For less than a pound a security expert has got front-door access to a council’s internal network.
Andrew Mason from security firm Random Storm bought some network hardware from auction site eBay for 99p. When he switched it on and plugged it in, the device automatically connected to the internal network of Kirklees Council in West Yorkshire.
Kirklees council called the discovery “concerning” but said its data had not been compromised.
For 99p Mr Mason bought what is known as a virtual private network (VPN) server made by the firm Cisco Systems that automates all the steps needed to get remote access to a network.
On powering up his new hardware Mr Mason expected that the device would need network settings to be input but, without prompting, it connected to the last place it was used…
A spokesman for consulting firm Cap Gemini said it managed Kirklees Council’s network from 2000 to the end of May 2005. At that point, he said, control was handed back to the council which had decided to manage the network itself.
Sounds like the IT crew at Kirklees Council is providing the sort of security Britain is famous for the world over.
Hardly any.
Eideard 
I don’t know if it’s the same over there, but in American government, state and federal, most of the function of scrubbing drives has been stupidly given to private contractors.
It’d be interesting if the scrubbing of data was contracted out or not. Many government contracts are little more than licenses to steal, and political corruption is probably lurking near any frequent or unimaginable “incompetence.”