It appears that several government websites have been hacked. Of interest is the NIS website which has been the subject of robust discussion in recent days – http://www.bginis.gov.bb/, http://www.lawcourts.gov.bb/, http://www.barbadospolice.gov.bb/images/, http://www.zone-h.org/archive/notifier=Xrapt0r, http://bao.gov.bb/
Barbados Underground 
@ Chris
If the web sites / internet crashed or had a blip-would it matter in the big scheme of things
To chris and TMB:
I have to go now, but I hope to check in later after 10 to see what your assessment of this attack is. I believe it is very important that we know.
To Chris, terrorists would not waste their time, the major ones that is, pulling off any thing in Barbados, unless the president or some high level figure was here. They know that the news people would be around. An act of terror reported on CBC would not even get on my TV far less CNN or the BBC the audience they really want to have. We are of a very low news value.This could be the beginning of economic warfare; we have everything that models developed countries; we could be part of games theorists history.
We are all different as people. Let us appreciate it!
@ CHRIS
“Well, what do you think?”
When the story broke – do we know how much time the government’s network engineers had to do the necessary window dressing?
Being able to access the government website after the damage was done and subsequently REPAIRED* is the window dressing we’ve come to expect from our government…
When the INFO* was leaked that there was a HACK* – one assumes that the “dirty deed” had already been perpetrated…
@ LEMUEL
I gone too BRUV*… Time to hug up the wife…
Be interesting to see how this story develops as more news becomes available…
@ christoph
Yes do please let us know what your findings aren’t in approx 2hrs
@TMB: “Based on what you said – once you’ve been compromised – it is difficult again to be fail-safe!!!
Once a machine has been compromised, it needs to be completely reinstalled from fresh media and then the web sites reinstalled from backups after a security audit of each and every file.
The reason is it is almost impossible to tell if some back door has been installed; an executable trojaned, etc.
@TMB: “So my question CHRIS* is this: WHY IS CABLE & WIRELESS SO SLACK???
We do not know this was C&W’s fault. It could have been one (or more) of the hosted web sites had a weak Content Management System (CMS) and/or used weak passwords for their Secure SHell (SSH) (or, god forbid, File Transport Protocol (FTP) or Telnet) account(s).
But once a “cracker” (the preferred term in the industry — a “hacker” is someone who’s particularly good at what they do) has write access to a machine all bets are off.
It is suspected, for example, that several countries have teams looking for and then using what are known as “zero-day exploits” on various operating systems. This means that privilege escalation can be achieved once code can be uploaded to and then executed on the machine. In the case of a web server, one vector is the code is uploaded into the “CGI-BIN” directory, and then simply accessed from a web browser.
@TMB: “You referenced [2] standard IP addresses which seems to host a whole group of government and party sites… IS THIS SECURITY VIABILITY? or telecommunication rationing???
It is very common to have many sites hosted on one machine / IP address.
This is fine for “brochure” or “news” sites — those that present information to the public but without holding or processing sensitive information. There is still the risk, however, of the site(s) being compromised and “malware” being placed on the site which the users unknowingly download and execute (in the case of Javascript, Java, ActiveScript et al) or install.
Any site which processes sensitive information should be on a dedicated server (read: no other web sites hosted thereon). These can be “virtualized” along with other such sites within another server so long as the root host is very strongly locked down, and there is no possibility of “leakage” across the virtualized servers.
@lemuel: “This could be the beginning of economic warfare; we have everything that models developed countries; we could be part of games theorists history.
The majority of Cybercrime *is* motivated by economic advantage. And while Barbados is small, we’re not insignificant.
Let me please put this out there for consideration — several web servers here in Bim were compromised. We don’t know how deeply.
Is it not reasonable to assume the possibility that several e-mail servers were compromised as well?
How many of you use Gnu Privacy Guard to encrypt your e-mail when sending sensitive information?
Perhaps we should hold a “BU Key Signing Party”?
chris
as you know everything about everything
what about cloud computing technology is that safe
what about suing the government in a class action for not protecting and securing confidential / personal data
is there better things to do on a friday night
@kiki: “chris as you know everything about everything
what about cloud computing technology is that safe
I don’t know everything about everything. I can’t dance nor sing, for example. But I know a lot about ICT.
But to your question, no, “cloud computing technology” is not intrinsically safe. Quite the opposite, in fact.
When you “go to the cloud” (a Micro$oft phrase coined in a pathetic attempt to distract from Goggle) you entrust your data to the integrity of those who run the “cloud” you happen to be using.
