Transport for London plans to make £322m by collecting Tube users' location data and potentially selling it to third parties. At the end of 2016, TfL ran a pilot which tracked the Wi-Fi signals from 5.6 million phones as people moved around the London Underground, even if they weren't connected to a Wi-Fi network.
TfL publicly stated that the purpose of the scheme was to use the aggregated, anonymised data "to better understand how people navigate the London Underground network, allowing TfL to improve the experience for customers". It is now in consultation about tracking passengers on a permanent basis.Read more
UK home secretary Amber Rudd has called on messaging apps like WhatsApp to ditch end-to-end encryption, arguing that it aids terrorists.
Writing in The Telegraph on Tuesday, the Conservative minister said that "real people" don't need the feature and that tech companies should do more to help the authorities deal with security threats. But activists have reacted with concern to her remarks, blasting them as "dangerous and misleading." Strong end-to-end encryption involves encoding messages or data so it cannot be read by anyone other than the intended recipient — including the company whose tech encrypts it, or law enforcement with a warrant.Read more
The British government issued new guidelines on Sunday requiring manufacturers of internet-connected vehicles to put in place tougher cyber protections to ensure they are better shielded against hackers.
The government said it was concerned that smart vehicles, which allow drivers to do things such as access maps and travel information, could be targeted by hackers to access personal data, steal cars that use keyless entry systems, or take control of technology for malicious reasons. The new guidelines will also ensure that engineers seek to design out cyber security threats as they develop new vehicles, the government said.Read more
The government digital service is to make users of its data.gov.uk website change their passwords, following a security breach. It said a database of usernames and email addresses had been discovered on a publicly accessible system during a routine security review.
The data.gov.uk site lets registered users browse information published by a variety of government departments. The GDS has informed the information commissioner of the leak. A GDS spokeswoman told that the breach had affected only data.gov.uk accounts, and people with separate accounts for other government websites were not affected.Read more
Parliament has been hit by a cyber attack, officials at Westminster say. The "sustained" hack began on Friday night, prompting officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.
The parliamentary authorities said hackers had mounted a "determined attack" on all user accounts "in an attempt to identify weak passwords". Government sources say it appeared the attack has been contained but it will "remain vigilant". A parliamentary spokeswoman said they were investigating the attack and liaising with the National Cyber Security Centre.Read more
The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless. The report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point. But the report’s authors, the British American Security Information Council, expressed scepticism.Read more
Cyberattacks against businesses operating in the UK are more prevalent than ever yet many customers may never become aware about major hacking incidents as the majority of firms are not required by law to report breaches to public bodies.
Survey results released by DCMS stated that "nearly half" of UK firms sampled had identified a "breach or attack" in the last year. It was carried out by Ipsos Mori and included 1,523 UK-based businesses in total. "While breaches do not always result in a material outcome, such as loss of data or network access, in cases where this does happen, it has a significant impact on the organisation," it warned.Read more
Amber Rudd has called for the police and intelligence agencies to be given access to WhatsApp and other encrypted messaging services to thwart future terror attacks, prompting opposition politicians and civil liberties groups to say her demand was unrealistic and disproportionate.
The home secretary said it was “completely unacceptable” that the government could not read messages protected by end-to-end encryption and said she had summoned leaders of technology companies to a meeting to discuss what to do. Rudd refused to rule out passing new legislation to tackle encrypted messaging if she did not get what she wanted.Read more
A malware attack which forced parts of the UK's largest hospital group offline has been blamed on a new form of malware, which bypassed antivirus software and infected the network.
A January cyberattack against Barts Health NHS Trust -- which incorporates five East London hospitals, 15,000 staff, and provides care to millions of patients a year -- resulted in a number of computer systems being shut down as a precaution. s a result of the attack, the Barts Health pathology system was taken offline before eventually being restored a few days later. The hospital said the virus didn't gain access to patient data.Read more
Cybercriminals do stuff online, so punish them by taking away their internet access. It’s as simple as taking a crowbar from a burglar. Or is it? Some outside-the-box thinking by a top cop this week has triggered a debate among cybersecurity types about young offending and punishment.
Gavin Thomas, the president of the Police Superintendents’ Association of England and Wales, suggested that Wi-Fi jammers – devices worn on the ankle or wrist to block the internet – could serve as a smarter punishment for cybercrimes than prison. “We have got to stop using 19th-century punishments to deal with 21st-century crimes,” he said.Read more