Update: Hacking collective Lulzsec have claimed the posting with their logo was not an ‘official’ hack by them but may have been the work of others getting on board their #AntiSec campaign. See http://www.guardian.co.uk/technology/2011/jun/21/lulzsec-census-2011-denial-twitter
Back in April I reported for the BBC’s Daily Politics show about the UK Census and why it was not only a waste of money as the data would already be outdated by the time it was useable, but also a security breach waiting to happen.
Yesterday, Lulz Security (LulzSec) a hacking group who describe themselves as “the world’s leaders in high-quality entertainment at your expense”, apparently claimed to have committed such a security breach, with an announcement posted on Pastebin of the acquisition of records of “every single citizen” who filled in the Census form. The anonymous hackers claimed they would reformat the data and make it available via The Pirate Bay.
Yesterday, LulzSec’s twitterfeed stated:
“Your tax money is being used to pay for things to not be secured so that people like us can take what you expect to be kept inaccessible.”
The group have previously released the X Factor contestants database and information from Fox.com and Sonypictures.com on their website.
The Met Police have confirmed reports that a 19-year-old they claim is one of the hackers behind LulzSec has been arrested in Wickford, Essex, though the group deny he was a leader.
The Office for National Statistics issued a weasely and vague statement that reveals some of the technical incompetence of this government organization. It seems they don’t even know whether or not they’ve been hacked:
We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this. The 2011 Census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred.
To re-state the obvious. The only way information is truly secure is to not keep it in the first place. The Census should only have collected the absolute minimum needed to perform its function and most of this data was already available to government. Creating a central database of all UK citizen’s personal data (including their religion, race and sexual orientation) has served only to provide a convenient one-stop shop for miners of our personal information.