British Museum Forced To Partly Close After Alleged IT Attack By Former Employee (theguardian.com) 16
The British Museum was partly closed after a dismissed IT contractor trespassed, shutting down systems including its ticketing platform. The move disrupted operations and forced the closure of temporary exhibitions. The Guardian reports: While the museum will remain open this weekend, only a handful of ticket holders will be able to access its paid-for exhibitions, such as its Silk Roads show, because the IT system that manages bookings has been rendered unusable. The incident caused chaos in the middle of a busy Friday afternoon and is the latest security issue to blight the institution. A statement on the museum's website on Friday said that "due to an IT infrastructure issue some galleries have had to be closed. Please note that this means capacity will be limited, and priority will be given to members and pre-booked ticket holders. Currently our exhibitions remain closed."
Re: (Score:3)
The British Museum is rebuilding its reputation after it was alleged an employee had stolen items over the course of three decades. Items including ancient gems, coins and gold jewellery had been apparently sold on to dealers, or auctioned on eBay. Approximately 2,000 items were found to be missing or lost.
The contractor, who was recently dismissed, was able to get back into the building and shut down several systems...
So... the basic problem is that they aren't paying attention to security... at all.
Re: (Score:1)
The contractor, who was recently dismissed, was able to get back into the building and shut down several systems...
So... the basic problem is that they aren't paying attention to security... at all...
The root problem is they trusted this one IT guy with their security.
I've been there. When our company was tiny small, I was the one IT person and the one responsible for disabling accounts and building access, etc.
Yes HR could also control building access, but didn't because "computers hard"
Took a while to push for an official responsibility shift.
Anyway, if I was being dismissed, I would hand over my local password DB and pass-phrase to my boss, remind them to turn off my access in everything, turn in my
Re: (Score:2)
Sounds like they didn't change the wifi password fast enough
I always suspected (Score:2)
Re: I always suspected (Score:1)
Ill-considered revenge (Score:2)
He'll never work again, and the museum can easily come up with a nice big number for damages in court.
"Former Employee" (Score:2)
well the EPO Button is in an room that all staff h (Score:2)
well the EPO Button is in an room that all staff have keys to.
On-board/term infosec hygiene (Score:2)
Re: (Score:2)
Re: (Score:2)
Which only works if you have the system kept up to date. Disable someone's creds as soon as you determine they are no longer trusted, force immediate rotation of admin passwords because one could have been memorized, etc.
I hate it, it's tedious and annoying, but I also don't want to get caught by the exception.
And if you're the one getting walked out the door - those same procedures protect you against false accusations.
Re: On-board/term infosec hygiene (Score:1)
well IT work has been pushed to contractors so tha (Score:2)
well IT work has been pushed to contractors so that gets in the way