1. Home
  2. Live Updates
  3. Transcripts For BBCNEWS Nicky 20240704 : vimarsana.com

Transcripts For BBCNEWS Nicky 20240704 : vimarsana.com

BBCNEWS Nicky July 4, 2024

Do they get it, what will they do with it, whats in it for them . Who is hacking the hackers, the bots and whatnots. We have malware, ransomware, the dark red, white hats, black hats, grey hats, passwords, how many have you got . What is your mothers maiden name . Its all serious stuff. What are your thoughts and experiences . Share it and we have a panel of experts to share Cyber Security questions. What do you want to know and have you been hacked . . Good morning and good to know you are there. Richard foster has the news was Top Police Officers say they are extremely worried about the possible consequences of a major data breach in Northern Ireland. The name, role of every psni officer has been published online by mistake was that there are seniors dilly mcphee as dissident public groups could plot attacks. Six Water Companies in uk face claims they have overcharged customers. The trade body water body uk says the accusations are without merit. Thejoint uk says the accusations are without merit. The joint Declaration Uk says the accusations are without merit. Thejoint declaration has been signed by leaders of eight countries in South America who will Work Together to tackle deforestation in the amazon. They plan to fight illegal mining and organised crime in the worlds biggest rainforest. Two more contestants forced to click on dancing had been announced. Cyclist, former swimmer and eight time Paralympic Medallistjody Cundy will don the sequence, along with former coronation street star ellie leach. Join us on this one. Loads of questions for you to ask and lots for us all to know and beware of as well. There have been some really famous Data Breaches in recent years. Dixons Carphone Warehouse in 2017, virgin media in 2020, the Payroll Company injune of 2017, virgin media in 2020, the Payroll Company in june of 2023, Payroll Company injune of 2023, Companies Like Payroll Company in june of 2023, Companies Like boots, ba, Payroll Company injune of 2023, Companies Like boots, ba, aer lingus, the bbc, were affected. Although no Banking Details were obtained. The nhs injuly this year, the uks largest trust, st barts, announced it had suffered a ransomware attack. Give us the money. And we will set you free. 08085 909693, 85058, what about your personal Data Breaches, plenty of those, tell us if you have been hacked. And what do you want to know because we have experts to answer the question. Joe tidy, the bbc cyber correspondent. The question. Joe tidy, the bbc cyber correspondent. The question. Joe tidy, the bbc cyber correspondent. Hello, how are ou . Cyber correspondent. Hello, how are you . Good. Cyber correspondent. Hello, how are you . Good. This cyber correspondent. Hello, how are you . Good, this is cyber correspondent. Hello, how are you . Good, this is a cyber correspondent. Hello, how are you . Good, this is a big cyber correspondent. Hello, how are you . Good, this is a big one. Cyber correspondent. Hello, how are you . Good, this is a big one. Jake i you . Good, this is a big one. Jake moore, a global you . Good, this is a big one. Jake moore, a global cyber you . Good, this is a big one. Jake moore, a global Cyber Security moore, a global Cyber Security appetiser for europes largest Internet Security group e set. A former police officer. That bodes well. And doctor victoria baines, professor of it at Gresham College, former lead Europol Cybercrime Centre and Facebook Trust and Security Manager for europe, formally, i think. Security manager for europe, formally, ithink. What Security Manager for europe, formally, i think. What a line up. Joe, this data breach at the Electoral Commission is a big one, isnt it . It Electoral Commission is a big one, isnt it . ,. , Electoral Commission is a big one, isnt it . ,. V Electoral Commission is a big one, isntit . ,. Isnt it . It is, yeah. Its big in terms of isnt it . It is, yeah. Its big in terms of the isnt it . It is, yeah. Its big in terms of the number isnt it . It is, yeah. Its big in terms of the number of isnt it . It is, yeah. Its big in. Terms of the number of people affected, potentially a0 Million People on the Electoral Roll from 201a up to 2022, when they finally discovered the hackers and kicked them out. We dont when they kicked them out. We dont when they kicked them out. We dont when they kicked them out but we know they were in there from August Of 2021 right the way up to october 2022. It was probably longer because when you discover a cyberattack you first of all have to do discover where they are, then get them out and secure the system to stop them getting back in. Its a big one. The interesting thing is, there is obviously the massive amount of data, but thats largely already publicly available data and if the hackers wanted this kind of thing they probably could have got it. What i think is more series from my perspective is that this was a very sensitive public institution, the Electoral Commission, which was hacked and managed to not see the hackers for so long, they were