Security news
Security news3 September 2008
The National Hi-Tech Crime Unit has its own identity snatched Websites still link to NHTCU, but domain name has changed ownership
IT security and control firm Sophos is calling on UK authorities to take more control of both their current and old websites following the discovery that the Government no longer owns the domain name for the now defunct National High Tech Crime Unit (NHTCU) - www.nhtcu.org.
The NHTCU came to an abrupt end in April 2006 when its work was transferred to the Serious Organised Crime Unit (SOCA). Yet, websites around the world still link to and point readers to NHTCU site - as recently as this weekend, the BBC linked to the website from a story about NASA hacker, Gary McKinnon. However, earlier in the week, Sophos experts discovered that the site is no longer owned by the UK Government, but by an enterprising German internet marketer who bought the domain on August 2nd 2008.
"While there is no sign of malicious content or adware on the site at the moment, there's no guarantee this situation is going to remain the same forever," said Graham Cluley, senior technology consultant at Sophos on his blog. "If you can steal the identity of the National Hi-Tech Crime Unit from right under the Government's nose then what message does that give the world about the state of the nation's computer security? Letting the domain name go like this demonstrates a sloppiness on the part of the authorities."
Experts at Sophos note that while the current owner, Uwe Matt, has done nothing illegal in buying the site, the authorities should never have allowed this to happen. According to the company, it's likely that Matt bought the site in order to get higher rankings on search websites like Google, but that there is nothing to stop him selling the website domain on to someone else who may use the site to host malicious code or spam-related content. With reputable organisations still linking to the site, the danger is that innocent computer users could accidentally find themselves the victim of a cyber attack.
"In the worst possible scenario, fraudsters could in future use the site to pretend to be the National High Tech Crime Unit and try and harvest confidential information from computer crime victims," continued Cluley. "This situation may never arise, but the message is clear - all organisations must take proper care of their website domains, especially if they are widely linked to from other sites."
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
