Tech
NCC supporting London councils gripped by cyber attacks | Computer Weekly
Three Greater London councils struck by a cyber attack last week are receiving response support from cyber security experts at NCC Group as they continue to pursue multiple investigations into the incident.
The three neighbouring authorities, the London Borough of Hammersmith and Fulham, the Royal Borough of Kensington and Chelsea (RBKC), and Westminster City Council – which operate a number of shared systems between them, first identified the incident on 24 November.
Of the three, RBKC has already disclosed that some historical data has been copied and exfiltrated from its systems, although it has not been encrypted or destroyed.
NCC’s teams were deployed alongside the National Cyber Security Centre (NCSC), London’s Metropolitan Police, and the National Crime Agency (NCA), with its operatives focused primarily on containing the impact of the attack and managing the three councils through the disruption, with a focus on restarting affected systems and public-facing services as soon as possible.
“Attacks on our public services require a diverse team to respond. Our team is working around the clock and under immense pressure as part of a coordinated effort to limit the impact of this incident and to work towards the continued delivery of essential services,” said NCC CEO Mike Maddison.
“As we have seen time and again in similar scenarios, the road to achieving a safe recovery of digital services can be challenging and will take time. This will be a difficult period both for residents in the impacted boroughs and the team members across the tri-borough partnership who are working tirelessly to address this issue,” he added.
Elizabeth Campbell, leader of Kensington and Chelsea Council, added: “Being given the news that we are under attack is what no Council leader wants to hear, but like any public body, there was always that possibility.
“To counter this threat, we had invested significantly in our digital, data and technology services and had up to date cyber defence systems. That system worked well mitigating the damage. Our IT team has been fighting back, investigating the cause, and assessing the impact,” she said.
“We are certain that we are taking all the right steps and we are hugely grateful to have the expertise of NCC Group to advise and support us. Their wealth of experience helping the British Library, universities and other authorities recover from cyber attacks is reassuring as we begin to recover and rebuild,” said Campbell.
Ongoing disruption
A week and a half after the incident was first detected, extensive disruption continues across all three of the affected councils.
In Hammersmith and Fulham, multiple services have been affected, with most of its online offerings unavailable, including council tax accounts; business rates payments; benefits accounts; housing, including repairs; parking permits, fines, and on-street bay suspensions; freedom pass applications; and property licensing.
As of its most recent statement, issued on Friday 28 November, the council said there was currently “no evidence” of its own systems having been compromised, but that it was continuing to enact enhanced security measures as part of its investigation.
The council’s spokesperson said it had been informed by RBKC of the data theft and said it was investigating this issue alongside its neighbours.
Meanwhile, as of Monday 1 December, RBKC has put in place a number of mitigations as it works towards service restoration, although crucially, phone lines continue to be disrupted. It expects disruption to last at least another fortnight.
It said residents experiencing genuine emergencies relating to environmental health, housing and social services should reach out via the phone numbers available here. It will also be opening its customer service centre at Kensington Town Hall for emergency in-person appointments on the weekend of 6-7 December.
On council tax and business rate payments, RBKC’s systems continue to be disrupted for those paying by Direct Debit, so residents are advised to keep funds available in their accounts so that collections can take place once they are back online. Other methods of payment are available as normal.
RBKC’s IT and security budget runs to over £12m per annum and the council said that in this instance, its systems worked as intended, enabling it to detect the cyber attack quicker and take action. This may have limited the scope of the incident.
Westminster Council is also continuing to respond to the incident. In its most recent update issued on Thursday 4 December, a spokesperson said: “We want to reassure residents that council services are running, although some disruption remains. Our priority is to keep services operating and to support the most vulnerable in our community and we apologise for any inconvenience.”
The disruption in Westminster extends across multiple services, including rent and service charge payments; council tax and business rates; housing repairs; local support payment applications; community hall bookings; birth, deaths and marriage certificates; children’s services referrals; complaints; licensing; and online waste and recycling services, including bulky item collections and requests for more recycling bags. Libraries are open as usual but cannot accept new members.
Like its neighbours, it expects the disruption to continue for some time, and it is also working to confirm the precise nature of the data breach.
“We have a team of specialists working to understand the extent and potential implications of any breach of data from shared services. At this time our investigations continue, and we urge everyone to follow advice to keep cyber safe with service users asked to be extra vigilant when called, emailed or sent text messages,” the spokesperson said.
All three councils are encouraging residents, customers and other service users to be extra vigilant with regard to their own personal data, and wary of any unexpected contacts via email, phone or text. More consumer information on staying safe in the wake of a data breach is available from the NCSC.
Hackney Council not involved
Earlier reporting suggested that Hackney Council, which was the victim of a major incident at the hands of the Pysa ransomware gang in October 2020v, had also been impacted by the latest incident. This is now known to be inaccurate.
A Hackney council spokesperson said: “Hackney Council is unaffected by the cyber attack that is reported to be affecting some councils in London. Media reports suggesting otherwise are mistaken.
“We have strong measures in place to keep our services secure and have reminded all staff about their responsibilities to ensure that data is protected.”
Public services on the frontline
Although the big story of 2025 has been one of major cyber attacks on some of the UK’s best-known private sector companies, public services remain in the crosshairs of cyber criminal actors as well, and recent history is littered with examples of such incidents, from last year’s incident at NHS partner Synnovis to the British Library attack, and hits on multiple local authorities across the nation.
“Cyber attacks are a serious and persistent risk to digitised economies. Unfortunately, public services are a prime target for cyber threat actors, whether that be organised crime, nation states, or individuals,” said Maddison at NCC.
