UK's first Cyber Schools Hubs announced

Pupils from Gloucestershire will develop invaluable skills for future careers thanks to their schools forming the UK’s first ‘Cyber Schools Hubs’.

Following a competitive process, the National Cyber Security Centre (NCSC) has selected Cleeve School in Cheltenham and Beaufort Co-operative Academy in Gloucester to deliver the first hub.

During the 12-month pilot, the schools will host events, trial content and develop innovative ways of introducing cyber security, computer science and related subjects to their pupils.

Cleeve School will act as the lead in delivering the exciting initiative and the hub will also engage with other schools across Gloucestershire. Newent Community School will join as another hub in due course.

Chris Ensor, NCSC Deputy Director for Skills and Growth, said:

“As the home of GCHQ, our parent unit, Gloucestershire is the natural place to start this initiative and we’re delighted to have Cleeve and Beaufort schools on board.
“The cyber threat is growing, so making sure young people have the cyber security skills to help protect us has never been more important.
“Supported by NCSC advice and technical expertise, each school that takes part will increase their teaching of cyber security and will promote initiatives to increase gender diversity in computer science.
“This initiative forms part of our efforts to address the current cyber security skills gap. We have to develop a talent pipeline that will meet the UK’s future cyber security needs.”

Participating schools will build educational resources for teachers, while both teachers and students will directly benefit from the NCSC’s support and technical expertise.

Others supporting the initiative include the South West Regional Cyber Crime Unit, the Bank of England, Northrop Grumman and Cyber Security Associates.

Alwyn Richards, Principal at Cleeve School, said:

“We are delighted to be the lead school in the Cyber Schools Hubs initiative. We are very aware of the significant role cyber is playing in our young people’s lives and will continue to do so in the future.
“Our involvement will allow our young people to directly benefit from the expertise utilised and developed, and we look forward to helping improve the development of cyber and computer science skills across the region.”
David Bishop, Principal at Beaufort Academy, said:
“This exiting project represents a fantastic opportunity for the whole community at Beaufort Co-operative Academy.
“Through the spirit of collaboration and partnership with other schools and industry supporters it will inspire the next generation of highly skilled and qualified scientists and engineers.
“This is a genuine chance to be at the forefront of national development in this area and we feel privileged to be a part of it.”

Advice to thwart ‘devastating’ cyber attacks on small charities

The NCSC launches its first cyber security guidance for the charity sector.

  • National Cyber Security Centre publishes cyber threat assessment for charity sector
  • Culture of openness makes small charities more vulnerable to cyber fraud and extortion
  • Charities falling victim to a range of attacks with potentially devastating consequences
  • Accompanying guidance will help protect charities from common types of cyber crime

DEVIOUS tricks to defraud small charities through online attacks have been exposed in the first ever threat assessment for the sector, along with guidance about how to defend against possible risks.

The work by the National Cyber Security Centre (NCSC), a part of GCHQ, will give the sector more help than ever before to defend itself from the most common cyber attacks.

There are almost 200,000 charities registered in the UK and the NCSC’s Cyber Threat Assessment reveals how their valuable funds, supporter details and information on beneficiaries is being targeted.

Alongside the assessment, the NCSC has also published the Small Charity Guide to outline easy and low-cost steps to protect from attacks. It includes expert advice that is particularly useful for small organisations on backing-up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.

Alison Whitney, Director for Engagement at the NCSC, said:

“The National Cyber Security Centre is committed to supporting charities and we strongly encourage the sector to implement the advice outlined in our guide.
“Cyber attacks can be devastating both financially and reputationally, but many charities may not realise how vulnerable they are to the threat.
“That’s why we have created these quick and easy steps that will help charities protect themselves to protect their data, assets, and reputation.”

Writing in the foreword to the Small Charity Guide, NCSC CEO Ciaran Martin said:

“I am extremely proud to present this cyber security guide for charities, who are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity.
“The National Cyber Security Centre aims to make the UK the safest place to live and work online.
“We are committed to supporting the charity sector and we encourage you all to implement the quick and easy steps outlined in this guide.”

The report finds that cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example listed details how a UK charity lost £13,000 after its CEO’s emails were hacked to send a fraudulent message instructing their financial manager to release the funds.

The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission.

