Conficker worm disrupts Manchester police systems

Greater Manchester Police has cut its access to central police computers in an effort to contain the infection
Written by Tom Espiner, Contributor on

The Conficker worm has hit Greater Manchester Police computers, leaving the force without direct access to central police systems.

The worm was discovered on the computers on Friday, leading the Manchester force to cut access to the Police National Computer (PNC) and other criminal justice systems to prevent further infection. The systems were still infected on Tuesday, Greater Manchester Police (GMP) said in a statement.

Conficker is a network worm that targets holes in Windows and spreads through infected USB devices, or by launching dictionary attacks on weak passwords on networks, among other methods. The GMP has begun an investigation into how the worm entered its systems.

"At this stage, it is not clear where the virus has come from, but we are investigating how this has happened and will be taking steps to prevent this from happening again," said GMP assistant chief constable Dave Thompson.

Police have been warned against the use of USB sticks following the infection. "There have been some internal messages about using personal dongles," a GMP spokesman said.

The PNC holds details of people, vehicles, crimes and property that can be electronically accessed by the police and other criminal justice agencies. While the Manchester force's access to PNC has been curtailed temporarily, its response to crimes has not been affected, according to the GMP spokesman.

GMP officers have been contacting colleagues in neighbouring forces to run any urgent PNC checks, he added.

The Conficker worm, also known as Downadup and Kido, has a history of infecting systems via thumb drives, said USB security company SanDisk. The worm was behind an outbreak that disrupted Manchester City Council's parking ticketing last July.

"It's not yet certain how the GMP network was infected, but we have seen Conficker outbreaks from an infected flash drive before, as both Ealing and Manchester Councils found last year," said Jason Holloway, SanDisk sales manager for northern Europe.

"Unfortunately, users often aren't aware that they are using an infected device, and Conficker's Autorun exploit is specifically designed to take advantage of this."

Conficker, which targets Microsoft Windows systems, has claimed some high-profile scalps. In March 2009, the worm infected UK parliamentary systems, while the Ministry of Defence and NHS systems in Sheffield have also experienced Conficker issues.

Editorial standards