.



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.