- Email: [email protected]
Barnardo's strengthens access control for database of children
NEWS
UK ‘super hacker’ loses final appeal against extradition John Sterlicchi US prosecutors have won their legal battle before British highest court to extradite ‘super-hacker’ Gary McKinnon. Members of the House of Lords made their ruling after a sixyear fight by McKinnon. He will stand trial for breaking into US defense and NASA computer systems, allegedly causing £350 000 worth of damage. The charges carry a potential 70year prison sentence. The five Law Lords who made the judgment, which was announced July 30, all dismissed McKinnon’s appeal. The Law Lords heard that McKinnon had broken into over 73 000 American government computers. McKinnon was appealing against an extradition order made by a lower court in 2006. McKinnon told reporters just before the hearing that he started hacking in 1999, looking for evidence of extraterrestrial beings and technology, which he believed the US government to be hiding. However he denied causing any damage to the computer systems. His appeal was based on the claim that the terms of a plea bargain offered to him by US prosecutors put “unconscionable pressure” on him to give up his right to an extradition hearing.
His lawyers argued that the pressure on him to accept a plea bargain amounted to “an unlawful abuse of the court process”. McKinnon is accused of causing the entire US army’s Military District of Washington network of more than 2 000 computers to be shut down for 24 hours. When McKinnon was indicted, Paul McNulty, US Attorney for the Eastern District of Virginia, said: “Mr. McKinnon is charged with the biggest military computer hack of all time.” McKinnon told the Observer newspaper he broke into the supposedly most secure computer systems in the world from his apartment in north London. Using the computer language Perl and a cheap PC, McKinnon linked a number of computer systems to search for US databases that were not protected by a password. “I could scan 65 000 machines in less than nine minutes,” McKinnon said. McKinnon unearthed unprotected computer systems operated by the US army, the navy, the Pentagon and NASA. On every system he hacked, he left messages. “It was frightening because they had little or no security,” he told the newspaper. “I was always leaving messages on the desktop saying, ‘your security is really crap’.”
Barnardo’s strengthens access control for database of children Warwick Ashford, Computer Weekly UK children’s charity Barnardo’s has upgraded the identity management capability of its IT systems to link directly to ContactPoint, the government’s planned database of all children in England. Barnardo’s will be one of the first non-government organisations to federate employees digital identities to the database designed to improve communication between children’s support services. ContactPoint is part of the government’s Every Child Matters programme set up in response to the public inquiry into death of eight-year-old Victoria Climbié in London in November 2000. The inquiry recommended in 2003 that the government investigate the feasibility of a database to provide the contact details of practitioners or services involved with any child. A lack of co-ordination between services within several local authorities was largely blamed for the failure to prevent the death of Victoria Climbié as a result of abuse by her guardians. Bob Darby, information services director of Barnardo’s, said the organisation supports anything that will help communicate with 150 local authorities to “connect the dots” to improve services to children. “If a straightforward, obvious, sensible IT system gets us there, we are absolutely for it. We don’t want another case like Victoria Climbié and we have proved it works in trials,” he said. The government said ContactPoint will provide a quick way for practitioners across education, health, social care and youth offending to find out who else is working with the same child.
Privacy groups have raised concerns about the children’s database after several public data leaks, but the government has said it will contain only basic information and no case details. The government has also set strict security requirements for access to the system, including a full audit trail, two-factor authentication, and secure exchange of authentication and authorisation data. To meet these requirements and to enable access to ContactPoint through its own case management system, Barnardo’s is to implement Oracle’s Identity and Access Management (IAM) software. Darby said it would have been impractical for the internal identity management team to take on the extra responsibility of access to ContactPoint for more than 3 000 practitioners in 400 services. “The Oracle software will automate the whole process as well as provide standards-based tools for integration with our own ERP system and other external third party systems in future,” he said. Darby said the software will help position Barnardo’s for the likely trend of increased multi-agency work requiring integration with other IT systems. The implementation of the Oracle IAM software at Barnardo’s is expected to go live at the same time as the ContactPoint early adopter programme towards the end of 2008.
