2021-04-03

UK Cyber Security Council

There is a press release for a new UK Cyber Security Council (here).

It is not 100% clear who they are, and whilst they mention various links with government and NCSC it is not 100% clear to me how they are linked, or who the Cyber Security Alliance is exactly. The press release looks a tad shoddy with broken markdown/CMS.

So it may be important news.

Of course "Cyber Security" is important to all of us. One of the tips I can give you when it comes to cyber security is that you should be careful to ensure that contact details you publish actually belong to you. The press release includes contact details for press :-

[Screenshot, as it has since been corrected]

So, understandably, press will email press@ukcybersecurity.org.uk for more details. Good.

The problem is that if the domain ukcybersecurity.org.uk is not actually owned by UK Cyber Security Council, that could lead to loads of bogus emails to whoever owns it. Worse, if it is not owned by anyone, then some fraudster could quickly register it.

You may think it is no big deal, but it sort of is. If a fraudster can hijack even one point of contact for an organisation they can do a lot of damage. It becomes easy for them to impersonate that organisation. When it is the press contact for a new organisation they get a huge "foot in the door" as they can reply with helpful details on the organisation along with more contact details (names, email, website, phone, postal), all of which at likely to be helpfully published verbatim by the press who have made enquiries.

This then leaves a trail of misinformation on the internet and search engines for the new organisation, possibly swamping the actual accurate details, and allowing fraud to continue for years.

Fortunately for the UK Cyber Security Council the domain they published in the press release (ukcybersecurity.org.uk), the domain that was not theirs, and was not anyone's, has been registered not by a fraudster but by someone that decided it would be prudent to register in order to stop a fraudster doing so. It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice). Do follow me on twitter.

Of course it is also a sensible cyber security move to register related domains as well, so as to avoid some types of fraud happening. You cannot register every possible alternative, obviously. One issue though is not having an actual web site when you "launch". I am sure you can guess what happens if you try to go the the UK Cyber Security Council's actual domain (ukcybersecuritycouncil.org.uk) as a web site? That's right, not even a bland holding page or perhaps a copy of the press release. Indeed, having no web site on your actual domain makes you look fake, and the fraudsters look legit.

As to whether the UK Cyber Security Council is an organisation you should consider talking to when it comes to advice on cyber security - well, I'll leave that one up to you...

P.S. thanks to Spy Blog on Twitter for pointing this out. He tweeted what looks like their Twitter account so that they could fix this quickly.

Best comment I have seen so far, proper LOL at the last line!

Updates:

  • Someone has created PGP keys for press and security addresses at this domain (obviously no idea who).
  • Various people have registered the related domains and set up web sites, e.g. ukcybersecuritycouncil.uk, because the UK Cyber Security Council did not think of protecting the obvious alternatives in advance.
  • Someone from an omarketing.com email, implying they were from UK Cyber Security Council, sent an email to a rather odd contact for me (not as above) asking that I delete this post "as stated". Whilst I'm happy to delete the domain if that press release is fixed, or transfer it to UK Cyber Security Council, I don't see any reason I would remove this blog post.
  • Looks like late Sunday they have fixed that press release at last, although the bad markup on the page has not been fixed.
  • Some actual press enquiries asking me about it all (i.e. they have seen this blog), and some reports on this fiasco. Thanks - nice to be called "one of the good guys".
  • Oddly, one news article was removed. It was reposted elsewhere, and we don't know why it was removed by the host site, but seems strange.
  • Someone called saying the UK Cyber Security Council would like the domain. They called A&A press office number saying that they had been trying to email admin at my Mastodon instance, neither of which contacts make a lot of sense, especially when I said how to contact me in this blog post!
  • I have given the domain to them now (i.e. set the Registrant), just waiting for them to let me know what Tag they want it on at Nominet.
  • Domain has now been retagged to their ISP. No doubt they will eventually get around to setting new name servers.
  • Fri 9th, finally it is on their DNS now. Handed over.