“The challenge of securing public institutions is real and growing. Public bodies have large and complex attack surfaces, with online accounts, employees, online resources, locations, and systems to protect.
“The bar to adequately protect such institutions from attack is getting ever higher, with sophisticated and coordinated attackers to counter. We must focus on ensuring the fundamentals are in place to build the future securely. It is critical that initiatives such as the UK’s Cyber Growth Action Plan are adequately funded and prioritised, recognising cyber as a strategic enabler of national resilience and economic growth,” he said.
Federal agents on Thursday announced the arrest of a suspect charged with planting the two pipe bombs discovered near the US Capitol complex on the eve of January 6, 2021. Authorities identified the man as Brian J. Cole Jr., a resident of Woodbridge, Virginia. The arrest marks a major break in a case that has vexed authorities for nearly five years.
Cole, 30, is charged with transporting an explosive device across state lines with the intent to kill, injure, intimidate, or destroy property and with attempting to damage and destroy the headquarters of the Republican and Democratic national committees by means of an explosive device. If convicted, he would face the prospect of decades in prison.
According to an affidavit, investigators linked Cole to the bombs through a combination of surveillance footage, historical cell-site data, and years of purchase records showing he bought each major component used to construct the devices. Agents allege Cole acquired the same model of galvanized pipe, matching end caps, and nine-volt connectors, among other items, across multiple hardware stores in northern Virginia in 2019 and 2020.
Cole continued buying components used in bomb-making after his bombs in the Capitol were discovered, agents allege, listing the purchase of a white kitchen timer and two nine-volt batteries from a Walmart on January 21, as well as galvanized pipes from Home Depot the following day.
Senior Trump administration officials quickly cast the arrest as a vindication of their own leadership, claiming the case had gone cold. Attorney General Pam Bondi said she hoped the arrest would restore public trust following what she characterized as a “total lack of movement” on a case that had “languished for four years.” In their telling, the breakthrough was proof that the case only advanced once they were empowered to “go get the bad guys” and stop “focusing on other extraneous things,” as FBI deputy director Dan Bongino put it.
“Though it had been nearly five years, our team continued to churn through massive amounts of data and tips that we used to identify this suspect,” said Darren Cox, deputy assistant director of the FBI’s criminal investigative division.
The bombs were planted near the headquarters of the Republican and Democratic national committees the night of January 5, 2021, as Congress prepared to certify Joe Biden’s electoral victory over Donald Trump. Both failed to detonate, but their discovery the following day added to the chaos and confusion unfolding as a pro-Trump mob stormed the US Capitol building, causing millions of dollars in damage and injuring approximately 140 Capitol and Metropolitan Police Department officers.
As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too.
“I don’t know of anybody who’s ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.”
Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it’s all a means to an end for him,” she says. “And the end is privacy for everyone.”
Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash.
Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says.
But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren’t doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon.
The T10 also includes a voice-cloning feature similar to those offered by the Vasco Q1 and the Google Pixel 10. With this function, you recite a few sample sentences, press the “clone” button, and in a few minutes, you can have the T10 speak in a simulacrum of your own voice instead of its generic “male” or “female” tones. This system is much more impressive than Vasco’s, based on my testing, with my cloned voice sounding eerily like my own, just with a rich Spanish, Russian, or Tamil accent applied. Note that by default, the app can only store one cloned voice at a time.
The 60-mAh battery charges via USB-C and promises 15 hours of continuous usage and 100 days of standby time. That’s tough to test thoroughly, as the device automatically shuts itself off after just a few minutes of disuse. Despite many hours of testing over several days, the in-app battery indicator never wavered from a 100-percent charge.
The Subscription Push
The T10 is a capable, if complex, translation system, and I’d be more enamored with it if not for the fact that it includes only 180 days of service before you are pressed to upgrade to one of two subscription plans. For $14 per month or $100 per year, you receive 600 minutes per month of service across many of its real-time features. For $25 per month or $179 per year, that moves up to unlimited service (and adds a second voice cloning slot). Without a subscription, users get just 120 minutes of real-time translations per month and lose call translation and AI Mind Map features completely. The cross-app translation feature, face-to-face mode, and text/photo translations are free across all modes.
Another major issue I had with the T10 is how rough the InnAIO Pro app is. The badly translated interface is particularly troubling, not just because a good portion of it is in pidgin English but because some of it isn’t translated at all. For example, if you save a recording of a real-time translation session, the identities of the two languages used in the recording appear in Chinese.
The T10 has a novel approach and some unique features you won’t find in competing gear or on a phone app, but at present, it’s all too haphazard and undercooked to wholly recommend. The push for a very costly subscription after such a short period of free access makes that calculus all the more difficult.
BasicNet acquires American brand Sundek
MWC extends commish Nevarez through 2030
FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6
-
Tech4 days agoGet Your Steps In From Your Home Office With This Walking Pad—On Sale This Week
-
Entertainment4 days agoSadie Sink talks about the future of Max in ‘Stranger Things’
-
Sports4 days agoIndia Triumphs Over South Africa in First ODI Thanks to Kohli’s Heroics – SUCH TV
-
Fashion4 days agoResults are in: US Black Friday store visits down, e-visits up, apparel shines
-
Politics4 days agoElon Musk reveals partner’s half-Indian roots, son’s middle name ‘Sekhar’
-
Uncategorized1 week ago
[CinePlex360] Please moderate: “Americans would
-
Tech4 days agoPrague’s City Center Sparkles, Buzzes, and Burns at the Signal Festival
-
Sports4 days agoBroncos secure thrilling OT victory over Commanders behind clutch performances