Tag: police

Greater Manchester Police still depend on ancient Windows

21571595686_452fb147ff_bOne in five of the Greater Manchester Police  computers are still running Windows XP.

Greater Manchester Police told the BBC that 1,518 of its PCs ran the ageing operating system, representing 20.3 percent of all the office computers it used.
Microsoft ended nearly all support for the operating system in 2014. Experts say its use could pose a hacking risk.

Greater Manchester Police said it was reducing its reliance on XP “continually” presumably every time that smoke starts pouring out the back of a PC.

“The remaining XP machines are still in place due to complex technical requirements from a small number of externally provided highly specialised applications”, a spokeswoman told the BBC.

“Work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question.”

Cleveland Police said it had seven computers running XP, representing 0.36 percent of the total.

The Police Service of Northern Ireland said it had five PCs still running XP, representing 0.05 percent of the total.

The Civil Nuclear Constabulary said it had fewer than 10 computers in operation running Windows XP, representing less than one percent of the total, but it added none of them was on its live network.

Gwent Police, North Wales Police, Lancashire Constabulary, Wiltshire Police and City of London Police all said they had no computers running XP.

London’s Metropolitan Police Service  refused to say how many PCs were running XP, but in June it said about 10,000 of its desktop computers were still running XP.

Accenture arrests the Metropolitan Police

658db2d1a04d1d2a3bf5feb0b88e91f7The Metropolitan Police have signed an £86m deal with Accenture to manage its applications for the next three years.

The London coppers want to save £200m from its IT budget by carving up its Capgemini contract. The deal will last for five years, with the option of a three year extension. It will mean that 113 staff will be transferred to Accenture’s Newcastle base.

Accenture beat HCL, IBM, Lockheed Martin and Unisys to win the deal.

The Met has been busy lately. Last month it awarded £250m in contracts to CSC and Atos. CSC one a contract for user computing and hosting towers and Atos scored contracts to integrate the various IT components as part of its Total Technology Programme Infrastructure strategy.

A separate £216m contract to outsource the Met’s back office IT to Steria’s shared services centre, will see hundreds of back office IT roles made redundant the Met said last year.

As are result the Met will slash the number of its in-house staff from 800 to 100.

What is rather odd is that the move to outsource to lots of different large suppliers is no longer government policy. The Ministry of Justice having reportedly hit major problems doing that sort of thing.

Swedish cops raid Pirate Bay again

swedish policeInspector Knacker of the Stockholm yard seized servers, computers, and other equipment believed to belong to the P2P outfit Pirate Bay.

The Pirate Bay and several other torrent-related sites disappeared yesterday, and although no official statement has been made, it is logical to assume that the Pirate Bay’s downtime and the raids were no coincidence.

It is the first time in months that The Pirate Bay has gone offline. A number of concerned users thought that there might have been some technical issues, but Swedish authorities have confirmed that local police carried out a raid in Stockholm this morning as part of an operation to protect intellectual property.

Paul Pintér, police national coordinator for IP enforcement said that there had been a “crackdown on a server room in Greater Stockholm. This is in connection with violations of copyright law. A data centre in Nacka which is built into a “mountain” which suggests that the raid took place at Portlane.

Police are staying quiet on the exact location of the operation and the targets involved but the fact that the national police IP chief is involved at this early stage suggests something sizable.

In addition, expert file-sharing case prosecutor Fredrik Ingblad said that there were a number of police officers and digital forensics experts there. Several servers and computers were seized, but I cannot say exactly how many.

So far, police have fingered the collar of one many who was connected to the site.

Several other torrent related sites including EZTV, Zoink, Torrage and the Istole tracker are also down. The Pirate Bay’s forum Suprbay.org, Bayimg.com and Pastebay.net are also offline.

UK police to build a paedophile picture database

yewtreeData taken from tens of millions of child abuse photos and videos will shortly be used as part of a new police system.

Dubbed the Child Abuse Image Database (Caid) the new system will be launched by the Prime Minister at an internet safety event on Thursday 11 December.

The big idea is to avoid offices duplicating each other’s’ efforts when cataloguing identical copied images. It was created by a team of coders working in central Gothenburg, Sweden with the idea of transforming the way child abuse investigations were carried out in the UK.

It could see investigations being reduced from months to days

Basically when Inspector Knacker of the yard seizes computers, mobile devices or USB memory sticks they find hundreds of thousands of images on them. They have to go through the images manually one by one to categorise their severity and consider a prosecution.

Some material is never analysed, meaning new victims are not identified and cannot be rescued.

The software would help automate more of the process by enabling investigators to spend more time looking at the new material, instead of looking at the same images over again.

Caid uses a hash value for each picture which means that detectives will be able to plug seized hard drives into the system so they can be scanned and their contents similarly encoded to see if the resulting signatures match.

The system should be able to identify known images, classify the content, and flag up those never seen before within minutes.

Caid will also be able to use GPS data from photographs to pinpoint where they were taken.

However a similar system, called Childbase, was launched in 2003 by Ceop and the Home Office. It contained seven million images and used facial-recognition software. It was rolled out to police forces across the UK, but in 2011 it was switched off because of a lack of trained officers.

Tor wonders how US spooks shut down sites

tor-browsingTor has been left scratching its encrypted head over how US and European law enforcement shut down more than 400 websites, including Silk Road 2.0, which used its technology.

Tor was set up, not to hide criminals, but to allow dissidents in autocratic countries to make contact with the real world. The fear is that if the US cops could break Tor, then lives could be at risk in countries whose governments would like to shut down dissident sites.

The websites were set up using a special feature of the Tor network, which is designed to mask people’s Internet use using special software that routes encrypted browsing traffic through a network of worldwide servers.

Tor—short for The Onion Router—also allows people to host ”hidden” websites with a special “.onion” URL, which is difficult to trace. But law enforcement appears to have figured out a method to find out where sites are hosted.

Last Week the Department of Justice shut down more than 410 hidden websites as part of ”Operation Onymous” and arrested more than 17 people, including Blake Benthall, 26, who is accused of running the underground marketplace Silk Road 2.0.

However, Tor is broke and does not have the cash to play a cat and mouse game with the well-funded European and US cops.

Andrew Lewman, the project’s executive director, in a blog post said that it was a miracle that its hidden services have survived so far.

It is possible that a remote-code execution vulnerability has been found in Tor’s software, or that the individual sites had flaws such as SQL injection vulnerabilities.

“Tor is most interested in understanding how these services were located and if this indicates a security weakness in Tor hidden services that could be exploited by criminals or secret police repressing dissents,” he wrote.

Cops want “hands on” policing of the internet

1408707700441_wps_2_FILM_Carry_On_Constable_1London coppers have called for more state controls of the world wide web to prevent internet anarchy.

The City of London Police’s Intellectual Property Crime Unit is a taxpayer funded security force for private companies who want to protect their content without having to spend too much.

According to PIPCU head Andy Fyfe, despite some successes,  more state interference may be needed to stop internet anarchy.

The unit uses a wide range of strategies, from writing to domain registrars and threatening them, to working with advertisers in order to cut off revenues from ‘pirate’ sites.

But Fyfe also believes that the Government may have to tighten the rules on the internet, to stop people from breaking the law.

He said he was interested in having a debate in the media about how much policing of the internet people want. At the moment, he does not see any regulation and or policing of the internet.

PIPCU’s chief believes that the public has to be protected from criminals including pirate site operators who take advantage of their trust.

He thinks that if things go wrong, the Internet becomes completely ungovernable, no one will dare operate on it at all.

“So should there be a certain level of … state inference in the interest of protecting consumers? I’m very keen to raise that as a debate,” Fyfe notes.

Tighter rules may be needed to prevent people from breaking the law in the future. This could mean that not everyone is allowed to launch a website, but that a license would be required, for example.

Fyfe  predicts that eventually the government will decide that it has had enough and it’s not getting enough help from those main companies that control the way we use the internet. Then it will imposing regulations, imposing a code of conduct about the way people may be allowed to operated on the internet.

Encryption foils coppers nine times in the US

pressieIt appears that while coppers using wiretaps are fairly effective, streetwise criminals are starting to adopt better encryption mentions.

According to Wired in nine cases during 2013, state police were unable to break the encryption used by criminal suspects they were investigating.

This is not high, but it is more than twice as many cases as in 2012, when police reported encryption preventing them from successfully spying on a criminal suspect for the first time.

To put the figure into perspective, Federal and state police eavesdropped on US suspects’ phone calls, text messages, and other communications at least 3,500 times in 2013. Of those thousands of cases, only 41 involved encryption at all. In 32 cases police managed to get around suspects’ privacy protections to eavesdrop on their targets.

The figures seem to suggest that warnings from government agencies like the FBI that the free availability of encryption tools will eventually lead to a dystopian future where criminals and terrorists use privacy tools to make their communications invisible to police.

This complaint has become common. Last year the Drug Enforcement Agency leaked an internal report complaining that Apple’s iMessage encryption was blocking their investigations of drug dealers.

However the statistics from police reports shows that encryption use is on the rise, even if the number of cases remains small and most encryption use is pointless.

Kiwis forbidden to hand over data to the FBI

KiwiKiwi cops have been forbidden from sharing encrypted computer keys belonging to Kim Dotcom with their chums at the FBI.

In 2012, New Zealand police seized computer drives belonging to Kim Dotcom, copies of which were unlawfully given to the FBI. Dotcom wants access to the seized content but the drives are encrypted. He is worried that if he types them in the Kiwi cops will give them to the FBI who will use it against him.

A judge has now ruled that even if the Megaupload founder supplies the passwords, they cannot subsequently be forwarded to the FBI.

In May 2012 during a hearing at Auckland’s High Court, lawyer Paul Davison QC demanded access to the data stored on the confiscated equipment, arguing that without it Dotcom could not mount a proper defence.

But while Dotcom subsequently agreed to hand over the passwords that was on the condition that New Zealand police would not hand them over to US authorities.

The police agreed to give Dotcom access to the prompts but only if the revealed passwords could be passed onto the United States.

Justice Winkelmann ruled that if the police do indeed obtain the codes, they must not hand them over to the FBI. Reason being, the copies of the computers and drives should never have been sent to the United States in the first place and they had been illegally handed over.