Police hit by Conficker worm computer virus

Exclusive by Mike Keegan

February 02, 2010

| Submit Comments | Comments (22) | Previous | Next

Officers at Greater Manchester Police have been unable to carry out their own computer checks on criminals and suspect vehicles for over three days because of the attack by the Conficker virus.

A Police force's computer system has been crippled by a virus.

Officers at Greater Manchester Police have been unable to carry out their own computer checks on criminals and suspect vehicles for over three days because of the attack by the Conficker virus.

The virus may have been introduced by a member of staff plugging a personal memory stick into a computer.

All officers have now been warned against using 'unauthorised memory sticks' as investigators try to isolate the damage caused by the virus.

The bug began affecting systems at GMP on Friday evening and quickly spread through the force, knocking down internet connections and email accounts.

It led to GMP being disconnected from the Police National Computer (PNC), which is used to check names, criminal records and suspect vehicles against a national database.

Officers had to call colleagues in neighbouring forces to ask them to carry out PNC checks.

The force's incident log, which is used to record crimes, was not affected by the virus.

IT experts worked around the clock to fix the problem and eventually succeeded in clearing most of the computer systems by yesterday afternoon.

However, GMP was still not connected to the Police National Computer last night while analysts completed further checks.

Checks

Police do not believe the force was deliberately targeted by the virus, which has hit a string of computer systems across the world since it first appeared in November 2008.

The Conficker virus, also known as Downup, Downadup and Kido, is a computer worm which strikes Microsoft Windows systems and leaves systems open to hackers.

Manchester Council was struck by the Conficker worm in February last year and the bug ended up costing the taxpayer £1.5m.

The authority had to strike off parking tickets and pay £600,000 to consultants to fix the damage, which included drafting in experts from Microsoft.

Town hall staff were banned from using memory sticks and all USB ports into council computers were disabled to stop the virus regaining control of systems.

Other organisations reportedly hit by the virus include the Ministry of Defence, the House of Commons, the French Navy and government departments in Germany.

It is not yet known how much it will cost Greater Manchester Police to repair the damage caused to its systems.

Assistant Chief Constable of Greater Manchester Police Dave Thompson said the public had 'not experienced any difference in the service they received' as a result of the virus outbreak.

Not destructive

He added: “The virus is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection.

“A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat.

“We have systems in place to ensure this does not affect our service to the communities of Greater Manchester.

“At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.”

A notice circulated to all staff about the computer problems included advice on not using any “unauthorised memory sticks”.

But a GMP spokesman said it was not certain that a memory stick was to blame for introducing the virus.

Greater Manchester Police has issued its own advice on computer security.

The guidance includes a list of pointers and states: “As a rule the weakest link in the security chain is user error.”

To combat “viruses, worms and trojans”, the force advises:

a) Purchase a leading anti-virus software package, one that will scan incoming mail messages and files on-access automatically.

b) Update anti-virus software definitions weekly, if not more often (ideally, the AV software should update the virus definitions automatically.) Updates are available at the vendor's Web site and are very simple to perform.

c) Use the anti-virus software to run full disk scans (i.e. scan the entire computer) monthly, if not more often. Full disk scans should also be scheduled to run automatically.

d) Learn how to identify virus hoaxes from real threats. Over-reaction to hoaxes can cause unnecessary panic and overload network bandwidth. To determine whether or not a virus warning is legitimate, visit one of the following sites: F-Secure, McAfee's Virus Information Library, Trend, or Vmyths.

e) Install a firewall, such as ZoneAlarm, which is free to home users, to protect against Trojans and other unauthorized access to a machine.

f) Scan all floppies, CDs, or other external media that have been used on external systems or that you receive from others (including friends and family.)

| Submit Comments | Comments (22) | Previous | Next

Showing comments 1 to 22 and replies | View All

Dave (02/02/2010 at 08:31)

The public have "not experienced any difference in the service they received".

It doesn't say much for the service we usually get...

Dave the Rave from the Grave, Manchester (02/02/2010 at 08:53)

It seems that the Police didn't take their own advice and have a decent anti-virus kit in place before this happened....

Marquis de Sade et la petit monge tout (02/02/2010 at 08:53)

They might have lost that caution that I stupidly got persuaded to sign when I was drunk then. How would I know it would blight my career ?

Jay B, oldham (02/02/2010 at 09:21)

and what was that the other week from fahy? "we need a new computer system to help us get more bobbies on the beat"
if they cannot maintain the current one then what hope have they got with a better one? they'll still get the viruses!

Edina Clouds, GREAT Manchester (02/02/2010 at 09:29)

Well that's a bit rich! giving us advice on computer security and then leaving themself open to a virus attack!

Black Flag (02/02/2010 at 09:49)

As an alternative to the advice given by GMP, which seems to assume that everybody with a computer uses Windows, you can avoid the need to faff about with anti-virus software by using Linux instead.

j John (02/02/2010 at 10:09)

PLEASE, PLEASE DO NOT destroy the TROJANS!!!! Hey all you moaners go and read the Trojan Files by Roger Gray, you will looooove it. (by the way for those who do not know much such as myself,(!) the Trojan was the armed response down in London, you know sort of CO19 these days..... I think!!!

