http://www.thisislondon.co.uk/news/article-23364764-details/ID+card+fears+as+staff+hack+into+Home+Office+database/article.do 27.08.06 Office staff are hacking into the department's computers, putting at risk the privacy of 40million people in Britain. The revelation undermines Government claims that sensitive information being collected for its controversial ID Cards scheme could not fall into criminal hands. The security breaches occurred at the Identity and Passport Service, which is setting up the National Identity Register to provide access to individuals' health, financial and police records as part of the 8billion ID card scheme scheduled to begin in 2008. MPs and technology experts have expressed fears that the national register, which will store sensitive details of more than 40million people, will be a honeypot for hackers and identity thieves. Liberal Democrat Home Affairs spokesman Mark Hunter said: 'These revelations show it is folly to put all the precious personal data of our citizens in one place.' Personal information about every British passport holder - including their date of birth, mother's maiden name, address and photographs - is already held in the IPS computers. A Home Office spokesman last night confirmed the IPS security breaches. He also confirmed that three staff involved had been sacked and a fourth had resigned before disciplinary procedures had concluded. The spokesman said none of the security breaches involved'hacking' by outside criminals, and a 'whole range of protocols and procedures' were in place to protect Home Office databases from unauthorised staff use. He said: 'System checks are routinely carried out and any violation is dealt with severely.' The spokesman added that the ID Cards database would be a 'completely different' system. Home Office figures show that the department's databases have been successfully penetrated on average once a year since 2001. Four of these security failures were at databases maintained by the IPS, an executive agency of the Home Office created in April. Computer experts warn that more security breaches are likely to have gone undetected. Phil Booth, of the NO2ID campaign, said government databases would always be vulnerable to unscrupulous staff. 'That these breaches have taken place in the very agency that is supposed to be protecting the identities of every citizen in this country is a damning indictment of the current system,' he said. 'But when you consider that this agency will be running the ID card scheme, it's truly terrifying.' John Tullett, the technology editor of Secure Computing magazine, said the Home Office would be 'naive' to assume that the total of recorded breaches reflects the real number of security violations at the department. He said: 'The trend in IT crime is towards "silent" breaches where very competent criminals get into a system and cover their tracks so they can get in again in future, all without the victim ever knowing.' _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Sun Aug 27 2006 - 22:07:58 PDT