ASLEF website suffers cyber attack

[357]

Just received the following text:

Update: Ourselves and a number of other trade unions' websites have been the victims of a cyber attack. The DDoS attack was launched against the members' area of our website which has made the log in to the members' area inaccessible. We are working to resolve the issue. There has been no data breach.

 

[Efini92]

Does anyone actually log into that?

 

[357]

Does anyone actually log into that?

I've only ever used it to check salaries personally

 

[greatkingrat]

I've only ever used it to check salaries personally

And that is often years out of date.

 

[357]

And that is often years out of date.

Yep. I recently posted in another thread that my previous TOC was about 40k out of date!

 

[Efini92]

I've only ever used it to check salaries personally

You’ve already answered my reply

I don’t like that it’s possible to buy service badges on the store. They should be earned not bought.

 

[357]

You’ve already answered my reply

I don’t like that it’s possible to buy service badges on the store. They should be earned not bought.

They should be given for free once earned!

 

[dk1]

Does anyone actually log into that?

Have done very occasionally.

 

[Travelmonkey]

Someone has a point to prove, although be better hacking the RDG/DFT as this will only offer more fuel for union fires,

 

[380101]

They should be given for free once earned!

They are. Head office send out the appropriate badges to every Branch Secretary once a year for them to give out to the members due them.

 

[Efini92]

They should be given for free once earned!

They are, but it’s wrong that I could log in tomorrow and buy a 50 year medallion.

 

[357]

They are. Head office send out the appropriate badges to every Branch Secretary once a year for them to give out to the members due them.

I've never had mine!

They are, but it’s wrong that I could log in tomorrow and buy a 50 year medallion.

Never got mine but agree on the second point!

 

[Efini92]

I've never had mine!


Never got mine but agree on the second point!

Your branch secretary from the year it was due should have it. I have a few spare from when I was BS, which one do you need?

 

[Yew]

I would imagine the intent is more for if they are lost, than to allow early acquisition.

 

[mpthomson]

Someone has a point to prove, although be better hacking the RDG/DFT as this will only offer more fuel for union fires,

Much more likely to be random mischief. All sorts of non-governmental organisations suffer from these kind of attacks occasionally. Often it's just people proving they can do it rather than any political motivation. Government departents are targetted almost daily.

 

[PyrahnaRanger]

Much more likely to be random mischief. All sorts of non-governmental organisations suffer from these kind of attacks occasionally. Often it's just people proving they can do it rather than any political motivation. Government departents are targetted almost daily.

Whilst that may have been the case, most cyberattacks these days are all about the money - nearly half of those suffering an encryption attack will pay some ransom to try and recover their data. Most are criminal gangs based in Russia or the far east, and are regularly targeting government departments as well.

The attack described (denial of service) isn’t the most complicated, and may just have been bought as a service on the dark web, but if I were CISO to one of those unions, I’d be incredibly concerned that everything was in place to reduce the likelihood and mitigate against any further incursions.

 

[Rail Quest]

Someone has a point to prove, although be better hacking the RDG/DFT as this will only offer more fuel for union fires,

Much more likely to be random mischief. All sorts of non-governmental organisations suffer from these kind of attacks occasionally. Often it's just people proving they can do it rather than any political motivation. Government departents are targetted almost daily.

The OP references something about other trade union websites being affected. To me, this could mean one of two things:
- The unions in question share the same service/service provider and are hosted on the same infrastructure, which would mean an attack on one is an attack on all
- Or there was some sort of anti-union influence here given that there are still some hacktivist actors in the cyber space, perhaps some have something against the unions, who knows

At the end of the day though, it's a DDoS. It's an attack that most modern systems and hosting options (such as Microsoft Azure) have built in protections against anyways. Given this system sounds like it might be an older system (?) then if it was just an attack on a single service provider, then I doubt this is anything more than a random attack.

 

[DarloRich]

MI5 never had to hack the NUM website

This will be about data theft or extortion rather than intelligence - obviously!

 

[43066]

ASLEF have sent a communication this afternoon stating that the attack is continuing, hence access to their website remains restricted, and suggesting that other TUs are also being targeted.

 

[northwichcat]

ASLEF have sent a communication this afternoon stating that the attack is continuing, hence access to their website remains restricted, and suggesting that other TUs are also being targeted.

I would make an educated guess that if anyone's specifically targeting trade union websites, it's because they've found a flaw in one and are attempting others to see if they have the same flaw.

At the end of the day though, it's a DDoS. It's an attack that most modern systems and hosting options (such as Microsoft Azure) have built in protections against anyways. Given this system sounds like it might be an older system (?) then if it was just an attack on a single service provider, then I doubt this is anything more than a random attack.

Indeed. The people behind Wannacry didn't originally intend to disable NHS trust systems or attempt to shut down DB, it was just those organisations were using an outdated system and had employees who were ignorant when downloading email attachments from unverified sources.

 

[YorkRailFan]

ASLEF website is showing a 403 Error when I go on it. Anyone else having this issue?

 

[Rail Quest]

ASLEF website is showing a 403 Error when I go on it. Anyone else having this issue?

As in just there normal website home page? I can seem to reach it fine

 

[YorkRailFan]

As in just there normal website home page? I can seem to reach it fine

Yes, makes me verify I'm not a robot and then says "403 Error Forbidden."

 

[43066]

Yes, makes me verify I'm not a robot and then says "403 Error Forbidden."

Same here.