Security Incidents mailing list archives
Re: Source of attack: Russian nuclear facility?
From: David Pick <D.M.Pick () QMW AC UK>
Date: Thu, 10 Aug 2000 21:47:07 +0100
Apologies for the slightly parochial question, but I've been trying to find out who to contact in the UK for incident response. You'd think it would be easy to discover, wouldn't you? I believe it must be Scotland Yard's Computer Crime division, since we appear to have no CERT, but nobody at Scotland Yard has replied to my emails (I assume they're all out on the beat ;-). Does anyone out there in our little Isle know who and what I should list in our Incident Handling policy?
We *do* have a CERT belonging to JANET, the Joint Academic NETwork, see: http://www.ja.net/ for general details; the EMail address is: cert () cert ja net I happen (long story) to know the CCU fairly well. They have, like many specialised units in the Met Police, done special jobs for police forces elsewhere in the country. However, many of those functions are likely to move to NCIS where a new unit is being established. Although I know someone there it's not yet clear what will happen. But they've never been able to deal with all the "simple" incidents. Most local police forces now have the ability to deal with crimes (although they again can't cope with all the "simple" incidents) and don't need to involve the CCU unless there are real complications (usually jurisdictional). The people involved are nearly always a part of the forces "fraud unit" - which makes a lot of sense when you think about it. So if you *do* want to involve the police, the best thing is to contact your local police station to take the initial report, and *insist* that they pass it on to the "computer crime people in the fraud squad". But if you do please be prepared to supply detailed evidence - especially logs. An incident that is continuing will certainly get more attention than one which has happened and is finished, especially since there is more possibility of obtaining more evidence. It's worth noting here that the much discussed "RIP" Act (yes, it's received the Royal Assent), coupled with some statutary regulations currently open for consultation, will almost certainly explicitly allow people to monitor their own computer systems to deal with cases of misuse. (I am not a lawyer, but that's the way *I* read it.) More will become clear RSN - the "start date" is 2nd October. -- David Pick
Current thread:
- Re: Source of attack: Russian nuclear facility?, (continued)
- Re: Source of attack: Russian nuclear facility? Vitaly Osipov (Aug 08)
- Re: Source of attack: Russian nuclear facility? Ian Eure (Aug 08)
- Re: Source of attack: Russian nuclear facility? //Stany (Aug 08)
- Re: Source of attack: Russian nuclear facility? Pavel Lozhkin (Aug 09)
- Re: Source of attack: Russian nuclear facility? JLNelson (Aug 08)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? Richard Johnson (Aug 10)
- Re: Source of attack: Russian nuclear facility? T. H. Haymore (Aug 09)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? J. Oquendo (Aug 08)
- Re: Source of attack: Russian nuclear facility? Doug Winter (Aug 10)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 13)
- Re: Source of attack: Russian nuclear facility? WebFusion System Administrator (Aug 13)
- Re: Source of attack: Russian nuclear facility? Richard_Bartlett (Aug 13)
- Re: Source of attack: Russian nuclear facility? Matthew Joyce (Aug 13)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 23)