, 22 tweets, 6 min read Read on Twitter
The helpline operators I spoke too were not even technically trained. The local Federation email contradicted the national email response. When one forensically looks at the contrast it is a clear lack of understanding regarding data, be it serving or ex-officer details.
Again and again, we see people in positions that cause the errors via lack of planning. The first attack was reported on the 9th. Naturally an ongoing enquiry by the @NCA_UK now. Officers and staff are astute enough to realise it's an active investigation.
@PoliceChiefs had a 'plan' in place. One would tend to think this is generic in the format as most senior officers are very weak in terms of cyber-crime. OK BAE systems operators were called in and @NCSC, according to the emails circulated by Federation reps, plus 'helpline'.
An attack vector path is a means by which a hacker (cracker) gains access to a computer/network server in order to deliver a payload with a malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including, in this case, the human element.
I mean no disrespect to serving or past colleagues, but cyber-crime does not interest many. A recent @narpohq email was sent out via the local Federation rep in one area, errors were on the email.
I check emails, the recipient should have just shown me. However, much to my horror...it showed all the local member email addresses in plain text. I don't want to see their personal email addresses, likewise them my own!
The utilisation of end-to-end encryption, exchange of public keys for those familiar must be exchanged and with certain professions mentioned, I personally would afford security through compartmentalisation...make digital fortresses.
With the occupations mentioned and the helpline number being offered to serving and former officers, it is an affront to common sense to staff said the number with staff not versed in such matters of privacy in the digital age.
If I am contacted by serving officers on a regular basis, ones I'd tutored, their colleagues or concerned police parents wanting to protect their children online, one would suggest that @PoliceChiefs need to utilise the same testimonial advertising.
The downside is @theresa_may decimated policing numbers whilst heading the home office. It's ok looking for fools that abuse social media platforms, but like other countries, at least show hungry and willing officers how hackers (crackers) start with the low hanging fruit.
Policing, in cyber terms, has changed. One could almost liken modern policing to hybrid warfare. Any script kiddie can utilise certain penetration testing software, add a few lines of code, and compromise a single user to big business and the national critical infrastructure.
One has to remember, just 20 lines of code brought British Airways to a standstill!. It's cheap, it's a pinpoint accurate form of attack. And remember one can pivot attacks from anywhere to avoid detection.
Quite rightly the @NSAGov never paid the ransom to the Shadow Brokers, when they stole weaponised software capable of various exploits. The downside was the Wikileaks Vault 7 information saw the aforementioned script kiddies and others utilise those very tools eg EternalBlue.
Windows platforms are the main victims worldwide, most supercomputers utilise Linux. Various penetration testing distros are Linux based. Sadly, many of the Metasploit tools, or it's GUI - Armitage now include @NSAGov tools, along with hundreds of others.
It is so very easy to burn a .iso image to a CDR or CD/RW or USB stick. If the attacker runs an anti-forensic distro live, most police HTCU's would be stumped, with regards to forensic retrieval.
Be it an old crime/new tech or high-tech crime, both civilian victims and those who have worked to counter crime and terrorism deserve more than a token none tech damage limitation helpline operator saying it's a Malware (MALicious softWARE) attack after someone clicked a link!
This being the case, the hyperlink defeated incoming scanning and any IDS in place. It will be interesting to see which other targets were affected, as per the damage limitation email sent to serving and ex-officers and the scant details supplied by the 'helpline'.
It's refreshing to hear that @WhiteHouse and @realDonaldTrump are switched on enough to utilise Linux. But, it's a great pity not long ago @UKParliament MPs and staff were viewing porn, sharing passwords with interns and leaving terminals open.
So you are aware - The General Data Protection Regulation is a European-wide law. It replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle your personal data. It started on 25 May 2018.
In the UK, the government created a new Data Protection Act (2018) which replaced the 1998 Data Protection Act. The new UK Data Protection Act was passed just before GDPR came into force.
The funny thing was, It spent several months in draft formats slowly sailing its way through the House of Commons and House of Lords. I'm sure the @NCA_UK will do a good job. The 'helpline' person did say "Lessons will be learned"...so all will be well (???)
Thank you very much for reading.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to David Kime
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!