Stuxnet worm update

The Economist has a fascinating article about the Stuxnet worm infecting Iran's nuclear facilities, here's an extract:

'According to Symantec, a computer-security company, the worm performs an inventory of the systems it is running on, looking specifically for “frequency converter drives” made by two firms, one Iranian and the other Finnish, running at speeds between 807 Hz and 1210 Hz. (These high frequencies correspond to the rotation speeds of centrifuges; America tightly controls the export of frequency converter drives able to operate at frequencies above 600 Hz.)

If it finds the right configuration, Stuxnet sabotages it by making subtle changes to the speeds of the centrifuges over several weeks, while displaying normal readings to cover its tracks.

That is not all. Ralph Langner, a German researcher, says Stuxnet has a “second warhead”. It targets a different industrial-control system that just happens to be used at Bushehr, Iran’s much-delayed nuclear-power station, replaying previously recorded normal readings as it causes havoc.'

maybe those people laughing at the UK finally spending some money on cyber warfare defences should wise-up to what is really happening out there.

Sunday catchup (part 1)

1. Computer World report a story that shows that even IT experts are not security conscious when faced by a pretty face -

'Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking. '

2. Spiked report that:

'A group of volunteers will shortly board some ships in order to deliver aid to suppressed minorities and send a political message to the world: It’s time for an end to occupation and oppression!'

So what's the news in this story about yet another flotilla heading towards Gaza? Well

'This time it’s an Israeli ‘peace flotilla’ organised by the National Union of Israeli Students (NUIS). And it will be heading for Turkey – where the ship that was attacked by the Israel Defense Forces (IDF) set sail from – with the aim of bringing attention to the plight of Turkey’s minorities and to challenge the global image of Israel as an evil, murderous state.'

3. Harriet Harman was the subject of much controversy:

'(Harriet Harman) was last night facing damaging claims that she lobbied the
Home Office on behalf of a Labour Party donor’s immigrant wife who is living in Britain unlawfully.

The Leader of the Opposition was forced to deny furiously any impropriety over the wife of Monday Osaseri, a Nigerian-born businessman who donated money at a pre-Election fundraiser in Ms Harman’s Peckham constituency.

Just days later, in April, he emailed her Commons office to request a meeting to discuss his wife, who has been in the country unlawfully for more than six years.

Within weeks, Ms Harman had emailed the Home Office to ask about the progress of her application for leave to stay in the UK.

Last night, sources close to Ms ­Harman denied any connection between the donation and her request, insisting that the issues were dealt with by separate offices and in accordance with strict rules.

But critics said high-profile MPs should avoid even the appearance of a conflict of interest, particularly over such a politically sensitive issue as immigration.'

4. THe Telegraph have an article by the much missed PC David Copperfield, a former UK PC now serving in Canada, explaining why his new force is so much better – and cheaper – for the public. DO read the whole article, it most instructive and gives ammunition to those who know that 'front-line' services will not have to suffer to make 25% cuts.


5. The Telegraph has video of Canadian fighter pilot, Captain Brian Bews, ejecting from his cockpit seconds before his plane crashed and exploded into a ball of flames...



6. Health and Safety lunacy from Scotland where The Telegraph reports that

'Isle of Muck residents ordered to stop drinking spring water - The inhabitants of a remote Scottish island have been ordered to end centuries of tradition by drinking bottled water instead of drawing it from the natural springs that surround their homes....'

7. The Mail report that 'Being kicked out of Number 10 was 'not bruising' says a cheerful (Gordon) Brown' - Shame!


More later...

Strange how the errors are always in the favour of HMRC

The BBC report that:

"Incorrect tax codes may have been sent by HM Revenue & Customs (HMRC) because of a new computer system.

The codes tell taxpayers how much their employers and pension firms will deduct in income tax in the coming financial year 2010-11.

The Chartered Institute of Taxation (CIOT) says taxpayers could be asked to pay up to £108 a month too much.

The Revenue said it had no evidence of a widespread problem but advised taxpayers to check carefully.

"There will be some incorrect tax codes as there always are at this time of year," said an HMRC spokesman.

"But the coding notice tells people what the code relates to and tells them to contact us if it is wrong," he added. "

HMRC being HMRC their reaction is reported thus:

"The Revenue explained that the increase was a natural feature of the new system.

"It creates a single record for customers for the first time, and this, together with increased automation compared to previous years, is resulting in many more people having more accurate codes than before," the spokesman said."

So the increase in errors is a "natural feature of the new system"; interesting, was it in the specification that HMRC drew up?

The Chartered Institute of Taxation have uncovered the root of the problem:

"the CIOT said the system's database was failing to distinguish between current jobs and old ones, leading to tax codes being calculated on the assumption that someone has more than one job.

It said this was resulting in some people having their personal allowance split between two jobs, or allocated entirely to a job they no longer had, which would force their current employer to deduct too much tax. "

Did the HMRC, when specifying a new computerised tax system, really fail to allow for the possibility that people might change jobs between tax years?

