There is a press release for a new UK Cyber Security Council (here).
It is not 100% clear who they are, and whilst they mention various links with government and NCSC it is not 100% clear to me how they are linked, or who the Cyber Security Alliance is exactly. The press release looks a tad shoddy with broken markdown/CMS.
So it may be important news.
Of course "Cyber Security" is important to all of us. One of the tips I can give you when it comes to cyber security is that you should be careful to ensure that contact details you publish actually belong to you. The press release includes contact details for press :-
 |
[Screenshot, as it has since been corrected] |
So, understandably, press will email press@ukcybersecurity.org.uk for more details. Good.
The problem is that if the domain ukcybersecurity.org.uk is not actually owned by UK Cyber Security Council, that could lead to loads of bogus emails to whoever owns it. Worse, if it is not owned by anyone, then some fraudster could quickly register it.
You may think it is no big deal, but it sort of is. If a fraudster can hijack even one point of contact for an organisation they can do a lot of damage. It becomes easy for them to impersonate that organisation. When it is the press contact for a new organisation they get a huge "foot in the door" as they can reply with helpful details on the organisation along with more contact details (names, email, website, phone, postal), all of which at likely to be helpfully published verbatim by the press who have made enquiries.
This then leaves a trail of misinformation on the internet and search engines for the new organisation, possibly swamping the actual accurate details, and allowing fraud to continue for years.
Fortunately for the UK Cyber Security Council the domain they published in the press release (ukcybersecurity.org.uk), the domain that was not theirs, and was not anyone's, has been registered not by a fraudster but by someone that decided it would be prudent to register in order to stop a fraudster doing so. It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice). Do follow me on twitter.
Of course it is also a sensible cyber security move to register related domains as well, so as to avoid some types of fraud happening. You cannot register every possible alternative, obviously. One issue though is not having an actual web site when you "launch". I am sure you can guess what happens if you try to go the the UK Cyber Security Council's actual domain (ukcybersecuritycouncil.org.uk) as a web site? That's right, not even a bland holding page or perhaps a copy of the press release. Indeed, having no web site on your actual domain makes you look fake, and the fraudsters look legit.
As to whether the UK Cyber Security Council is an organisation you should consider talking to when it comes to advice on cyber security - well, I'll leave that one up to you...
P.S. thanks to Spy Blog on Twitter for pointing this out. He tweeted what looks like their Twitter account so that they could fix this quickly.
Best comment I have seen so far, proper LOL at the last line!
Updates:
- Someone has created PGP keys for press and security addresses at this domain (obviously no idea who).
- Various people have registered the related domains and set up web sites, e.g. ukcybersecuritycouncil.uk, because the UK Cyber Security Council did not think of protecting the obvious alternatives in advance.
- Someone from an omarketing.com email, implying they were from UK Cyber Security Council, sent an email to a rather odd contact for me (not as above) asking that I delete this post "as stated". Whilst I'm happy to delete the domain if that press release is fixed, or transfer it to UK Cyber Security Council, I don't see any reason I would remove this blog post.
- Looks like late Sunday they have fixed that press release at last, although the bad markup on the page has not been fixed.
- Some actual press enquiries asking me about it all (i.e. they have seen this blog), and some reports on this fiasco. Thanks - nice to be called "one of the good guys".
- Oddly, one news article was removed. It was reposted elsewhere, and we don't know why it was removed by the host site, but seems strange.
- Someone called saying the UK Cyber Security Council would like the domain. They called A&A press office number saying that they had been trying to email admin at my Mastodon instance, neither of which contacts make a lot of sense, especially when I said how to contact me in this blog post!
- I have given the domain to them now (i.e. set the Registrant), just waiting for them to let me know what Tag they want it on at Nominet.
- Domain has now been retagged to their ISP. No doubt they will eventually get around to setting new name servers.
- Fri 9th, finally it is on their DNS now. Handed over.
Wow, instead of pointing to the same site, or having a simple redirect, they actually pointed it to a site redirection service thing somehow, which, of course, does not work with https. Yay for "cyber security".