in the system for a long time, they were probably patient, sophisticated adversaries who found their way in and stayed hidden. , w who found their way in and stayed hidden. , m. ,. , hidden. The very fact that democracy is at the heart hidden. The very fact that democracy is at the heart of hidden. The very fact that democracy is at the heart of this, hidden. The very fact that democracy is at the heart of this, because is at the heart of this, because democracy is at the heart of all our fears about the future. Especially with al now being part of the equation. Thats why this would send a chill through a lot of people. Yeah, this has been one of the number one fears with, in a democratic world can hackers get into Electoral Systems and change the vote . That has not happened here, the Electoral Commission are confident that the six by elections that have taken place in the uk during this period were not affected. They say this is partly the dispersal, local councils run elections in this country but also because we have this Old Fashioned and archaic system of pencils and paper and ballot boxes, which is quite hard to hack. What we have seen here is that hackers have found a way in and stayed in and look across e mails, thats the big thing, i think, across e mails, thats the big thing, ithink, they across e mails, thats the big thing, i think, they were watching very closely, i imagine, the hackers, how the Electoral Commission carry out the elections that have happened. We have been worried about the situation, we have not had elections affected by this but we have come a step closer. Where might it leave the argument about electronic voting in future . I think it is a big tick in the box to say we should stay how we are doing it, with pencils and paper. This has been the fear and the worry. What happens if hackers get into Electoral Commission or Electoral Systems around the world and affect things grezda they have done that but they have been unsuccessful. If they wanted to effect a result they havent managed to do that. We dont know what the long tail of this could be. If you have ia months or more access to an institution like the Electoral Commissions e mails, you have a vast amount of data to draw from, in which case you might want to carry out further attacks down the line. We dont know who did this, they are calling them hostile actors but there are usual suspects that come to mind. We dont think it is a criminal attack, it doesnt have the hallmarks of a ransomware or extortion attempt. It looks like a nation state that is hostile and trying to find out whether are weaknesses in the system. This haened weaknesses in the system. This happened in weaknesses in the system. This happened in August Of 2021 so why has it taken so long to come to light . Because the hackers were very smart, all because light . Because the hackers were very smart, all because the light . Because the hackers were very smart, all because the electoral smart, all because the Electoral Commission security wasnt good enough. We dont know how they got in. Usually these things start with an e mail, a phishing attack. Someone in the Electoral Commission would have been sent an e mail that had a piece of malware hidden away in a word document and they accidentally downloaded it and it affected the system. 0r accidentally downloaded it and it affected the system. Or they may have accidentally given credential over to someone for a Cloud Storage or account they have with microsoft or account they have with microsoft or google or whoever. We dont know how it happened but we know they are in for a long time and that means they managed to stay hidden and they probably didnt start downloading things because that often rings alarm bells and that would also tally with what the Electoral Commission have said, they dont see evidence of the hackers have downloaded vast amounts of data in the Electoral Roll because if they had have done it may have alerted the Electoral Commission sooner to their presence. But somehow they found their system was breached in october and there would have been a forensic process that said actually they have been in since august 2021 and then the process of securing the system and kicking them out begins. Listeners and viewers, get in touch if you have experienced this, if you have been hacked. What are your thoughts and questions . Im fascinated that you say they might just have been doing it to see if they could do it. Because you get a bit of that when your credit card, when you are defrauded. You see payments on your Statement Like a7p, a7 p. Just checking it out and testing. A7 p. Just checking it out and testinu. ~ a7 p. Just checking it out and testinu. , ~. ,. , testing. That kind of thing is to see if you testing. That kind of thing is to see if you notice testing. That kind of thing is to see if you notice and testing. That kind of thing is to see if you notice and whether. Testing. That kind of thing is to | see if you notice and whether or testing. That kind of thing is to see if you notice and whether or not it rings alarm bells. Lets take a little bit and then see if we take bigger as we go. I think there is an