Not as impressive as it sounds

The BBC are really excited by the news that "Web founder Tim Berners-Lee unveils a UK government website that aims to make public sector data freely available. "

I have visited the site a few times and the most common message that I see is "Your search returned no records". I get this if I look for individual data and even if I just click on List all data sets"... Impressive? Not really, no.

"gullible or vindictive"/

It's a tough one... The Register reports that:

"The government faces accusations of technical incompetence and waste after it went to the High Court to shut down the Fathers 4 Justice website, wrongly claiming campaigners had threatened to publish the home addresses of 237 judges.

Lawyers for Matt O'Connor, the controversial group's founder, are now preparing action against the Ministry of Justice to recover costs and damages from taxpayers. He alleges civil servants failed to perform basic checks on the origins of the threat before launching a legal attack."

Read the whole story and wonder at the IT expertise of this Government; poor, very poor.

Six to twelve years!

The BBC dutifully report the headline news that:

"Ministers are to trim up to 850,000 DNA profiles from the current total of 4.5m on a national database after a court ruled innocent people must be removed."

The detail that follows shows this Labour government up for having the totalitarian instincts of a fascist government:

"Those arrested, but later released or acquitted, will have their profiles wiped after between six and 12 years. "

One point - these are innocent people why should their DNA profiles be kept for even six years why not have the profiles deleted within three months (surely long enough even for this Government to achieve with whatever crap database they have paid over the odds for.

Is the Labour government that short of money

The Mail reports that:

"Millions of self-employed workers could end up paying tax which is not yet due because of a glitch in the HM Revenue & Customs website.

Those filling in an online return are being asked to pay their tax for the last financial year - and make a contribution towards the amount due for this year.

However, although the back tax must be paid by midnight today, half of the so-called 'payment on account' is not due until July.

But HMRC has not publicised the website error because they fear it could cause chaos so near to the annual deadline.

And while it charges an interest rate of three per cent to those who owe it money, it will not pay out any interest on cash which is handed over too early.

More than nine million people will fill in self-assessment forms this year, and two out of every three do so online. Many of those will wait until the last moment to complete their forms.

This means they rely on the Revenue website to calculate the final figure they need to pay by tonight's deadline.

The current problem affects self-employed taxpayers who have a bill of more than £2,000.

These people are asked by the Revenue to contribute towards next year's bill as well as pay their tax for the previous year.

Although half of the 'payment on account' is due today, the other half is not due for another six months.

Despite this, the Revenue website is asking for the full amount.

As a result, many self-employed workers will automatically assume they must pay this amount now. "

Is the Labour government that short of money that the HMRC have to make mistakes and not correct them in time in order to bring forward tax revenues?

Here comes the disingenuous get out:

"A spokesman for the Revenue said: 'Nobody will pay more tax than they need to.

'This issue only affects those customers who make payments on account but we are taking it very seriously and apologise for any inconvenience caused.'"

True they will not pay more tax, but they will pay tax six months early; good cashflow for the Treasury, not so good for the poor taxpayer who pays early due to a HMRC mistake.

Will anyone at the HMRC pay the price for this mistake? In the private sector a mistake like this on such an important website would mean the loss of a job or the IT contract, but in the public sector I presume the only outcome will be a new contract to fix the problem. As Private Eye like to say.... "trebles all round".

Inland Revenue online tax glitch

It seems that HM Revenue & Customs have a problem with their online system to allow the public to file their tax returns online, which is the only way you can file last year's tax return after 31 October last year. The online system is still letting taxpayers ask for any tax owed for 2007-08 to be re-paid via their new PAYE tax code for 2009-10. However this option, for tax of up to £2,000, should have ended on 30 December 2008. The HMRC have said that: "This option should be unavailable but it is presently available." Apparently it is investigating the problem "urgently".

Labour and road-pricing

I have blogged previously about this Labour government's desire to bring in road-pricing (most recently here and here), today I read that:

"Ministers are pressing ahead with a £10million trial of 'spy-in-the-sky' road-pricing technology despite widespread public opposition.

Test runs will start soon in seven locations for the scheme which could result in charges of up to £1.30 a mile on the most congested roads.

Volunteer drivers will have units fitted to their cars, which will be tracked by satellite and will automatically deduct payments from a test account.

The trials are proceeding despite previous statements from the Government suggesting that it had abandoned the idea of national road pricing."

This Labour government saying one thing and doing another, how unusual.


And of course the usual Labour government dissembling over costs is in evidence again:

"New figures from the Government show that the bill of £10million covers only part of the tests, with further costs to follow. "

Another Labour project that is heavy on IT and so expensive, that will cost many times more than is budgeted for, will add huge administrative costs and will raise less in revenue than is planned. Time after time this Labour government show themselves to be incompetent and unable to implement such ideas. Again and again this Labour government say they are "in listening mode" or are ready to listen to the public and when the public give an unwelcome verdict, the Labour government ignore them. It's the same story whether the subject is road-pricing, the EU or many other maters; democracy?

NHS IT system latest failure

Your Local Guardianreport that:

" The roll-out of a new computer system which was due to be installed in St George’s and every London hospital has been frozen after crashing in its first trial.

