Six year old girl hacks UK Parliament

0

By Davey Winder on Mar 27th, 2007 4:21 pm

Having a professional interest in security, and a personal distrust of politicians and their promises of providing the same, I was not at all surprised by the findings of a BBC TV investigation that has just been broadcast in the UK. Inside Out, a news reporting and investigative documentary series that most often homes in on fairly lightweight consumer stories, decided to send their reporter to the heart of the UK Parliament , the House of Commons , and test the security provided by one of the most heavily guarded buildings in the British Isles. I’ve attended working group committee meetings there and I know only too well of the advanced information that needs to be supplied, the passes issued, the body searches an x-ray machines at the entrances, the small army of fully armed police that patrol.

Now let’s get one thing straight right up front, the successful security compromise was made easier because a Member of Parliament, Anne Milton (MP for Guildford) agreed to take part in the investigation. She was apparently convinced that no harm could be done by accepting the challenge of leaving her computer unattended in here House of Commons office, with just the reporter to keep it company, for a total of 60 seconds and no more. She was, however, visibly shocked when that reporter managed to compromise the computer in less than 20 seconds using a readily available keylogger application. This would have enabled a hacker to record everything that the MP typed into her PC, from confidential documents to passwords. The implications are, well, obvious.

What is surprising is that the reporter used by the BBC was a six year old schoolgirl, making her quite possibly the youngest hacker to succeed in compromising such a high level target.

What is surprising is that she could do so within the confines of such a sensitive place, without ever being searched for something like a USB memory stick device before entering. Perhaps the security procedure is so wrapped up in looking for the big stuff, the guns, the bombs and the men with beards that the James Bond world of small-scale spying devices has passed them by.

What is not surprising is the lack of any official comment from the powers that be at the House of Commons regarding the incident and the huge hole it has driven through the security of the UK Parliament.

5 Years Ago

0

That's why you NEED to use Linux.

1337_MilkMan

Newbie Poster

17 posts since Oct 2006

Reputation Points: 11

Solved Threads: 0

5 Years Ago

0

This is hardly a "hack". What this article tells me was that a 6yo girl was escorted by someone that has the priviledges to be in a secure area to her office, then intentionally left behind and that this person's screensaver timeout wasn't set to 5 seconds? This isn't anything you can prevent. 1) I'm sure this girl wouldn't have gotten so far had she not been in the company of someone with the elevated priviledges; 2) setting a timeout shorter than a couple of minutes is impractical; 3) mr "1337" up there ^ clearly doesn't realize that the OS has nothing to do with this (given notice anyone can write a script that will install a KL automatically). Ask any real security professional and they'll tell you that if someone gets physical access to your computer, there's jack you can do.

robgmills

Newbie Poster

1 post since Mar 2007

Reputation Points: 10

Solved Threads: 0

5 Years Ago

0

An astute observation by "robgmills"; given the details, I think "hacks the UK Parliament" it a bit too strongly stated. Now if this precocious young lady had sat across the street in a drug store with a WiFi handheld and done this, I'd be both impressed and somewhat worried. But given physical access to a security-deficient computer, the only surprising thing is that the kid new how to install the software; I don't know any kids that age who could do that...at least not that I know of.

Toulinwoek

Posting Whiz in Training

274 posts since Mar 2005

Reputation Points: 10

Solved Threads: 2

5 Years Ago

0

1337_MilkMan is 100% correct, If only the UK parliament used Linux Servers, They wouldn't experience the mess

>shadow<

Posting Pro

536 posts since Aug 2005

Reputation Points: 21

Solved Threads: 1

5 Years Ago

0

1337_MilkMan is 100% correct, If only the UK parliament used Linux Servers, They wouldn't experience the mess

>shadow<

Posting Pro

536 posts since Aug 2005

Reputation Points: 21

Solved Threads: 1

5 Years Ago

0

You can install a hardware keylogger device in seconds, no knowledge required other than how to remove keyboard cable and plug into device and device into computer - very small, unless you are looking for it you wouldn't spot it.

