Six year old girl hacks UK Parliament

happygeek 0 1K Views

Having a professional interest in security, and a personal distrust of politicians and their promises of providing the same, I was not at all surprised by the findings of a BBC TV investigation that has just been broadcast in the UK. Inside Out, a news reporting and investigative documentary series that most often homes in on fairly lightweight consumer stories, decided to send their reporter to the heart of the UK Parliament, the House of Commons, and test the security provided by one of the most heavily guarded buildings in the British Isles. I’ve attended working group committee meetings there and I know only too well of the advanced information that needs to be supplied, the passes issued, the body searches an x-ray machines at the entrances, the small army of fully armed police that patrol.

Now let’s get one thing straight right up front, the successful security compromise was made easier because a Member of Parliament, Anne Milton (MP for Guildford) agreed to take part in the investigation. She was apparently convinced that no harm could be done by accepting the challenge of leaving her computer unattended in here House of Commons office, with just the reporter to keep it company, for a total of 60 seconds and no more. She was, however, visibly shocked when that reporter managed to compromise the computer in less than 20 seconds using a readily available keylogger application. This would have enabled a hacker to record everything that the MP typed into her PC, from confidential documents to passwords. The implications are, well, obvious.

What is surprising is that the reporter used by the BBC was a six year old schoolgirl, making her quite possibly the youngest hacker to succeed in compromising such a high level target.

What is surprising is that she could do so within the confines of such a sensitive place, without ever being searched for something like a USB memory stick device before entering. Perhaps the security procedure is so wrapped up in looking for the big stuff, the guns, the bombs and the men with beards that the James Bond world of small-scale spying devices has passed them by.

What is not surprising is the lack of any official comment from the powers that be at the House of Commons regarding the incident and the huge hole it has driven through the security of the UK Parliament.

Member Avatar for 1337_MilkMan
1337_MilkMan 1 Newbie Poster

That's why you NEED to use Linux.

Member Avatar for robgmills
robgmills

This is hardly a "hack". What this article tells me was that a 6yo girl was escorted by someone that has the priviledges to be in a secure area to her office, then intentionally left behind and that this person's screensaver timeout wasn't set to 5 seconds? This isn't anything you can prevent. 1) I'm sure this girl wouldn't have gotten so far had she not been in the company of someone with the elevated priviledges; 2) setting a timeout shorter than a couple of minutes is impractical; 3) mr "1337" up there ^ clearly doesn't realize that the OS has nothing to do with this (given notice anyone can write a script that will install a KL automatically). Ask any real security professional and they'll tell you that if someone gets physical access to your computer, there's jack you can do.

Member Avatar for Toulinwoek
Toulinwoek 0 Posting Whiz in Training

An astute observation by "robgmills"; given the details, I think "hacks the UK Parliament" it a bit too strongly stated. Now if this precocious young lady had sat across the street in a drug store with a WiFi handheld and done this, I'd be both impressed and somewhat worried. But given physical access to a security-deficient computer, the only surprising thing is that the kid new how to install the software; I don't know any kids that age who could do that...at least not that I know of.

Member Avatar for >shadow<
>shadow< 11 Posting Pro

1337_MilkMan is 100% correct, If only the UK parliament used Linux Servers, They wouldn't experience the mess

Member Avatar for >shadow<
>shadow< 11 Posting Pro

1337_MilkMan is 100% correct, If only the UK parliament used Linux Servers, They wouldn't experience the mess

Member Avatar for happygeek
happygeek 2,411 Most Valuable Poster

You can install a hardware keylogger device in seconds, no knowledge required other than how to remove keyboard cable and plug into device and device into computer - very small, unless you are looking for it you wouldn't spot it.

OK, hack is putting it strongly, but security was compromised and fairly easily considering the sensitivity of the location. But as I stated in the article, it was made easier by the cooperation of the MP concerned. But to think that this diminishes the importance of the original story or the weakness in the security processes of Parliament is naive. The fact that MP computers are security deificent in the first place is cause for concern enough.

Using a six year old girl to do this was just good TV from the BBC, and makes for a good blog headline of course, mea culpa. :cheesy:

Member Avatar for happygeek
happygeek 2,411 Most Valuable Poster

> Ask any real security professional and they'll tell
> you that if someone gets physical access to your
> computer, there's jack you can do.

Ask any real security professional and they will tell you that if a six year old girl gets physical access to your computer they should not be able to install an application, they should not be able to use an unauthorised USB device. The computer should be locked down to prevent this, it is not rocket science, espeically whenj you consider the location of the computer concerned.

But perhaps that is just evidence of the weakness of the security protocol of Parliament. Perhaps it is assumed that becuase the physical perimeter security is so strong there is no need for such tight security at a network and local PC level. The BBC report proves how wrong that assumption is.

Member Avatar for John A
John A 1,896 Vampirical Lurker

I completely disagree with >shadow< and 1337_MilkMan about Linux. You obviously know very little about it, or else you wouldn't have made those comments.

Keyloggers can be written for any operating system, and there isn't a way that the programmers can prevent one from being written. In fact, they're used in many legitimate cases, so keyloggers are in fact not illegal nor a breach of security. The girl could have just as easily installed a keylogger or some bash script that would have done the same thing.

And I agree with Toulinwoek and robgmills, I think that the title is a little exaggerated. When someone has physical access to a computer, there is nothing that can stop the user. The amazing thing about this is that it's a 6 year-old girl, and that she did this in 20 seconds. But I wouldn't really consider it hacking, especially since she required special privaliges in the first place...

edit - too slow

Member Avatar for venomlash
venomlash 55 Junior Poster

Pull the other one! :rolleyes: Child genii aren't as common as some might think! You sure this wasn't some early April Fool's prank that the BBC made up???

Member Avatar for Sadun89
Sadun89 -16 Junior Poster

Hey.......Now where the position on that girl

Member Avatar for jingda
jingda 135 Industrious Poster

This has been more than 3 years old, can stop reviving it by posting here.

Member Avatar for Sadun89
Sadun89 -16 Junior Poster

oK.....Sry for it....
I just ask to know it........

Member Avatar for jingda
jingda 135 Industrious Poster

Ok, i know you did not intent to do it. And your question, what do you mean by Now where the position on that girl?

Member Avatar for javacle
javacle -2 Newbie Poster

Dis is more of a physical hack

Member Avatar for rowanmelling
rowanmelling -3 Newbie Poster

woooo that was my sister:L

jingda commented: Lame -2
sheltant commented: Awesome...! ROFL -1
Member Avatar for Denmbithi
Denmbithi 0 Newbie Poster

Hacking doesn't mean to be given previllage of access to the computer,so that girl did just install the software.What is amazing young the girl was to do something like that.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Edit Preview