JULY/AUGUST 2008
is055p6_9.indd 7
7
05/08/2008 10:25:22
UK ‘super hacker’ loses final appeal against extradition John Sterlicchi US prosecutors have won their legal battle before British highest court to extradite ‘super-hacker’ Gary McKinnon. Members of the House of Lords made their ruling after a sixyear fight by McKinnon. He will stand trial for breaking into US defense and NASA computer systems, allegedly causing £350 000 worth of damage. The charges carry a potential 70year prison sentence. The five Law Lords who made the judgment, which was announced July 30, all dismissed McKinnon’s appeal. The Law Lords heard that McKinnon had broken into over 73 000 American government computers. McKinnon was appealing against an extradition order made by a lower court in 2006. McKinnon told reporters just before the hearing that he started hacking in 1999, looking for evidence of extraterrestrial beings and technology, which he believed the US government to be hiding. However he denied causing any damage to the computer systems. His appeal was based on the claim that the terms of a plea bargain offered to him by US prosecutors put “unconscionable pressure” on him to give up his right to an extradition hearing.
His lawyers argued that the pressure on him to accept a plea bargain amounted to “an unlawful abuse of the court process”. McKinnon is accused of causing the entire US army’s Military District of Washington network of more than 2 000 computers to be shut down for 24 hours. When McKinnon was indicted, Paul McNulty, US Attorney for the Eastern District of Virginia, said: “Mr. McKinnon is charged with the biggest military computer hack of all time.” McKinnon told the Observer newspaper he broke into the supposedly most secure computer systems in the world from his apartment in north London. Using the computer language Perl and a cheap PC, McKinnon linked a number of computer systems to search for US databases that were not protected by a password. “I could scan 65 000 machines in less than nine minutes,” McKinnon said. McKinnon unearthed unprotected computer systems operated by the US army, the navy, the Pentagon and NASA. On every system he hacked, he left messages. “It was frightening because they had little or no security,” he told the newspaper. “I was always leaving messages on the desktop saying, ‘your security is really crap’.”
Barnardo’s strengthens access control for database of children Warwick Ashford, Computer Weekly UK children’s charity Barnardo’s has upgraded the identity management capability of its IT systems to link directly to ContactPoint, the government’s planned database of all children in England. Barnardo’s will be one of the first non-government organisations to federate employees digital identities to the database designed to improve communication between children’s support services. ContactPoint is part of the government’s Every Child Matters programme set up in response to the public inquiry into death of eight-year-old Victoria Climbié in London in November 2000. The inquiry recommended in 2003 that the government investigate the feasibility of a database to provide the contact details of practitioners or services involved with any child. A lack of co-ordination between services within several local authorities was largely blamed for the failure to prevent the death of Victoria Climbié as a result of abuse by her guardians. Bob Darby, information services director of Barnardo’s, said the organisation supports anything that will help communicate with 150 local authorities to “connect the dots” to improve services to children. “If a straightforward, obvious, sensible IT system gets us there, we are absolutely for it. We don’t want another case like Victoria Climbié and we have proved it works in trials,” he said. The government said ContactPoint will provide a quick way for practitioners across education, health, social care and youth offending to find out who else is working with the same child.
Privacy groups have raised concerns about the children’s database after several public data leaks, but the government has said it will contain only basic information and no case details. The government has also set strict security requirements for access to the system, including a full audit trail, two-factor authentication, and secure exchange of authentication and authorisation data. To meet these requirements and to enable access to ContactPoint through its own case management system, Barnardo’s is to implement Oracle’s Identity and Access Management (IAM) software. Darby said it would have been impractical for the internal identity management team to take on the extra responsibility of access to ContactPoint for more than 3 000 practitioners in 400 services. “The Oracle software will automate the whole process as well as provide standards-based tools for integration with our own ERP system and other external third party systems in future,” he said. Darby said the software will help position Barnardo’s for the likely trend of increased multi-agency work requiring integration with other IT systems. The implementation of the Oracle IAM software at Barnardo’s is expected to go live at the same time as the ContactPoint early adopter programme towards the end of 2008.
JULY/AUGUST 2008
is055p6_9.indd 7
7
05/08/2008 10:25:22