Cyber attack on the trust (7 Viewers)

[Nick]

I dont think there was any need to indicate a location in the statement. It doesn't follow that the location of the IP is the physical location of hacker

However the Trust would still have a duty of care to its members to indicate that the site had come under attack and reassure that no breach had occurred.

If no breach has happened then my understanding is that it is not necessary to report to the ICO, but that doesn't mean they should not. Hacking or attempting to hack a site is as i understand it a criminal offence and the ICO advice is to report it to the police

Really?

On what basis was a "hack" attempted as it says it was picked up by a system in place? There are thousands of things in server logs that get blocked. Not sure the police would want to be called every time something appears that looks a bit dodgy.

The location was clearly included for a reason, I bet as they use Joomla for their site there will have been random bots trying to access particular known exploits all day every day.

 

---

[chiefdave]

Well I assume they went to 96 High St Kensington London W8 4SG

That is my concern, they've pitched up to the registered address which is unlikely to be where SISU operate from. Look at how many companies are registered to that addresses which a simple google tells you is an office services company.

They've then moaned that nobody from SISU is there to greet them and refuse to confirm that SISU were informed in advance as the council and Wasps clearly were.

My company is registered in Cambridgeshire, I've never even visited the town its registered at let alone have an office there. If anyone wants to speak to me turning up there is not the brightest idea.

 

[chiefdave]

However the Trust would still have a duty of care to its members to indicate that the site had come under attack and reassure that no breach had occurred.

But if you have a site operating on open source software these 'attacks' happen on a daily basis. Hard to believe this is the only time anything has flagged up on the trust site so, given that they say nothing was compromised, why the need to make a fuss about it.

All a bit suspicious when they then drop in the location.

 

[oldskyblue58]

picked up "over the last few days", which to me implies more than one attempt from the same source. Just because a system in place picks something up doesn't mean there wasn't an attempted hack does it? I would assume whoever does handle their IT recognises the difference between hacking events over a number of days and normal server log activity. But you are the computer specialist not me so you understand these things better

 

[oldskyblue58]

That is my concern, they've pitched up to the registered address which is unlikely to be where SISU operate from. Look at how many companies are registered to that addresses which a simple google tells you is an office services company.

They've then moaned that nobody from SISU is there to greet them and refuse to confirm that SISU were informed in advance as the council and Wasps clearly were.

My company is registered in Cambridgeshire, I've never even visited the town its registered at let alone have an office there. If anyone wants to speak to me turning up there is not the brightest idea.

except the Financial Conduct Authority which regulates the SISU ability to trade in the UK says it is where they operate from

 

[Nick]

picked up "over the last few days", which to me implies more than one attempt from the same source. Just because a system in place picks something up doesn't mean there wasn't an attempted hack does it? I would assume whoever does handle their IT recognises the difference between hacking events over a number of days and normal server log activity. But you are the computer specialist not me so you understand these things better

Maybe they can clear it up with what happened and how they knew it was Kensington exactly where the person was doing it from? It probably doesn't help when they started retweeting people saying it was SISU to try and push that implication.

It just looks like something put out for a bit or PR and people making a technical statement who aren't really that technical.

 

[chiefdave]

except the Financial Conduct Authority says it is where they operate from

What is 'operate from' classed as? Because it seems to have been taken by the trust as Sepalla being sat there at a desk everyday yet the only people who have responded to queries have said there is nothing to indicate they are actually physically located there and the trust have to date refused to confirm they informed SISU in advance of their visit.

If their method of operation is transient surely they don't have to update the 'operate from' address constantly as long as they have access to the address that is listed, ie: an office services company acting on their behalf.

 

[oldskyblue58]

They must operate from somewhere - last accounts showed 67k in rents paid. The registered office is the legal one for serving of any documents. Perhaps someone on here has more accurate information to confirm but i tend to go with what the FCA have said for now

Interesting, having just checked SISU Capital at Co House...... it looks like SISU Capital have bought back and cancelled 59006 of the issued share capital, which is exactly the number of shares Dermott Coleman owns(ed). A parting of the ways?

 

[RoboCCFC90]

I dont think there was any need to indicate a location in the statement. It doesn't follow that the location of the IP is the physical location of hacker

However the Trust would still have a duty of care to its members to indicate that the site had come under attack and reassure that no breach had occurred.

If no breach has happened then my understanding is that it is not necessary to report to the ICO, but that doesn't mean they should not. Hacking or attempting to hack a site is as i understand it a criminal offence and the ICO advice is to report it to the police

This is the issue why highlight a location, it's of no benefit to anyone, other than to the Trust for whatever motives they have.

Care of duty is fine, but this information could've been shared privately with their members.

 

[Liquid Gold]

Not only highlight a location but then retweet things suggesting it's sisu. They're going beyond parody.

 

[Nick]

Not only highlight a location but then retweet things suggesting it's sisu. They're going beyond parody.

Have pointed out for months that this sort of thing undoes the decent stuff people like Moz do. I doubt it is him personally doing it but somebody just undermimes.

 

[Deleted member 5849]

it looks like SISU Capital have bought back and cancelled 59006 of the issued share capital, which is exactly the number of shares Dermott Coleman owns(ed). A parting of the ways?

He can celebrate the George Eliot anniversary in peace, then!