This is a small example. It probably struck me because, due to my background in IT, I can see the lying rather easily.
A council in the North of England, Redcar, has been hit by a ransomware attack; its IT infrastructure is down and, apparently, has been for three weeks – leading to a disruption in ‘services’ to local residents.
Ransomware attacks occur when hackers gain access to a system and, instead of stealing data, they encrypt it and then try to sell the encryption key to you. I.e. it combines theft and blackmail.
The first question should be – how is it that this Council, where no doubt there is an IT manager and several staff on ‘salaries that compete with the private sector’ allowed this to happen. Malware attacks can only occur if people do not take steps to secure their IT systems.
The second question – of great public interest – is whether the Council paid the ransom. Judging by the fact that services are still offline after 3 weeks probably not.
However; in neither the Guardian nor the BBC report are either of these questions even raised.
The third question – is how come a) the services were not back on in 48 hours and b) how can it possibly be going to cost between £11m and £18m to repair the damage???? All you need to do in such circumstances is:
a) wipe and rebuild all your servers. If they are using a modern hosting infrastructure this could be as simple as pressing a button. Otherwise it may mean a technician going round and re-installing the OS using the recovery media they of course stored in a safe place.
b) restore the data from the backup you were maintaining on a daily basis.
This work could be done by existing inhouse staff in a few days, working overtime.
The £11m – £18m figure suggests a) that the IT infrastructure was not being properly maintained and b) that the work will be done by external private consultants who will include a huge profit element.
All the above is obvious to anyone with any knowledge of IT in big organisations. Why are neither the Guardian nor the BBC asking any of these questions?
Indeed the Guardian strangely explains: “When a company or organisation gets hit by a ransomware attack they are forced to pay a ‘ransom’ – anywhere from hundreds to thousands to millions of pounds – to ‘unlock’ the files that have been maliciously encrypted.”
No one is ‘forced’ to do anything. Nor is it the case that victims of ransomware attacks are simply “hit” – as if they had no responsibility for this.
The BBC explains: “Informing the public their council is being held to ransom is a key piece of information that many think people have a right to know.”
Think they have a right to know? Why on earth wouldn’t they have such a right? The BBC is floating out the idea that public sector organisations are not necessarily accountable to the public. They are deliberately normalising secrecy.
In this we see how the media – and state broadcaster the BBC – works harmoniously with Redcar council to hide all the pertinent details of the case; the levels of incompetence evidenced by the fact that the attack happened at all and the 3 week (or more) recovery period – and the corruption involved in the huge bill, which will mean less Youth Clubs etc. for local residents. The Guardian even appears to be aligned with the criminal malware attackers themselves.