back to article Lincolnshire council shuts down all IT after alleged 0-day breach

A 0-day security breach at Lincolnshire County Council has exposed locals' medical records, addresses, and bank details, claimed an anonymous tipster, though the council denies any data was stolen. The breach was reported by The Lincolnite, which stated "anonymous reports from inside the council" suggested a major breach of …

  1. Anonymous Coward
    Trollface

    The have computers?

    When it's 2pm in London, it's 1975 in Lincoln.

    1. Anonymous Coward
      Windows

      Re: The have computers?

      It's 1975 in Lincoln and entire Windowstm networks can still be pwned by someone viewing an email!!!!one

      1. Anonymous Coward
        Anonymous Coward

        Re: entire Windows networks can still be pwned by someone viewing an email

        Whereas all other networks have always been secure and so patching isn't a requirement for them.

    2. Chemical

      Re: 'When it's 2pm in London, it's 1975 in Lincoln'

      Have an upvote, nearly choked on my brew laughing :-)

    3. MyffyW Silver badge

      Re: The have computers?

      If all that is required to down a council's PC estate is a breach somewhere then that opens all sorts of opportunities for the unscrupulous.

      Surely IT security should be a bit more nuanced than Attack -> Power-Off Everything.

    4. asdf

      Re: The have computers?

      For us Yanks it looks like Lincolnshire is the Kansas (minus Westboro Baptist Church and Sam Brokeback) of England.

      1. Archie Woodnuts

        Re: The have computers?

        My friend, let me tell you a tale of East Anglia ...

  2. Amorous Cowherder
    Facepalm

    Cheers....( Note to self, important Word and Excel docs, no doubt containing full DB dumps of sensitive data, all on G drive once I'm inside network.... )

    1. Yet Another Hierachial Anonynmous Coward

      G drive

      indeed, nice bit of useful info there.

      Though a G drive sounds more like someones USB stick.....

      1. Captain Scarlet

        Re: G drive

        That would mean 3 additional devices more than normal.

        HD C:, CD Rom D:, 3 USB sticks (Or other forms of storage) really?

        1. Rich 11

          Re: G drive

          That would mean 3 additional devices more than normal.

          It's far more likely that they've got a set of server shares mapped.

          1. Dabooka

            Re: G drive

            "Re: G drive

            That would mean 3 additional devices more than normal.

            It's far more likely that they've got a set of server shares mapped."

            I work for a Local Authority, and currently I have access to a C,D F,X,Y and Z drive. No USB drives attached (can't use them anyway).

          2. Captain Scarlet
            Paris Hilton

            Re: G drive

            "It's far more likely that they've got a set of server shares mapped."

            .. I was responding to

            "Though a G drive sounds more like someones USB stick....."

            Sorry I forgot to include a quote, didn't think it was required as it was directly below the post I was replying to.

          3. Anonymous Coward
            Anonymous Coward

            Re: That would mean 3 additional devices more than normal.

            Please tell me you don't work in IT with comments like that?

    2. Ktsecful

      "Organisation keeps important documents on a shared drive"

      This is useful information?

  3. Anonymous Coward
    Anonymous Coward

    Went to Lincoln once

    All I experienced was a 0-day breach after a dodgy Chinese meal.

  4. wolfetone Silver badge

    Dissapointed

    They didn't have the balls to say that a "sophisticated attack" was used on their systems, and that they "take user information and data security very seriously".

    For shame Lincolnshire, have you not seen the memo about what to do in these situations from TalkTalk?

    1. 's water music
      Trollface

      Re: Dissapointed

      That's the joy of a career in a LA. Unlike private sector you don't need to pretend that you care. Like that feeling when you finally give yourself permission to start wearing elasticated waist trousers

      1. Josco

        Re: Dissapointed

        Haven't got to the elasticated trousers yet, but I'm counting the days.

        1. Number6

          Re: Dissapointed

          As you get older you need the elastic around the bottoms of the legs more. Holds in the evidence better until you can get to the bathroom.

          1. Anonymous Coward
            Anonymous Coward

            Re: Dissapointed

            Holds in the evidence better until you can get to the bathroom.

            Why soil the bathroom? Unleash the trousered waste in the garden, and tell anybody who complains that you're part of the crew digging an escape tunnel.

    2. LucreLout

      Re: Dissapointed

      For shame Lincolnshire, have you not seen the memo about what to do in these situations from TalkTalk?

      Oh I'm sure "lessons will be learned".

  5. mikie

    0day

    It wont be 0day

    just not detected by our av-day

    i suspect that they aren't the only public sector org with malware loose on their networks

    has anyone checked again to see if the subdomains of nhs.uk are still doing drive-bys?

    1. Halfmad

      Re: 0day

      Problem is the NHS is split, NHS England is a fragmented mess, NHS Wales does it's own thing as does NHS Scotland, they work under the same banner but they're entirely separate entities.

      Difference is that the NHS tends to keep it's public facing infrastructure segregated from everything else, that's changing though and it's politicians driving it as patients demand access..

  6. hplasm
    Facepalm

    Do I smell-

    - MS security? Makes G4S look fabulous.

    Where's the 'Bowl of Petunias' icon?

    1. Chika

      Re: Do I smell-

      Oh no, not again!

      Odd that I should be quoting Douglas Adams from the same passage twice in three days like that. Don't worry too much about the other quote - it was a wingless pegasus!

  7. Anonymous Coward
    Anonymous Coward

    So what next? They boot each machine one by one?

    Sound like cryptoransom to me.

    1. Anonymous Coward
      Anonymous Coward

      yeah with a "magic bullet" floppy in it

  8. Will Godfrey Silver badge
    Happy

    On the other hand

    They have a very nice cathedral that doesn't cost arm+leg to visit.

    P.S. and free parking if you know where to go!

  9. Valerion

    Not a breach

    Someone retrieved a record and selected the "also retrieve records of relatives" box. Bingo - every single record returned.

    Disclaimer - my family hails from Lincolnshire.

    1. Anonymous Coward
      Alien

      Re: Not a breach

      Sounds like your family is Lincolnshire

      1. Anonymous Coward
        Joke

        Re: Not a breach

        That happens a lot in the Fens.

  10. Anonymous Coward
    Joke

    Has had a major impact on the council...

    > The council's response has been to order staff to "close their computers and turn the power off."

    Productivity has improved 120% as a result.

    1. BebopWeBop

      Re: Has had a major impact on the council...

      The very cruel medical 'shorthand' - NFN?

      1. Tim99 Silver badge

        Re: Has had a major impact on the council...

        @BebopWeBop

        No, that would be NFL. Those of us to whom NFN applies try to protect our status.

  11. Gordon 10
    IT Angle

    How is this a zero day?

    And not just a website/software breach?

    I thought a zero day explicitly referred to software being hacked by a previously unknown exploit.

    needs the reg tombstone icon. ---------->

    1. Zippy's Sausage Factory

      Re: How is this a zero day?

      Because if they say it's a zero day it sounds better than "but LiveUpdate has said there's no updates for Symantec Antivirus for ages... I mean, 2001 is still the latest version our IT policy allows us to support, but you know - we are quite busy with all the austerity and everything. I mean, all these benefit appeals won't deny themselves..."

  12. Nezumi
    FAIL

    Anybody that outsources to Serco\Capita deserves everything they get

    I've dealt with Public Sector outsourcing companies on they other end of the phone\e-mail for a number of years now and they are_without_ exception ****ing useless. The money the Council will now piss away in fixing this could have been better spent by ensuring adequate levels of skilled internal resource. you know the kind of people who actually understand your site...

    I hope who ever approved using Serco is now getting a rather stern talking to. The fact that they had to resort to simply turning everything off is rather telling. IMHO, the Council CIO should be considering their position.

    InfoSec we've heard of it...

    Having said that, they probably work for Serco as well. I look forward to the inevitable Freedom Of Information requests. The people who fought this internally will also now be looking for blood.

  13. Anonymous Coward
    Anonymous Coward

    McAfee. Will be Endpoint encryption on the laptops too and all hooked into EPO.

    Interesting how you rarely find it outside of the public sector / public sector outsourcers these days.

  14. AegisPrime
    FAIL

    WTF?

    "As part of a campaign into UK councils' cyber security conducted last year, The Register was told that Lincolnshire County Council's AV solution(s) - the specifics of which the council declined to disclose - had thrown up 196,553 malware alerts in 2015."

    195,553? WTF? Where were they browsing?? I had exactly 2 malware detections via Malwarebytes in 2015 - both from files I probably shouldn't have downloaded - and none whatsoever from spam emails.

    1. Erik4872

      Re: WTF?

      "Where were they browsing??"

      Idle hands... :-) I'm only half kidding, and it's not just a government thing. I post on The Reg and the like while I'm trying to solve a problem or wait for something to finish. There are some people in large companies (and local councils also) who do very little beyond manning a desk for the entire day. I think God that I've never had to manage the internet connection at some of the places I've worked, but I've heard many stories.

    2. Archie Woodnuts

      Re: WTF?

      Anecdotal evidence is all well and good but I imagine you don't have quite the same footprint as an entire county council. I agree that if those detections are desk side then that's poor, but if they're on the appliances they use to filter overall access to the outside world then I'm sort of surprised they're so low. The AV on our outermost mail filter has picked up more than that from spam floods in the last six months.

      Please open this invoice and all that.

  15. Erik4872

    Cryptolocker strikes again??

    The worst thing that has happened recently to places that have no IT, or awful contracted IT, is Cryptolocker and the like. It's the perfect storm of users demanding to be administrators, looking for dodgy Internet content and never backing up their stuff. It may have been a zero day breach, or it may have been an "Oh crap, shut everything off before the entire file server gets encrypted!"

  16. Crisp

    Seriously?

    Have they not heard of this thing called encryption that gov.uk has been banging on about?

    "[we] have suspended IT use until the extent of it is clear."

    So no IT for the next few years then...

  17. Anonymous Coward
    Joke

    Yet more Linux Apple Android malware

    https://www.reddit.com/r/PBSOD

  18. Anonymous Coward
    Anonymous Coward

    Staff at Lincolnshire are warned that the normal activation at 10:00 am is still on to accommodate early starters, however there is a noted overlap with the closing down of the LAN to accommodate the early leavers.

    On X's return to work from Anuual Leave it is expected for re-infection to occur so we can all have some well deserved downtime again.

  19. Kernel

    Why?

    Ok, admittedly I live in a country far, far away from the UK, but I'm struggling to think of why a local council would have access to anyone's medical records.

    1. Alister

      Re: Why?

      Ok, admittedly I live in a country far, far away from the UK, but I'm struggling to think of why a local council would have access to anyone's medical records.

      Because, in the fucked up remains of the NHS, social care services (and mental health care, in some cases) are largely controlled and run by local councils nowadays.

  20. John Brown (no body) Silver badge

    "denied that any data had been lost"

    I'm sure that statement is correct. The data was only copied.

    1. Anonymous Coward
      Facepalm

      Re: "denied that any data had been lost"

      "...the council denies any data was stolen."

      Yup. The fuckwits have obviously checked... and found they still have their copy of their residents' private data. So nothing to get upset about! Move along now..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like