Wednesday, May 25, 2011

Attack on Central Bank Files Defeated

25/05/2011--FIRST CITY--The Government of Kemetia has today revealed that in the early hours of 17th May, intruders managed to bypass the security system of the Kemetian Web Portal and upload illegal materials onto the server containing the operating system and data of the Central Bank. No bank accounts were compromised, and all information has been kept confidential and sound, according to security personnel now assigned to the Central Bank.

His Sovereign Majesty is said to be extremely perturbed by his own late notification of the security breach, telling his associates that he was only informed this morning by an independent security firm connected with the government's web hosting service.


In a letter forwarded to the Tribune by the Office of His Sovereign Majesty King Adam I, the security firm detailed how they detected the upload of files in the "illegal spectrum" on 17th May at 00:20:09 GMT, and "removed the illegal content", blocking those responsible by changing the ciphers of the Web Portal. However, the letter did not specify when the breach was detected, leaving open the possibility that intruders had access to sensitive information for up to seven days, with illegal information being uploaded during that time. While it is unclear what this information was, investigators suspect that it may have been related to financial crime, judging by its storage location on the server.

When we spoke with the King, he was audibly upset at such an unacceptable security breach. "It seems unconscionable that felons would have had complete access to the Central Bank for such a long time without it being detected by the contracted security services. I feel this is a complete and utter failure on their part, and begs the question as to whether we should be contracting our web security out to such amateurs." His Sovereign Majesty went on to explain that he would like to see new legislation put in place to reinforce informational security, once Parliament is convened. "I will be issuing a temporary Decree in the coming days, to the effect that ciphers for sensitive materials must be changed regularly, and security should be handled by professional Kemetian security services, rather than foreign agents. I shall also be establishing a Commission to investigate this grievous breach in security" This legislation would be the first on information security in Kemetian history, as is expected to constitute a Ministry for its handling.

The Tribune is currently waiting for a response from the independent security firm and hosting company on this matter, and shall report on our findings as soon as we receive a response.

UPDATE:

A response has been received from the security firm and hosting company. No details have been given about when the breach was detected, nor as to who the perpetrators were. It is clear, however, that "malicious scripts" were uploaded to the server of the Central Bank of Kemetia.

No comments: