 |
| Advertisement |
- Security experts say crooks could steal people's IDs and sell them on to scammers
Cyber
hackers have stolen people’s login details for a key Government website
used by millions of Brits, ministers have admitted.
Cabinet
Office Minister Matt Hancock dramatically revealed malicious software
had been used to “harvest” access details from people’s computers for
the Government Gateway site – which handles everything from tax returns
to parking fines.
Cyber
security experts branded the revelation “worrying” and said crooks could
use the information to steal people’s identities or sell it on to
scammers looking to fleece people for cash.
SENSITIVE PERSONAL DETAILS
They warned
stolen usernames and passwords would give crooks access to sensitive
personal details like names, addresses and dates of birth – and allow
them to order official Government documents like driving licences to be
used for ID fraud.
And they said Eastern European gangs were the most likely perpetrators.
The cyber
theft emerged as Mr Hancock denied reports that the Government Gateway
itself had been hacked and sensitive details put up for sale on the dark
web.
In a written
Parliamentary answer to Labour’s shadow Cabinet Office minister Louise
Haigh, he said: “To date the security reports on the Government Gateway
system have shown no indication of a cyber security breach.
“We are aware Government Gateway credentials stored outside government systems have been harvested by malware.
“This
highlights the importance of users implementing and maintaining good
security practices, for example, installing and updating anti-virus
software, as well as never sharing or using a single password for all
internet activities.”
‘BREACH PRETTY FRIGHTENING’
He also
revealed security was being beefed up on the massive mainframe, saying:
“We will continue to increase our levels of security monitoring and
management on all our systems.”
The Government was unable to say how many people might have been affected – sparking fury from Ms Haigh.
She told The
Sun: “This potentially vast breach of the data and personal information
of thousands of individuals is pretty frightening.
“The
Government Gateway data includes such sensitive personal information as
the details of child maintenance payments, state pensions and
individuals on the childminder register.
“Remarkably,
it is not clear if the Government even knows the extent of the breach
or which individuals have been the victim of malware and have made no
commitment to doing anything to put it right.
“Ministers
should urgently write to all users of the service telling them about the
breach and advising them on how to change their passwords to they can
keep their sensitive personal information safe.”
CROOKS HARVESTING INFO
Malware are
programs which infect your computer – usually without you knowing –steal
your details and send them back to crooks who can then either use the
details or sell them on.
Professor
Alan Woodward, cyber security expert at the University of Surrey who has
worked for the Government in the past, spelled out the potential danger
to Brits from criminals harvesting their login details.
He said:
“The problem with the Government Gateway is everything is on there. One
of the things the government over many years has been good at is
digitising services – putting them online. So things like your driving
licence, tax returns and so on are all part of the Government Gateway.
“So there is
a danger that people could theoretically start to impersonate you by
getting Government documents which are accepted as official proof of
identity.
“So you go
into the driving licence portal, change the photo and address and
suddenly you have got a new driving licence in the victim’s name. The
potential for identity theft is quite worrying.
“You could also cause havoc in somebody else’s life.
“And it
opens the door to scammers who can phone you and pretend to be from your
bank and ask to verify your date of birth and postcode – before then
getting bank details.”
Independent
security consultant Kevin Wharram added: “This information can be used
for fraud and ID theft. It’s most likely to have been cyber criminals
from Russia or Eastern Europe. The Chinese tend to go in for
nation-state espionage, but gangs in Eastern Europe and former Soviet
states are into this and selling it online.”
A Government
source claimed Mr Hancock was not referring to a specific incident but a
“general problem” of malware stealing login details – including for the
Government Gateway.
And they
urged people to consider beefing up their own security online by using
more complex passwords and robust anti-virus programmes.
PROFILES FOR SALE ON DARK WEB
A spokesman said: “It is essential that everyone knows how to protect themselves, and visits getsafeonline.org or cyberstreetwise.com for advice.”
Last week it
was claimed tens of thousands of profiles stolen from the Government
Gateway were for sale on the dark web for £49 – though data experts
disputed the claim and said criminals were “bigging up” what they had.
In 2008
ministers ordered an emergency shutdown of the portal after a memory
stick was found in a pub car park containing confidential passcodes to
the system.
0 Post a Comment: