Security Incidents mailing list archives
Re: Source of attack: Russian nuclear facility?
From: David Pick <D.M.Pick () QMW AC UK>
Date: Thu, 10 Aug 2000 21:47:07 +0100
Apologies for the slightly parochial question, but I've been trying to find out who to contact in the UK for incident response. You'd think it would be easy to discover, wouldn't you? I believe it must be Scotland Yard's Computer Crime division, since we appear to have no CERT, but nobody at Scotland Yard has replied to my emails (I assume they're all out on the beat ;-). Does anyone out there in our little Isle know who and what I should list in our Incident Handling policy?
We *do* have a CERT belonging to JANET, the Joint Academic NETwork, see:
http://www.ja.net/
for general details; the EMail address is:
cert () cert ja net
I happen (long story) to know the CCU fairly well. They have, like many
specialised units in the Met Police, done special jobs for police forces
elsewhere in the country. However, many of those functions are likely to
move to NCIS where a new unit is being established. Although I know
someone there it's not yet clear what will happen.
But they've never been able to deal with all the "simple" incidents.
Most local police forces now have the ability to deal with crimes
(although they again can't cope with all the "simple" incidents) and
don't need to involve the CCU unless there are real complications
(usually jurisdictional). The people involved are nearly always
a part of the forces "fraud unit" - which makes a lot of sense when
you think about it. So if you *do* want to involve the police, the
best thing is to contact your local police station to take the initial
report, and *insist* that they pass it on to the "computer crime people
in the fraud squad". But if you do please be prepared to supply
detailed evidence - especially logs. An incident that is continuing
will certainly get more attention than one which has happened and is
finished, especially since there is more possibility of obtaining
more evidence.
It's worth noting here that the much discussed "RIP" Act (yes, it's
received the Royal Assent), coupled with some statutary regulations
currently open for consultation, will almost certainly explicitly
allow people to monitor their own computer systems to deal with
cases of misuse. (I am not a lawyer, but that's the way *I* read it.)
More will become clear RSN - the "start date" is 2nd October.
--
David Pick
Current thread:
- Re: Source of attack: Russian nuclear facility?, (continued)
- Re: Source of attack: Russian nuclear facility? Vitaly Osipov (Aug 08)
- Re: Source of attack: Russian nuclear facility? Ian Eure (Aug 08)
- Re: Source of attack: Russian nuclear facility? //Stany (Aug 08)
- Re: Source of attack: Russian nuclear facility? Pavel Lozhkin (Aug 09)
- Re: Source of attack: Russian nuclear facility? JLNelson (Aug 08)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? Richard Johnson (Aug 10)
- Re: Source of attack: Russian nuclear facility? T. H. Haymore (Aug 09)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? J. Oquendo (Aug 08)
- Re: Source of attack: Russian nuclear facility? Doug Winter (Aug 10)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 13)
- Re: Source of attack: Russian nuclear facility? WebFusion System Administrator (Aug 13)
- Re: Source of attack: Russian nuclear facility? Richard_Bartlett (Aug 13)
- Re: Source of attack: Russian nuclear facility? Matthew Joyce (Aug 13)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 23)