Having a professional interest in security, and a personal distrust of politicians and their promises of providing the same, I was not at all surprised by the findings of a BBC TV investigation that has just been broadcast in the UK. Inside Out, a news reporting and investigative documentary series that most often homes in on fairly lightweight consumer stories, decided to send their reporter to the heart of the UK Parliament, the House of Commons, and test the security provided by one of the most heavily guarded buildings in the British Isles. I’ve attended working group committee meetings there and I know only too well of the advanced information that needs to be supplied, the passes issued, the body searches an x-ray machines at the entrances, the small army of fully armed police that patrol.
Now let’s get one thing straight right up front, the successful security compromise was made easier because a Member of Parliament, Anne Milton (MP for Guildford) agreed to take part in the investigation. She was apparently convinced that no harm could be done by accepting the challenge of leaving her computer unattended in here House of Commons office, with just the reporter to keep it company, for a total of 60 seconds and no more. She was, however, visibly shocked when that reporter managed to compromise the computer in less than 20 seconds using a readily available keylogger application. This would have enabled a hacker to record everything that the MP typed into her PC, from confidential documents to passwords. The implications are, well, obvious.
What is surprising is that the reporter used by the BBC was a six year old schoolgirl, making her quite possibly the youngest hacker to succeed in compromising such a high level target.
What is surprising is that she could do so within the confines of such a sensitive place, without ever being searched for something like a USB memory stick device before entering. Perhaps the security procedure is so wrapped up in looking for the big stuff, the guns, the bombs and the men with beards that the James Bond world of small-scale spying devices has passed them by.
What is not surprising is the lack of any official comment from the powers that be at the House of Commons regarding the incident and the huge hole it has driven through the security of the UK Parliament.