@kiki: “what about suing the government in a class action for not protecting and securing confidential / personal data
Worth a try. Who will lead?
And, more importantly, what is hoped to be achieved by such an action?
Worth a try. Who will lead?
—
I delegate the BU possie, I think Hants is a lawyer
victims of breaches of data protection s/b compensated
@kiki… But, my dear, you didn’t answer my second and more important question:
“…what is hoped to be achieved by such an action?
compensated- for loss of data and/or services
i.e. money
@kiki: “compensated- for loss of data and/or services i.e. money
How would you prove the damage?
^CH
by freedom of information requests to government agencies
queries about personal data held on government files
data access issues
data protection
make some complaints etc
@kiki: To your October 14, 2011 at 6:28 PM…
Was that intended to be coherent?
^CH
its a shortlist of points
if governments screw up handling confidential data or implementing poor security they are held accountable
– if that is the case
Could it be the Chinese Government? They have been suggested to be implicated in previous hacking attempts.
If so, should we expect another attack soon?
After all, you normally have a Chinese, then 2 hours later, you want another one.
Has the government issued a statement on this matter?
BU has been told this is a website where mobile phone users can register their IMEI number to track mobile device if stolen.
http://www.trackimei.com/RegisterIMEI.aspx
The Chinese Gov’t or its agents have been known to infiltrate the websites of Western Gov’ts or Corporations in search of military or industrial secrets (curiously we don’t hear when Western Agencies tap into Chinese Gov’t websites) so to tap into Barbados Gov’t websites would be like taking candy from a baby ( flawed analogy a baby would fight back). Most Gov’ts don’t like to admit it because they want the public to know that their websites have been compromised but the news leaks out anyway.
I don’t know why the Chinese would want to hack into Barbados Gov’t websites all they have to do is read BU for any Gov’t secret.
@St. George etc. how did you manage to mangle that joke?
In keeping with providing the community with the highest level of entertainment here is an old Chinese joke compliments of Lord Blaikie
@Sargeant: “The Chinese Gov’t or its agents have been known to infiltrate the websites of Western Gov’ts or Corporations in search of military or industrial secrets (curiously we don’t hear when Western Agencies tap into Chinese Gov’t websites).
Are you familiar with ECHELON?
This is simply the next step; where everyone willing to invest some talent can play.
The issue raised here was one of my biggest concerns when I first heard about the Free Wifi Initiative being promoted in Barbados. Not that I am saying that they are directly linked and that Free Wifi is a bad thing. But my concern is that by providing an “island wide” free public access to Internet, persons can maliciously inflict harm and launch attacks with greater anonymity and less fear of prosecution. The hospitality clients that I have deployed free guest wifi for, implement a user acknowledgement and account generation to ensure each user is accountable for there actions on the network. The MPAA and the like, track down the biggest offenders of piracy by tracing the IP address they used to download the content, then contact the ISP to enforce bans or punishments on their subscribers. I can see some good war driving occurring.
How long does it take to restore a website will it be week or two. Maybe a month or more. Just show the we are not ready to compete in the world
@anthony
A solid point.
Can anyone advise what is the status of governments ecommerce strategy? Government’s Portal seems to be mainly informational. Could it be we have Permanent Secretaries who are dinosaurs?
@anthony: “How long does it take to restore a website will it be week or two. Maybe a month or more. Just show the we are not ready to compete in the world
It might be a function of when the web-site’s owners are comfortable with the hosting server. If it hasn’t been “reinstalled”, it should not be trusted.
Alternatively, it might be when the web-site’s owners find alternative hosting arrangements.
Personally, I spend BDS $20 a month for virtual serving of an unlimited number of sites on a shared server with unlimited bandwidth per month, and BDS $110 a month for a dedicated co-located server which only I have control of which has 2 TB of bandwidth per month.
But, to put on the table, those sites which are not back on-line might be doing the correct thing.
Recently Sony Online was hacked and was down for three months, so all this talk about competing with the world is nonsense. They have the best cyber security experts in the world at their disposal… it isn’t a matter of only getting the site back up, but investigating the attack and plugging the security hole.
Pingback: Barbados Being Left behind, Where Is The Leadership? |
sony online is not a website. it a portal. the comparison is little at best since they need to rebuild the whole portal from the ground up. As for best cyber security that not true many other people kept tell them their servers where open but sony ignored them.