As students and as members of a technological generation, we tend to pride ourselves on being a bit more tech-savvy than our elders. Maybe your parents or grandparents will need help with ‘The Google’, or they will want to know what ever happened to that happy little paper clip from a few years ago. These things are expected. But unfortunately time goes on, and as more new tech comes out and the capability of these machines becomes exponentially better, changes must be made.
There is a temptation to stick to what we know, to what we have. One’s laptop seems like a trusty old car or even a well-honed musical instrument. It gets the job done, more or less. It’s a bit slow, sure, but you’ve had it for so long now: it works fine, and it has all of your best photos on it.
Unfortunately, this same mindset seems to be shared by many of the UK’s regional police forces, except they set themselves into the habit way back in 2001. Manchester’s police force, the second biggest in the UK, has admitted to 1 in 5 of their computers still running on the Window XP, with 1,518 of their computers still running the almost two decades old operating system. That’s over 20% of their office systems.
They’ve brought a horse to a car chase.
Now, some of the more tech-savvy readers here might say that this is not necessarily an issue – which it wouldn’t be, so long as those computers were isolated. But they’re not. They’re connecting directly to the public internet, and essentially exposing themselves to all sorts of malevolence.
This is what happened to the NHS in May. Ransomware known as ‘Wannacry’ infiltrated weak links in the network and scrambled files, making them inaccessible and unusable. As a result, appointments were cancelled and they were charged to retrieve these files.The attack on the NHS was dealt with relatively quickly; following some simple steps the malware was easy enough to remove, even if files were lost. Updates from Microsoft (which had been released prior to the attack but not installed) fixed the vulnerability quickly enough. However, Windows XP does not get the same frequency of updates as more up-to-date systems, if at all!
Its old, it’s not a focus anymore, and as a result remaining vulnerabilities are not sought out. Still running Windows XP right now is like still driving a car from 15 years ago, with hundreds of thousands of miles on the clock, without a windscreen, and with a bumper sticker that gives the person behind you the code to your building. They’ve brought a horse to a car chase.
The use of old systems does not just affect the individual machine – as long as those systems remain on the network, hackers have access to any connected machines too. If the same attack happened to the police, not only would they all be more vulnerable but recovery would take longer, and it would be harder to remove the malware and deal with the problem.
The police’s vulnerability makes the country more vulnerable.
Files rendered inaccessible could mean everything in a court case. Evidence could be lost or tampered with, aliases and plans could be unearthed and published. The police’s vulnerability makes the country more vulnerable.
When asked under a Freedom of Information request, the vast majority of UK police forces refused to reveal the number of computers still running XP citing security reasons, with the exception of 8 forces. These were running less than ten Windows XP computers, most of which were properly isolated.
To give you an idea of just what this might mean, the BBC has revealed that in 2015 London’s Metropolitan Police Service (the MET) had 35,640 computers still running Windows XP. The MET is the largest police force in the country and the fact they operating with such outdated systems showcases vulnerability and is highly concerning. Something needs to change.