IT experts have stopped setting up the software, designed to give doctors access to patients’ records wherever they are in the country, after the system at the Royal Free Hospital in Hampstead repeatedly failed.

St George’s Hospital in Tooting was one of the next in line to be fitted with the system, but reports of it routinely crashing and losing patient information have led to some staff reverting to pen and paper.

This is the latest blow for the £12billion national project which is already four years behind schedule.

...

And Ms Fletcher admitted no more hospitals would get the upgrade until next year."

This Labour Government's record on large IT projects has been appalling and the money wasted as a result has been disgusting. Of course the investigative journalism by the BBC has been negligible, they have been more interested in Caroline Spelman's nanny.


Thanks to Dr Grumble for the spot.

Another Labour Government IT security disaster

The Government Gateway IT system has been compromised. A USB memory stick containing user information and access passwords was found in a pub car park. As a result the Government has had to order an emergency shutdown of a key Government computer system to protect millions of people's private details. Not good timing as people frantically try to register their tax returns on-line after the official deadline of 31 October and before the unofficial deadline of 3 November.

You can read more in The Mail.

This Labour government's record on IT system implementation and IT security has been abysmal, the ID card/National Identity Register and the NHS IT project have wasted too much money and as we cannot be assured as to their integrity they should be scrapped forthwith.

More government waste

The huge, some might say too huge, £12.4 billion project to overhaul of the National Health Service computer systems has been a disaster from the beginning. This project has been over budget and behind schedule almost from day 1. Now I learn that Richard Granger, the previous head of the project who earned over £270,000 a year, who resigned last year will be succeeded in the role by two people. Christine Connelly and Martin Bellamy will each be paid around £200,000 a year (so increasing the cost to the taxpayer by around 40%). Ms Connelly will be the first Chief Information Officer (CIO) for Health and will focus on developing and delivering the Department’s “overall information strategy and integrating leadership across the NHS and associated bodies”, whilst Mr Bellamy will become Director of Programme and System Delivery, head of the agency called NHS Connecting for Health, responsible for the National Project for IT (NPfIT) to create 50 million electronic patient records among other overhauls of NHS systems.

An extra £130,000 a year is of course peanuts compared to the cost overruns the project has suffered so far. Does anyone believe the project will come in on budget now?

I predict Burning Our Money will cover this srory over the next few days.

ID cards - a security update

The Times reports that:

"New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.

Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.

In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports."

What a surprise, this government's forays into IT systems have been marked by the almost complete lack of success of the projects.

It is not as though the procedures used were difficult or costly, as the Times report continues:

"Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.

A baby boy’s passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents."

The Government response was as usual in direct opposition to the evidence:

"The Home Office said last night that it had yet to see evidence of someone being able to manipulate data in an e-passport. A spokesman said: “No one has yet been able to demonstrate that they are able to modify, change or alter data within the chip. If any data were to be changed, modified or altered it would be immediately obvious to the electronic reader.”"

"It isn't working, and it isn't going to work."

"It isn't working, and it isn't going to work. There is a belief that the national programme is somehow going to propel transformation in the NHS simply by delivering an IT system. Nothing could be further from the truth. A vacuum, a chasm, is opening up."

That was the verdict last year of the then head of Fujitsu's healthcare consultancy practice, Andrew Rollerson, regarding the NHS Supercomputer system.

Burning Our Money has a really good article on this scandalous waste of taxpayers money, do read it all.

"On budget"?

The BBC faithfully "report" the National Audit Office's report on the National Programme for IT including the claim that:

"It said that the fixed-price contracts used meant that their costs remained "broadly unchanged", despite the delays, but that it was likely to be 2014 or 2015 before every NHS trust was running the care records system.

Tim Burr, head of the NAO, said: "The challenge involved in delivering the National Programme for IT has proved to be far greater than envisaged at the start, with serious delays in delivering the new care records systems.

"Progress is being made, however, and financial savings and other benefits are beginning to emerge."

He said that the priority now was to finish developing and deploying the systems.

A spokesman for Connecting for Health, which is overseeing the project, said it "regretted" the delays.

He added: "The new IT systems in the NHS are on course to deliver better care and an estimated £1.14 billion in savings by 2014.

"The National Programme for IT has already delivered a total of £208 million in savings by providing quicker, more efficient and convenient patient care.""

On budget? Which budget, the original budget of £2.3 billion, the revised budget of £6 billion, the next budget of £9 billion or the last budget of £12.4 billion? So if the system is "on budget" at £12.4 billion then it is over five times ove the original budget.

I doubt that the BBC will ask this question, can't put any more pressure on the Government at this important time.

NHS planning?

Do you remember the disaster that was the new NHS Junior Doctor recruitment system/ Well it is back in the news, the BBC are reporting that "Junior doctors are being asked to work longer hours, often unpaid, because of staff shortfalls" and why are there staff shortfalls? It would appear that the geniuses who designed the afore-mentioned IT system didn't allow for doctors to be appointed during a year, only at the designated time. This makes sense in IT consultant world but in the real world, doctors get sick, get pregnant, move even die - only now they cannot be replaced until the next "transfer window".

Government IT projects generally don't work...and this one was not an exception to the rule.