Wow, instead of pointing to the same site, or having a simple redirect, they actually pointed it to a site redirection service thing somehow, which, of course, does not work with https. Yay for "cyber security".

20 comments:

  1. Smooth

    Although, if the UK cyber security council do contact you for the email address, how will you know it's the real one and not a fraudster?

    ReplyDelete
  2. Bloody brilliant. But you should in no way give them the domain for free. Offer to sell it to them - for a very large number.

    ReplyDelete
    Replies
    1. I'm happy to let them have it free, but only if they ask nicely :-)

      Delete
  3. Looks like The AntiSocial Engineer Limited has registered .org and .co.uk but not .uk

    ReplyDelete
    Replies
    1. Yeh, I think this proves a point well enough without going mad. If I was a fraudster I would, of course, grab the related domains.

      Delete
  4. The registrant of onmarketing.com appears willing to accept an offer to sell the onmarketing.com domain for £2,811.08 - see:

    https://uk.godaddy.com/domainsearch/find?checkAvail=1&segment=repeat&domainToCheck=onmarketing.com

    ReplyDelete
    Replies
    1. OK, not sure why that is relevant to omarketing.com

      Delete
  5. Ignore - it's oNmarketing, not oMarketing.

    ReplyDelete
  6. Looks like they've fixed the press release now - press@UKcybersecuritycouncil.org.uk

    ReplyDelete
    Replies
    1. Cool, I wonder if they want this domain. They have not fixed the markup that is broken :-)

      Delete
  7. Someone has owned ukcybersecuritycouncil.org.uk for just over a year.

    But Nominet "was not able to match the registrant's name and/or address against a 3rd party source on 10-Mar-2021" And www.ukcybersecuritycouncil.org.uk does not look very promising either with just a server error.

    My guess is the PR agency put the wrong address in the release.

    ReplyDelete
  8. Some background might help shed some light on the situation:

    "[...]

    Following a competitive tender process, the Department for Digital, Culture, Media and Sport (DCMS) awarded the contract to design and deliver the [UK Cyber Security] Council in September 2019 to a consortium of cyber security professional bodies known as the Cyber Security Alliance. The IET is the lead contracting Alliance partner to DCMS for delivery of the project which is to run through to 31st March 2021.

    [...]"

    Note the end date.

    That info comes from
    https://www.theiet.org/impact-society/uk-cyber-security-council-formation-project/
    which has some similarities with other related more recent press releases.

    More recently on the same subject there's been this:
    https://www.gov.uk/government/news/new-uk-cyber-security-council-to-be-official-governing-body-on-training-and-standards (9 Feb 2021)

    The fact that no one here seems to have heard of this project in either of its incarnations may indicate something.

    ReplyDelete
  9. Looks like omarketing.com haven't heard of the Streisand effect.

    ReplyDelete
  10. Presumably next week you will get an email from Claire Perry MP angrily you accusing you of "sponsoring criminal hacking" or something.

    (For those who don't remember, she's the technologically-illiterate dimwit who accused Guido Fawkes of "hacking" her website after it was attacked by porn spammers and he merely reported the story).

    ReplyDelete
  11. Glad to see that The Register's story hasn't gone missing. Would have been disappointed in their ethics if it had.

    ReplyDelete
  12. Phoning A&A Press hotline would partly make sense as you registered the domain in the name of A&A. Although a press department are hardly likely to be able to assist in such a request. How did the caller authenticate themselves as a genuine representative of the UK CSC ?

    ReplyDelete
    Replies
    1. A&A were just the tag holder, the domain was / is registered to me personally. Not that such things are obvious from whois these days.

      Delete
    2. Maybe the persons (supposedly) acting on behalf of UK CSC thought they could pressure the registrar to cancel a legally obtained domain registration held by one of the registrar's customers? Would another registrar have acquiesed? What about Nominet had they been contacted?

      Delete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.