Police website got hacked, so what?

This came in my mailbox today, hiding itself as a press release:

9^th November 2009 – The BBC reported today that the Durham police website had been hacked by a computer hacker protesting against the terror deaths in Pakistan, forcing the website to be closed.

According to Imperva, the data security specialist, who is constantly monitoring hacker sites and activities, the police website is vulnerable to SQL injection attacks.

“Our research shows that the website does have vulnerabilities which could lead to the recent attack. Our researchers have seen that for a while hackers have been discussing the weak points of the Durham police website including discussions of being able to extract usernames and passwords that are used for the administration of the site." said Amichai Shulman, Imperva's CTO.

Yes, well. It is unfortunate for sure. But the true tragedy is not the fact that some police station has a poorly updated (or even designed) website, the tragedy is that the police force in Europe do not have the competence to understand what is going on under their noses.

Less than one year ago, the criminal police of Norway went public, saying their infrastructure was attacked by some virus, and that it had been so for more than 6 months. The reason? They had no money to subscribe to the AV signatures.

So far, it seems like cyber criminals are free to play their games, waiting and watching the politicians sticking their hands up their ... you know, nose. It is tickling in there, so why bother with important issues? And while the police force is screaming for more resources, what they really need is competence and understanding.

The criminals of today no longer find it to be enough mocking old ladies in the park, or robbing banks, or make you loose your money gambling illegally. Nor do they find it enough to flood our countries with drugs and weapons. They see opportunity. And that opportunity is online. In cyber space. And since they have the money, they hire hackers to do the bits&bytes work, and add another sector to their glorious web of global criminality.

Why risk kidnapping people if you can hijack their systems? Why rob a bank, if you can be skimming?

This is nothing new. I wrote about this a few years ago.

This is not going away either. Opportunists are just that - they see an opportunity and the act on it. So as we get exited about a Durham police station website getting hacked, are we really just digging a hole in the ground to stick our head in? Are we seeing a tree, but not the forest that lays behind? Are we really that blind? Or is it that we just don't care?