Tuesday, August 07, 2007

The NIR Can and Will be Compromised

There is no reason for anyone to think that the National Identity Register will not be compromised. Nobody serious in IT thinks that any networked computer system is immune to hackers, and that's before you consider extrusion rather than intrusion; it's a horrible misuse of English, but it's the term used for attackers who come from within. The best way to get access to any computer is to subvert the user, short of literally running off with the machine to experiment on it in private.

This is perhaps the most important lesson from the conviction of Nottingham speed-dealer and all-round bastard Colin Gunn. Gunn was a very modern crook; his graduation from cheque kiting to protection rackets and eventually major drug importing, his powerbase on a post-industrial bombed-out estate, his part-useful and part-suicidal persona fuelled by a paranoid gaggle of cocaine and steroids. (The Garda Siochana describe similar folk as "cocaine androids".) But what marks him out is the special attention he gave to subverting people with access to Big Databases.

To start with, he induced two cops to get him information from the HOLMES2 intelligence database about the police investigation into the murder of the parents of another crook who attempted to kill his son. This helped him to keep ahead of the Bill, and also to terrorise witnesses and detectives on the case. Astonishingly, a paper copy of his police file went missing and turned up in his possession.

But it wasn't just police leaks. John and Joan Stirland were located using information the Gunns obtained from another asset of theirs; this time, someone at BT with access to the billing records. One wonders what other sources he had, and for that matter, how many other 'roid-ridden scumbags have this kind of access. It is suggested that one of the bent coppers, Charles Fletcher, was deliberately planted in the police force. More politically, the animal-rights nuts are known to have had a source in the DVLA, and the West London jihadi cell that was caught with a ton of ammonium nitrate had been trying to recruit employees of National Grid-Transco and BT. (Update: In comments, Chris Williams reminds me that the PNC's non-traditional users include the Saudi Embassy. He also claims that having met me, he can confirm I'm not actually a sinister committee. The poor fool; how does he know he met all of them?)

I refer to my remarks back in October, 2004:
Better yet, the possibilities for an infiltrator in the development team who build the system would be literally without limit. They could set up back-door access to the database or even add extra fields of information hidden to other users. The biggest security system we build must, by definition, be the biggest security risk.

One of the many criticisms of the NIR and the ID card is quite simply that it's the biggest honeypot for information thieves on earth.


Anonymous said...

Next most relevant data point - in 2004 a Met PC got 2 and half years for running a search on demand service in the police national computer for the Saudi Embassy.

HMIC appear to be worried about this issue, and they have every right to be. Here's the index of their (apparently ongoing) thematic inspections of police force PNC procedures:

A random sampling of these (try searching on 'system security') indicates that there are a lot of stable doors being bolted right now. All of them? Time will tell.

Given the nature and size of the PNC, and of the institution that has normal access to it, there's a remote chance that it could be made reasonably secure. But it's very much a best case situation. NIR? No chance.

PS - I am now at liberty to confirm to the world that Alex exists, and is not a sinister committee of all the talents. Is this reassuring?

Chris Williams

dirty dingus said...

One of the things I tried to get across in my short story about the ID card scheme is that bolting stable doors will lead to all sorts of problems. In my story I looked at the problem of trying to counter ID theft crooks causing trouble for genuine error correction, but the same would apply to other parts of the creaking monstrosity.

Dr Dan said...

The other thing to remember about the NIR is what a stupendous holy grail the ability to subvert, duplicate or create even superficially genuine ID cards would be.

We've all experienced things like this: take one dumb shop assistant, a computer, and an item. You can see the item on the shelves, the assistant can see it, but since the computer says it doesn't exist the shop assistant won't acknowledge that it exists.

Computer-induced stupidity, it is.

Now imagine what happens with ID cards. ID cards will be billed as a means of ABSOLUTELY proving a person's identity, and because of the infeasibility of doing biometric lookups against a central database, all the ID checks will be against the chip in the card.

So, the hardware in the possession of the person giving it is the gold standard against which that person's identity is to be measured. What cackle-brained idiot thought that one up?

All a crook has to do is create a chip and info which the reader machine will acknowledge as genuine, and hey presto the crook has an unassailable proof of identity, and moreover thanks to computer-induced stupidity (the computer is your friend, citizen; trust the computer!) no matter how dodgy the premise, no matter how ropey the forgery the dumbarse checking it will accept it as genuine if the computer does.

The NIR is therefore a goldmine for crooks and petty fraudsters through forgery of ID cards, a heaven-sent opportunity for foreign criminals wanting multiple identities, and a honeypot of ID theft information such as has never been gathered together in one place before at any time.

To put it simply, this is an expensive, counterproductive boondoggle.

kostenloser Counter