Charities have also been encouraged to join the NCSC’s free Cyber Information Sharing Platform (CiSP) to exchange threat information in a secure and confidential environment.

The assessment and report have been well received by the sector, with heads of influential bodies praising the NCSC’s work.

Helen Stephenson Chief Executive of the Charity Commission for England and Wales, said:

“Charities play a vital role in our society and so the diversion of charitable funds or assets via cyber crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework - unfortunately charities are not immune to fraud and cyber crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.
“We fully endorse the National Cyber Security Centre’s guide on cyber security for charities. This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”

Pauline Broomhead CBE – CEO, Foundation for Social Improvement, said:

“This guide will give leaders in smaller charities confidence that they are taking the necessary steps to protect their charity. It is an excellent guide and we intend to make sure our members are fully aware of the valuable information it contains.”
Sir Stuart Etherington – CEO, National Council of Voluntary Organisations (NCVO), said:
“Awareness and knowledge about cyber security continue to differ among charities, but it is important that all charities protect the data they hold from cyber crime. That is why this guide for charities is so welcome - it will help trustees and those working in charities understand what the threats are, and what steps they need to take to minimise the risk of a cyber attack.”

Mandy Johnson, CEO of the Small Charities Coalition, said:

“The Small Charities Coalition welcomes this initiative by the National Cyber Security Centre. As a Coalition we are proactively encouraging small charities to make more use of digital technology, so the timing of this guidance is especially helpful.”

The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.

The Cyber Aware Perceptions Gap Report has also been published today, demonstrating common misconceptions that are preventing people from protecting their online security.

You can see the NCSC’s Cyber Threat Assessment here, the Small Charity Guide here and the Cyber Aware Perceptions Gap Report here.

Notes to editors

If you believe that you or your charity has been the victim of online fraud, scams or extortion, you should report this through the Action Fraud website. Action Fraud is the UK’s national fraud and cyber crime reporting centre. You should also report it as a serious incident to the Charity Commission via [email protected].

The NCSC Small Charity Guide

  1. Backing up your data
  2. Protecting your organisation from malware
  3. Keeping your smartphones (and tablets) safe
  4. Using passwords to protect your data
  5. Avoiding phishing attacks

Who might target the charity sector, and why?

Cyber criminals

  • Cyber criminals are primarily motivated by financial gain. They may seek to directly steal funds held by charities used for running costs or to supply grants and enable frontline activity.
  • They may seek to capitalise indirectly through fraud, extortion or data theft. Datasets containing personal details and financial information are an attractive target and are sold in online criminal forums to enable fraudulent activity using those details.
  • Ransomware and extortion techniques are often central to cyber crime malware campaigns, typically deceiving end users into clicking on malware-infected links in (often plausible and well-crafted) phishing emails or visiting compromised websites. Attackers may steal and threaten to release data unless a payment is made (or another demand is met).


  • Hacktivist is a term used to describe hackers motivated by a specific cause, for example to further political or personal agendas or in reaction to events or actions they perceive as unjust.
  • Hacktivists have successfully used DDoS attacks to disrupt websites, or have exploited weak security to access and deface them.
  • The NCSC considers that the charity sector is not a priority target for hacktivists, but even a limited website takedown or defacement, could have financial, operational or reputational implications.


  • An insider is someone who exploits, or intends to exploit, their legitimate access to an organisation’s assets for unauthorised purposes.

  • Insiders can pass on credentials to attackers (they may have been recruited by other actors, such as criminals or states; role responsibilities are often available online through social networking sites) or conduct activities such as stealing data.
  • Insiders may include disgruntled current or former staff who have left an organisation but retained access to their former employers’ computer systems.

Nation states

  • Threat actors associated with nation states employ cyber capabilities to further their own national agenda and prosperity.
    Some charities operate through local partner organisations in the UK or overseas. Others play a role in helping formulate and deliver UK domestic and foreign policy.
  • The NCSC assesses this makes them potentially attractive targets for state actors who oppose or mistrust their activity.

Terrorist use of cyber

  • For terrorist groups such as Daesh (ISIS), Al Qaeda and affiliates, website defacement and ‘doxing’ (publishing the personal details of victims online) are cyber methods most likely to be used. On most occasions, the data released through doxing is already publicly available. 

Indirect attacks: suppliers and third parties

  • Threats may not come from direct attacks on charities. It is common, especially for smaller charities, to outsource the responsibilities for running, maintaining and securing their IT and data to specialist support companies.
  • Charities may also share data with external organisations such as marketing companies. Cyber criminals and other groups may be able to gain access to charities’ networks and/or information through these companies.
  • Threat actors may be able to access UK-based charity systems through linked branches or projects in other countries where the security culture may be less stringent than in the UK.

NCSC outlines evolving cyber threat during Edinburgh visit

NCSC experts have shared threat intelligence with Scottish counterparts during a visit to Edinburgh.

Experts from the UK Government’s lead cyber security authority shared threat intelligence with counterparts in Scotland during a visit to Edinburgh today (Wednesday, 28 February).

Delegates from GCHQ’s National Cyber Security Centre (NCSC) met senior Scottish Government ministers and executives, as well as industry representatives, to discuss keeping Scotland and the rest of the UK protected from online attacks.

The visit saw the NCSC outline its assessment of the current cyber threat and its likely evolution, the role for government and organisations in addressing the threat, and areas for better joint working.

Speaking after the visit, Ciaran Martin, NCSC Chief Executive, said:

“The National Cyber Security Centre continues to work ever closer with the Scottish Government.

“We welcome Scotland’s commitment to improving its cyber security, underpinned by our world-leading technical expertise, and the steps being taking to strengthen public and private sector organisations through the Scottish Government’s cyber resilience action plans are hugely encouraging.”

The NCSC team also toured Zonefox, an award-winning Scottish cyber security company, and met industry representatives to discuss the country’s cyber industry and how NCSC can continue to support Scottish organisations.

Earlier, Ciaran Martin kicked off the visit with a keynote speech on evolving cyber threats at the Public Sector Cyber Security 2018 Scotland conference.

This was followed by a series of discussions on the NCSC’s role, priorities and work in Scotland with senior Scottish Government ministers and members of the Scottish Resilience Partnership and Scottish Government Executive Team.

The UK Government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. As part of this, the NCSC recently held its first CyberFirst Adventurers course – aimed encouraging 11 to 14-year-olds to take up computer science – in Stirling.

A five-year UK National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9billion of transformational investment.

The NCSC provides a single, central body for cyber security at a UK level and aims to make the UK the safest place to live and work online. It manages national cyber security incidents, carries out real-time threat analysis and provide tailored sectoral advice.

Incidents will still happen, and when they do the NCSC website offers advice and information, including support 24 hours a day, 7 days a week, 365 days a year for incidents that need that level of engagement.


Russian military ‘almost certainly’ responsible for destructive 2017 cyber attack

An assessment by the National Cyber Security Centre has found that the Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack of June 2017.

The UK Government has made the judgement that the Russian government was responsible for the attack, which particularly affected Ukraine’s financial, energy and government institutions but its indiscriminate design caused it to spread further, affecting other European and Russian business.

The destructive attack masqueraded as ransomware, but its purpose was principally to disrupt. Several indicators seen by the NCSC demonstrated a high level of planning, research and technical capability.

The decision to publicly attribute this incident reiterates the position of the UK and its allies that malicious cyber activity will not be tolerated.

Foreign Office Minister of State with responsibility for Cyber, Lord (Tariq) Ahmad of Wimbledon, said:

“The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.
“The attack showed a continued disregard for Ukrainian sovereignty.  Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.
“The Kremlin has positioned Russia in direct opposition to the West: it doesn’t have to be that way.  We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.
“The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.
“We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace.”

The NotPetya attack saw a malicious data encryption tool inserted into a legitimate piece of software used by most of Ukraine’s financial and government institutions.

Once an organisation’s machine was infected, the highly crafted tool was designed to spread rapidly, in some cases overriding the Master Boot Record (MBR) on infected computers and displaying a ransom note asking for payment in Bitcoins. The malware spread via trusted networks, rather than widely over the internet. Therefore, it effectively bypassed the processes put in place to prevent ransomware attacks.

The ransom note instructed victims to make payments to a single Bitcoin wallet with confirmation that they had paid. However, flaws in the payment process quickly became apparent as the ransom note did not display a ‘personal identification ID’ which would enable the attacker to know whose data to decrypt and the payment collection infrastructure was quickly taken down by the attacker’s email provider.

The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive than as ransomware.

NotPetya used the EternalBlue and EternalRomance exploits, which the Shadowbrokers group released in early 2017. Microsoft issued a patch for both exploits.


UK’s top tech brains share knowledge of Cyber Threat

First CyberThreat Summit brings together cyber security practitioners from both public and private sectors to help combat the growing challenge of online security.

  • First CyberThreat Summit being held in London 27-28 February 2018
  • Pioneering event will bring together Europe’s skilled technical practitioners for talks, workshops and knowledge sharing
  • Conference aims to create a world-leading community of collaborating cyber experts

The UK's first CyberThreat 2018 conference is being held today, 27 February, in London, bringing together cyber security practitioners from the public and private sector to understand how to combat the growing challenge of online security.

Hosted jointly by the National Cyber Security Centre (NCSC) and the SANS Institute, the 2-day event is focused on the truly technical side of cyber defence and incident response.

The specialists attending will hear a range of talks, from world-renowned industry practitioners to rising industry stars. In between sessions, delegates will be taking on a series of interactive exercises designed to test their cyber mettle, such as Hackathons, challenge booths and a two-day Capture The Flag competition.

CyberThreat 2018 aims to help foster a world-leading cyber security community in the UK, encouraging the sharing of bleeding edge techniques, case studies from the real world and new tools. Further emphasis is being placed on cooperation between private and public sectors, as is demonstrated through the partnership between the NCSC and the SANS Institute.

Paul Chichester, Director for Operations at the NCSC, said:

“CyberThreat 2018 is part of delivering on the NCSC’s commitment to encourage collaboration between the public and private sector.
“Our aim is to foster a vibrant UK cyber security technical community that shares its knowledge of the threats we face and best practice techniques that help us understand it.
“This community of defenders will share knowledge, expertise and best practices to understand and ultimately reduce the harm to the UK, making it the safest place to live and work online.”

James Lyne, Head of Research and Development at the SANS Institute, said:

“CyberThreat18 aligns perfectly with the SANS mission to help drive greater education and understanding of how to tackle the cyber threats that face us all on the Internet today. We have been very pleased to work with the NCSC to create the agenda and bring experts and practitioners together for these two days.
"The Summit promises to be rich in real-world experience, blending insights from keynote speakers and experts with emerging talent, and sharing experience and new insights into how to tackle new and emerging cyber threats."

Due to the advanced level of the material on offer, delegates are expected to have deep technical knowledge.

7 hour turn around

Despite a previous data recovery declaring their USB stick unrecoverable in Manchester, R3’s Sheffield lab is one of the UK’s best low cost, high success rate data recovery hospital.

After the customer’s initial contact with R3’s dedicated sales team, the enquiry came in at 15:23 and within 60 minutes we had a dedicated driver meet the customer to collect her failed device in Manchester.

R3 Duty engineers were on standby and the driver arrived at Sheffield Data Recovery Lab, Security House at 18:15. The USB stick was assessed and a method of recovery implemented. After recovering and validating the data it was prepared for upload to a secure server ready for download at 22:18.

Only 7 hours after the initial contact, the customer has a full recovery returned.

We remain committed to ensuring everyone facing deadlines can get the best data emergency but also economic budget data rescue options are available.

The Development of a Real Data Recovery Lab

There is a lot more to the development of a real data recovery lab than most data recovery companies realise. Some make easy profits by declaring drives unrecoverable. Some just run software and hope for a success, if lucky their £97 quote turns into £500 to £5000, others do their best within their profit margins to perform a rebuild and often cannot achieve a success due to inexperience or being under resourced. A real data recovery lab requires £100,000s to be spent every year in its development.

R3 Data Recovery Ltd has taken on the challenge to build a lab with the highest success rates of any UK data recovery lab and matching or exceeding the very best anywhere in the world. Sadly we are still competing against misinformation, fake reviews of competitors, fake forensic data recovery reports and fake Trustscores. Fake Google reviews and an inability to recognise that taking risks with clients storage is not the right way to make a profit is still a problem despite nearly a decade of publicising the Fields Data Recovery Scam.

Cloud Storage - Where and Secure

“Cloud” data is stored on hard drives (much the way data is usually stored). And yes, it’s probably more secure than conventionally stored data.

What makes cloud storage different? Instead of being stored directly on your own personal device (the hard drive on your laptop, for example, or your phone), cloud-based data is stored elsewhere — on servers owned by big companies, usually — and is made accessible to you via the internet.