element of that here but obviously we are talking about two different things. Thats the criminal side of things, taking money from you in a fraudulent way, slowly and carefully. And then you have the cyber espionage, which is what we think this attack was. And cyber espionage, which is what we think this attack was. Cyber espionage, which is what we think this attack was. And what has haened think this attack was. And what has happened in think this attack was. And what has happened in northern think this attack was. And what has happened in Northern Ireland think this attack was. And what has happened in Northern Ireland is happened in Northern Ireland is human error. The addresses and details of so many members of the Police Service of Northern Ireland have been subject to a data breach. That was a mistake from within, it is thought. 0bviously extremely serious given where it happened and to whom it happened. But that is something slightly different. Yes. Something slightly different. Yes, it is, there something slightly different. Yes, it is. There is something slightly different. Yes, it is, there is no something slightly different. Yes, it is, there is no element something slightly different. Yes, it is, there is no element of it is, there is no element of attack. This is someone who works for the Northern Ireland Police Service, and they have accidentally uploaded to the internet a spreadsheet that they shouldnt have done. It is extremely serious, especially with Safety Implications there but thats a classic case of human error. There have been cases, not as serious as this. For example, there was a Government Department that was fined recently, reprimanded by the information commissioners office, where they had accidentally office, where they had accidentally sent a giant list of e mails out to everybody. Instead of putting on a blind carbon copy of your e mail, they accidentally put it in the cc part. Exposing everybody� s e mails. The Police Service of Northern Ireland issue is obviously much more serious and much bigger of a mistake but its that kind of thing, a mistake by an employee that has led to the data breach. You mistake by an employee that has led to the data breach. To the data breach. You know all this stuff to the data breach. You know all this stuff i to the data breach. You know all this stuff. I remember to the data breach. You know all this stuff. I remember going to the data breach. You know all this stuff. I remember going on | to the data breach. You know all. This stuff. I remember going on the course at the bbc about passwords. You must have that in your password, have lots of different passwords. So many of us, wherever we are and wherever we work think, whatever, i willjust wherever we work think, whatever, i will just stick wherever we work think, whatever, i willjust stick in the same one so i can remember them. Whats your own password etiquette best to knock i thought you were going to ask for my password there. I know that, dont worry. A foreign actor told me. Whats Best Practice . The worry. A foreign actor told me. Whats Best Practice . The rules, the basic rules that whats Best Practice . The rules, the basic rules that are whats Best Practice . The rules, the basic rules that are given whats Best Practice . The rules, the basic rules that are given out whats Best Practice . The rules, the basic rules that are given out by basic rules that are given out by the national Cyber Security centre and every Cyber Security expert says its the basic hygiene of information security. For example, dont use the same password across multiple accounts because if one of those services, lets say its an app those services, lets say its an app you downloaded years ago that you only tried out once or twice and then deleted from your phone, if that company is hacked then suddenly they have your e mail, the password that you use for everything and that allows hackers to use simple tricks to get into multiple accounts just by having a go with that E Mail Address and password pair. It is called Credential Stuffing and it is really common and unfortunately people use the same passwords across multiple accounts. Thats number one. The best advice is to use a Password Manager to score leeds store complex passwords in one place meaning you dont have to remember them all. Everything the service i sign up for, create a new and complex password, put it in your manager. It is a fast, i have to use two factor authentication to get into the Password Manager, to get into the Password Manager, to get into my e mail, its a nightmare and it Takes Minutes out of your day but it Takes Minutes out of your day but it stops you, it takes you out of that low hanging fruit basket for hackers. ,. ,~ hackers. Low hanging fruit basket for hackers. Hackers. Low hanging fruit basket for hackers, brilliant. For hackers, brilliant. Interestingly, covid was attributed to a huge rise in data attacks because so many people were doing stuff online. Doctor victoria baines, professor of it at Gresham College. Baines, professor of it at gresham colle. E. , baines, professor of it at gresham colleae. ,. ,. , baines, professor of

© 2025 Vimarsana