OK, hack is putting it strongly, but security was compromised and fairly easily considering the sensitivity of the location. But as I stated in the article, it was made easier by the cooperation of the MP concerned. But to think that this diminishes the importance of the original story or the weakness in the security processes of Parliament is naive. The fact that MP computers are security deificent in the first place is cause for concern enough.

Using a six year old girl to do this was just good TV from the BBC, and makes for a good blog headline of course, mea culpa. :cheesy:

happygeek

Freelance Word Punk

Administrator

27,465 posts since Mar 2006

Reputation Points: 1,457

Solved Threads: 55

5 Years Ago

0

> Ask any real security professional and they'll tell
> you that if someone gets physical access to your
> computer, there's jack you can do.

Ask any real security professional and they will tell you that if a six year old girl gets physical access to your computer they should not be able to install an application, they should not be able to use an unauthorised USB device. The computer should be locked down to prevent this, it is not rocket science, espeically whenj you consider the location of the computer concerned.

But perhaps that is just evidence of the weakness of the security protocol of Parliament. Perhaps it is assumed that becuase the physical perimeter security is so strong there is no need for such tight security at a network and local PC level. The BBC report proves how wrong that assumption is.

happygeek

Freelance Word Punk

Administrator

27,465 posts since Mar 2006

Reputation Points: 1,457

Solved Threads: 55

5 Years Ago

0

I completely disagree with >shadow< and 1337_MilkMan about Linux. You obviously know very little about it, or else you wouldn't have made those comments.

Keyloggers can be written for any operating system, and there isn't a way that the programmers can prevent one from being written. In fact, they're used in many legitimate cases, so keyloggers are in fact not illegal nor a breach of security. The girl could have just as easily installed a keylogger or some bash script that would have done the same thing.

And I agree with Toulinwoek and robgmills, I think that the title is a little exaggerated. When someone has physical access to a computer, there is nothing that can stop the user. The amazing thing about this is that it's a 6 year-old girl, and that she did this in 20 seconds. But I wouldn't really consider it hacking, especially since she required special privaliges in the first place...

edit - too slow

John A

Vampirical Lurker

Team Colleague

7,630 posts since Apr 2006

Reputation Points: 2,240

Solved Threads: 339

5 Years Ago

0

Pull the other one! :rolleyes: Child genii aren't as common as some might think! You sure this wasn't some early April Fool's prank that the BBC made up???

venomlash

Junior Poster

143 posts since Oct 2006

Reputation Points: 86

Solved Threads: 2

1 Year Ago

0

Hey.......Now where the position on that girl

Sadun89

Junior Poster

164 posts since Jan 2011

Reputation Points: -6

Solved Threads: 5

1 Year Ago

0

This has been more than 3 years old, can stop reviving it by posting here.

jingda

Industrious Poster

4,698 posts since Mar 2011

Reputation Points: 182

Solved Threads: 142

1 Year Ago

0

oK.....Sry for it....
I just ask to know it........

Sadun89

Junior Poster

164 posts since Jan 2011

Reputation Points: -6

Solved Threads: 5

1 Year Ago

0

Ok, i know you did not intent to do it. And your question, what do you mean by Now where the position on that girl?

jingda

Industrious Poster

4,698 posts since Mar 2011

Reputation Points: 182

Solved Threads: 142

9 Months Ago

0

Dis is more of a physical hack

javacle

Newbie Poster

13 posts since Oct 2008

Reputation Points: 8

Solved Threads: 1

8 Months Ago

Show Comments

-3

woooo that was my sister:L

rowanmelling

Newbie Poster

1 post since Sep 2011

Reputation Points: 7

Solved Threads: 0

8 Months Ago

0

Hacking doesn't mean to be given previllage of access to the computer,so that girl did just install the software.What is amazing young the girl was to do something like that.

Denmbithi

Newbie Poster

3 posts since Jul 2011

Reputation Points: 10

Solved Threads: 0

Six year old girl hacks UK Parliament

This article has been dead for over three months