When people think of cloud computing, they often think of internet-connected public clouds run by the likes of Amazon, Microsoft and Google. (If you use Gmail, Dropbox or Microsoft’s Office 365, you are using a cloud service.) There are also consumer clouds that, for example, hold your pictures and social media posts (think of Facebook or Twitter), or store your music and email (think of Apple or Google).

Each of these companies has cloud computing systems — computer servers and storage devices, connected with computer networking equipment — that span the globe. (Facebook’s systems can allow more than one billion people to interact with them.) Your data is in their computers, usually stored in a regional data center close to where you live.

Individual companies can also have their own clouds, called private clouds, that employees and customers access, usually over the internet and on their own private networks.

Storage aside, computing clouds can also process information differently; they have special software that enables workloads to be shared among different machines. Your Facebook photos, for example, don’t have a permanent home on a specific chip, but may move among computers.

That is a big deal. When workloads are shared, computers can run closer to full capacity, with several programs going at the same time. It’s much more efficient than stand-alone computers running one job at a time.

For the people running the computers, it doesn’t really matter where the data or the programs are at any one moment: The stuff is running inside a “cloud” of computing capability. Ideally, if one machine fails, the operation moves over to another part of the system with little downtime.

Nowadays, computing clouds are everywhere — which is one reason people worry about their security. We hear more and more often about hackers coming over the internet and looting the data of thousands of people.

Most of those attacks hit traditional servers, though. None of the most catastrophic hacks have been on the big public clouds.

The same way that your money is probably safer mixed up with other people’s money in a bank vault than it is sitting alone in your dresser drawer, your data may actually be safer in the cloud: It’s got more protection from bad guys.

In the case of the big public clouds, the protection is the work of some of the world’s best computer scientists, hired out of places like the National Security Agency and Stanford University to think hard about security, data encryption and the latest online fraud.

HDD Watch

The perfect Christmas gift to give that Hard Drive enthusiast at this time of year, the French watchmaker Jean Jerome created the HDD Watch in 2014 with a successful Indiegogo campaign, recycling 1” hard drives for the movements.

The idea sprang from a shoop on a watch forum, which Jerome pursued into a full-blown, successful product.

Today, you can buy one for €150 (for a silver case) and €180 (black case), with your choice of a steel strap or one made to look like circuit boards.

FBI Given Powers To Hack Any Device

The US Supreme Court has given a fatal blow to the tech world and its companies after passing regulations which entitle the FBI and other law enforcement agencies to be able to hack into computers. The powers will be essentially useful in cases where there has been a cyber crime, and they need powers to hack into phones. The new rules will also give the FBI to enter the victims phones, and the legislation will take effect from December this year, that is unless the Congress, both lower and upper, decide to make up contesting legislation.

Under previous federal rules that were in force which pertained to criminal proceedings, a magistrate judge could not just issue out a search warrant unless the authorities knew where the computer or mobile device in question was. This was due to the jurisdiction matter which would come into effect.
“FBI can now hack any computer anywhere in the world – whenever they want”

The new rule change, which was sent to Congress as soon as it was passed, however, allows a magistrate to issue out a search warrant regardless of where the device is and whether the know about its whereabouts or not. In most cases the location pf the device would not be known because most cyber criminals used cloaking techniques and methods such as the Tor browser. Over a million are known to use the location distorting browser for legit reasons to browse Facebook and other internet related social networks, but in those one million, there are also some bad crooks.

Privacy advocates and activists who have been following the news are concerned about the intrusion that will follow. One of the advocates, Kevin Bankston, director of Open Technology Institute, said in a press release that no matter how the FBI tried to block and sugar coat what they will be doing is simply government hacking. He said, ‘whether the FBI changes it to remote access search or network investigative technique, the issue was still that it boils down to hacking. And thanks to the rule change there would be a lot more of it now.

One visiting professor at the University of California Hastings Law School, Ahmed Ghappour, said the law change was “possibly the broadest expansion of extraterrestrial surveillance power since the FBIs beginning.”

The Supreme Court judgement also allows the FBI to hack into computers that have already been hacked. Botnet hacked computers are some of the most common whereby they allow hackers to take over and spread spam and distribute viruses through many zombie innocent computers.