Seriously though, why the hell must you always say stupid staff? Viruses happen, why does this open the door to all the ridiculous comments?

Marquis de sade, I am afraid they will not have lost your caution :), the virus is a pain in the.... in the fact that there is so much you cannot TEMPORARILY access and it slows you down, but it DOES NOT destroy anything. sorry. :))

Hamish Macbeth, Whitefield (02/02/2010 at 10:11)

"Officers .... have been unable to carry out their own computer checks on criminals and suspect vehicles for over three days.

Perhaps information that it might have been prudent not to release?

Buzz Killington, Somewhere over the rainbow (02/02/2010 at 10:13)

Black Flag. You have always struck me as a linux user. You maverick you, not running with the masses.

David Thomas (02/02/2010 at 10:15)

The public cost of GMP getting infected once again by the Conficker virus will be high. Having already been infected last year, GMP should have put in place policies and technology that prohibited the ability of this and future viruses from infecting systems and compromising services, and potentially data as well.

Technology today can protect from Day Zero viruses & attacks (one's where there is no virus definition or signature because it's never been seen before), but Conficker is not new, and GMP having already been impacted in 2009 should have had mechanisms already deployed to identify and quarantine this.

Public sector organisations need to place greater emphasis on risk exposure and automated mitigation techniques, and knowing the insider employee threat is the greatest to most organisations, publishing guidelines & polices, issuing training and having in place penalties for breaches is not enough, especially if you don't have in place the tools and techniques to police user activity and behaviour.

Looks like GMP needs to police it's own staffs computer usage.

David Thomas - CCIE, CISSP
s2s Security Consultant, Manchester

Buzz Killington, Somewhere over the rainbow (02/02/2010 at 10:16)

The IT boffins should have disabled all the USB ports. Unbelieveable that they could have been so lax in security. Anything could have been put on and taken off the system.

Data protection issues? Maybe they could prosecute themselves.

Mark,Radcliffe. (02/02/2010 at 10:20)

Let's start a conspiracy,and open a new can of worms...It could be sabotage to ensure GMP gets a new computer system.

thoughtful, East of Manchester (02/02/2010 at 10:54)

Old software that is not updated or patched, and out of date virus definitions. This threat has been around for two years! This is entirely down to unprofessional performance by the IT department, and as such someone should face disciplinary action.

Why on earth would someone be plugging a USB pen into a Police PNC system, other than to download data? and would the system even allow a remote user to run & install software? This is basic security stuff and again it all comes back to the door of the IT department.

It seems that GMP is riddled with incompetence from top to bottom.

Almighty God, Salford - vote Green (02/02/2010 at 11:15)

hey Buzz Killington, linux is win

kelbag, Clayton (02/02/2010 at 11:17)

" The IT boffins should have disabled all the USB ports."

Believe it or not, but the IT department is often the LAST set of people to decide on what the security procedures will be. Having worked for a large company on a major government contract, I can safely say that anything you do say will go in one and out the other.
Any security measures we suggested had to be approved by the customer before we were allowed to implement anything, disabling USB ports would have been the first to have been suggested.

Don't blame IT, blame the decisions made by whoever procures GMP's IT for not listening.

Mark smith (02/02/2010 at 12:47)

the govenerment want everyones information on a uber database to check for 'terrorists and pedos' yet the police who have access to sensitive information cant even manage to stop their computers getting hit with a virus thats been about for over 6 months. imagine this were a keylogging trojan it could have stolen sensitive PNC logins and other info which would have been very useful to criminals such as names and address of witnesses etc. Someone should get fired for such a breach of security in high profile public organisation but whats the bet they never find who infected there systems

The Pope, Rome (02/02/2010 at 13:03)

David Thomas wants a job!

Laura Norder, Didsbury (02/02/2010 at 13:28)

I use Macs - no problems.

Horatio Dogsbody, Flixton (02/02/2010 at 13:49)

"The virus may have been introduced by a member of staff plugging a personal memory stick into a computer."

Now why would they be doing that?

happy2behere, South Manchester (02/02/2010 at 17:35)

Another advert for using Microsoft....NOT... If you want to avoid virus's try installing Ubuntu (Linux) and it is free. Microsoft products cost $$$ and they are prone to virus attacks. The town hall and now GMP found out the hard way.

Rob Wilson (02/02/2010 at 18:36)

Corruption at GMP? Never...!

Alan Ashton (04/02/2010 at 15:12)

()

Report

NatWest Platinum	16.9%
Royal Bank of Scotland Platinum	16.9%
Virgin Credit Card	16.6%
Egg Card	17.9%
MBNA Platinum	16.9%
MBNA Platinum Rewards Card	16.9%
Barclaycard Gold	19.9%
BT Credit Card	16.9%
Halifax All In One	15.9%

Platinum Exclusive	7.7%
Alliance & Leicester	7.8%
Sainsbury's Personal Loan	7.8%
Santander	7.9%
Blackhorse Personal Finance	8.5%

News