
NHS staff trigger Google cyber-defences - happy-go-lucky
https://www.theregister.co.uk/2017/02/01/google_mistakes_entire_nhs_for_a_botnet/
======
empath75
This is a stupid headline. They're tripping the request limit from a single
ip, which makes you fill out a captcha. We've been hit with that a few times
where I work.

~~~
Symbiote
It's The Register, daft headlines is their style. They imitate the cheap,
mass-market newspapers in the UK like The Sun or The Mirror.

The NHS is one of the world's largest employers. If all that traffic is behind
a small range of IPs (one wouldn't be enough) I'm not surprised there are
issues. It does seem an odd network design though.

~~~
lmm
> If all that traffic is behind a small range of IPs (one wouldn't be enough)
> I'm not surprised there are issues. It does seem an odd network design
> though.

"Plonk all our desktops behind a router, NAT the whole thing" isn't that
unusual as a network design.

One would hope that the government in particular would be moving to IPv6 as
the socially responsible thing to do.

~~~
Symbiote
It's a bit unusual for an organization with thousands of sites, spread across
an entire country. I haven't checked, but it probably has a huge IPv4
allocation too.

I'd expect something more like the university networks.

------
kogir
Or perhaps there is active malware within the NHS network? Why is the
immediate assumption that the amount of traffic is not actually an indicator
something is wrong?

When I've managed office networks and we've seen the captchas, every time it
was traced to actual infections of a few machines. Re-imaging them (and
educating users) fixed the problem.

------
nl
I wonder if it will turn out that some random computer in the NHS was infected
with a SEO scraping bot.

But no, that is impossible. The NHS is clearly much, much better at running IT
than Google is.

~~~
jsolson
Hell, I sometimes forget which end of the Ethernet cable plugs in where.

------
predakanga
Seems like quite the overblown headline, but it reminded me of the recent
self-inflicted email DoS at the NHS:
[https://www.theguardian.com/society/2016/nov/14/186m-needles...](https://www.theguardian.com/society/2016/nov/14/186m-needless-
emails-nhs-wide-test-message-and-replies-to-all-crash-system)

I suppose articles like this are a worthy reminder to remember the extreme
cases in our engineering

~~~
mseebach
But this (the e-mail DoS) isn't even an extreme case. When you have on the
order of a million accounts, especially when you have large distribution
lists, you need to consider this as an expected case (and the best practice
solution is pretty well understood: limit send-rights to large distribution
lists to the people who need it).

It's depressing how little effort Microsoft invests in trying to fix the
obvious brokenness[1] of email (including reply-all) and (especially)
calendaring. It's a particular contrast to the often controversially heavy
handed actions by Google to "outlaw" insecure internet practises.

1: The brokenness is obvious, the solutions admittedly less so.

------
alicewales
I work in the NHS and regularly get the "I'm not a robot" captcha. I know what
it is and why it's there when I see it, but colleagues often complain that
their "Google" has a "virus".

A lot of NHS traffic goes through a few large networks like THIS
[[https://www.this.nhs.uk/home/](https://www.this.nhs.uk/home/)] which don't
have especially large IP allocations.

~~~
candiodari
I hope I'm pointing out the elephant in the room here: how many of their PCs
are infected ?

~~~
dz0ny
This!

------
arcanus
I always wonder if in an increasingly automated world, these sort of mishaps
will become more common, and take longer to elevate to a human level where it
can be fixed.

------
ocdtrekkie
Definitely been in this camp before at previous places I've been. It's
particularly crazy that this is happening with NHS, given Google's very public
partnership with them to collect and process their medical data through
DeepMind.

~~~
fredley
The NHS is not a single entity, it is a huge, loose collection of different
bodies in a very complex arrangement. The bodies that Google is involved with
are likely entirely separate from the ones providing the affected IT service.

------
netsec_burn
Clickbait and highly misleading headline.

