IT security and control firm Sophos is calling on UK authorities
to take more control of both their current and old websites
following the discovery that the Government no longer owns the
domain name for the now defunct National High Tech Crime Unit
(NHTCU) - www.nhtcu.org.
The NHTCU came to an abrupt end in April 2006 when its work was
transferred to the Serious Organised Crime Unit (SOCA). Yet,
websites around the world still link to and point readers to NHTCU
site - as recently as this weekend, the BBC linked to the website
from a story about NASA hacker, Gary McKinnon. However, earlier in
the week, Sophos experts discovered that the site is no longer
owned by the UK Government, but by an enterprising German internet
marketer who bought the domain on August 2nd 2008.
Computer crime website snatched
from British authorities, Sophos reports from SophosLabs on Vimeo.
"While there is no sign of malicious content or adware on the
site at the moment, there's no guarantee this situation is going to
remain the same forever," said Graham Cluley, senior
technology consultant at Sophos on his
blog. "If you can steal the identity of the National Hi-Tech
Crime Unit from right under the Government's nose then what message
does that give the world about the state of the nation's computer
security? Letting the domain name go like this demonstrates a
sloppiness on the part of the authorities."
Experts at Sophos note that while the current owner, Uwe Matt,
has done nothing illegal in buying the site, the authorities should
never have allowed this to happen. According to the company, it's
likely that Matt bought the site in order to get higher rankings on
search websites like Google, but that there is nothing to stop him
selling the website domain on to someone else who may use the site
to host malicious code or spam-related content. With reputable
organisations still linking to the site, the danger is that
innocent computer users could accidentally find themselves the
victim of a cyber attack.
"In the worst possible scenario, fraudsters could in future use
the site to pretend to be the National High Tech Crime Unit and try
and harvest confidential information from computer crime victims,"
continued Cluley. "This situation may never arise, but the message
is clear - all organisations must take proper care of their website
domains, especially if they are widely linked to from other