According to an investigation by leading technology publication New Scientist, a large number of government websites have serious security issues which could put you at risk. The government operates over 3000 different websites under the gov.uk domain name, covering everything from central government departments to smaller district council websites. A team of security experts looked at the government websites and found that 524 have serious flaws which could allow hackers to get into the website and “hijack” it.
In the past few years, the government has been shifting many previously paper-based systems online. Disclosure and Barring checks, tax credits, Universal Credit, car tax, passports – all are now online. One of the few government websites which was not found to have security holes was HMRC, which deals with all issues around tax and national insurance.
The security experts who looked at the government systems used a scale of 1 to 10, with 10 being the most vulnerable to attack, to classify government websites. The average vulnerability across the system was 7.5, meaning the website is particularly vulnerable to attack by hackers. Many of the vulnerabilities are related to cookies, the little pieces of information which browsers keep about users. It was found that if hackers could collect the cookie information, they would be able to log into come government portals without knowing the user name or password of the individual concerned.
Criminal Records Bureau Website
One of the government sites which was found to have most vulnerabilities was the Criminal Records Bureau website. This website is now defunct, as the process for criminal records checks is now operated by the Disclosure and Barring Service (DBS). The CRB site redirects users to the DBS website, but has been found to have serious security flaws. The very real risk is that if a hacker manages to breach the security of the former CRB website, they are then free to divert users to another website, take payments and gather all sorts of personal information including details of criminal convictions.
Remember the NHS Hack?
The government doesn’t seem to have learned the lessons of the 2017 attach by WannaCry, which attacked computers in the NHS. Microsoft had identified the vulnerabilities in the system and issued a patch to fix it, but thousands of computers hadn’t been updated. Testing of computers in government departments is down to managers in each department. The problem is that until a website comes under attack, it can be difficult to assess just how vulnerable it is.
Concern for Users
Although there is concern over some NHS websites, there is nothing to suggest that using them is risky, or that people entering their data online should be concerned. However, the general rules about safe internet use should be followed even when on government websites. Always use a secure password which uses a combination of letters, numbers and special characters. Never use just one password across a range of sites, and make sure you have up to date anti-virus software on your laptop, tablet or phone.