Information Security – Data Breach

UAE arranged hacking of Qatari media: Washington Post

by

UAE arranged hacking of Qatari media: Washington Post.
The United Arab Emirates arranged for Qatari government social media and news sites to be hacked in late May in order to post false quotes linked to Qatar’s emir, prompting the Qatar-Gulf diplomatic crisis, the Washington Post reported on Sunday, citing US intelligence officials.
In response, Saudi Arabia, the UAE, Egypt and Bahrain cut diplomatic and transport ties with Qatar on June 5, accusing it of supporting “terrorism”.
READ MORE: Qatar-Gulf crisis – Your questions answered The Post reported that US intelligence officials learned last week of newly analysed information that showed that senior UAE government officials discussed the planned hacks on May 23, the day before they occurred.
Al Jazeera’s Heidi Zhou-Castro, reporting from Washington DC, said this is new information and the US State Department has yet to officially respond.
US Secretary of State Rex Tillerson on Thursday returned to the US from his shuttle diplomacy in the Gulf region to try to resolve the dispute.
What’s behind Gulf demands to shut down Al Jazeera?
Khalil Jahshan, Excecutive Director at the Arab Center Washington DC, told Al Jazeera the revelations are the most important development so far since the beginning of the crisis and undermined the Emirati position. “It illustrates that Qatar, from the very beginning of this crisis, by inviting both US and British intelligence services to help investigate this was a step in the right direction,” he said “And now the results are out in public and they confirm that hacking has taken place and the quotes that precipitated this crisis by the emir of Qatar were fabricated and resulting from this hacking.”
Jahshan said the revelations should have an impact on the mediation efforts, although the signs during the crisis so far have not been encouraging.

Nearly 20,000 Australians caught up in massive Bupa Global data breach

by

Nearly 20,000 Australians caught up in massive Bupa Global data breach.
Bupa’s international health insurance arm was hit by a malicious act in its British office, putting the private information of almost 20,000 Australian customers in danger.
The company admitted on Friday that an employee had “inappropriately copied and removed some customer information” at its Bupa Global division, which provides international health insurance for frequent travellers or people who work overseas. “We are contacting those customers who are affected to apologise and advise them, as we believe the information has been made available to other parties.”
A Bupa Australia spokesperson said that, among the 547,000 customers affected worldwide, 19,595 were believed to be Australians.
It was deliberate act by an employee in the UK who had no access to customer data for the Bupa Australia Health Insurance business, which is kept on separate systems,” the spokesperson said.
The company would be “taking appropriate legal action” against the responsible staff member, who had now been dismissed. “We have introduced additional security measures and increased our customer identity checks.
Customers who have been embroiled in the incident have policy numbers starting with “BI” and the BBC confirmed on Friday that the Information Commissioner’s Office in Britain was making inquiries.
Read it here or follow BusinessInsider Australia on Facebook.

UAE hacked Qatar government websites: report

by

UAE hacked Qatar government websites: report.
The United Arab Emirates led an effort to hack Qatari government news and social media websites, sparking a diplomatic crisis, according to a new report from The Washington Post.
U.S. intelligence agencies were able to confirm to officials that senior members of the UAE government had discussed a plan to breach the government-run websites in May, the Post said.
The hack included attributing false statements calling Iran an Islamic power and speaking positively about the militant group Hamas, to Qatar’s emir Sheikh Tamim Bin Hamad al-Thani.
The officials told the Post they do not know whether the UAE had a direct hand in the hacks or whether they hired outside help.
The falsified statements were the cause of a diplomatic crisis in the region when Saudi Arabia, Egypt, the UAE and Bahrain accused the country of supporting terrorism.
Qatar was barred from participating in coalition fighting in Yemen, and Qarati citizens were given two weeks to leave the other Gulf nations.
President Trump, who had been working to foster better relations with the Saudis, blasted Qatar in June calling the country “a funder of terrorism.” “The nation of Qatar has unfortunately been a funder of terrorism, and at a very high level,” he said.
Secretary of State Rex Tillerson, however, called for all sides to deescalate.
The U.S. and Qatar signed an agreement in July aimed at planning efforts to disrupt future terrorism funding.

Hackers steal business assets but Government cyber safety scheme offers little help

by

Hackers steal business assets but Government cyber safety scheme offers little help.
A spate of ransom computer hacks has hit New Zealand businesses, but hackers could be doing worse damage behind the scenes.
* Cyber-security agency CERT NZ promises it will make a ‘big difference’ * Emergency cyber security unit to handle all reports of cyber threats in New Zealand * New Zealand upping digital security after ‘massive’ worldwide cyberattack * New measures to combat cybercrime outlined by Government Communications Minister Simon Bridges, who led the Government’s 2016 Cyber Security Strategy, said he recognised that most small businesses did not have the resources or skills to deal with cyber security.
The Government’s 2016 Cyber Security Strategy formed the Computer Emergency Response Team (Cert NZ) and planned to encourage businesses to take precautionary cyber safety measures.
Some Port of Auckland operations were slowed down when global shipping company Maersk​ was hacked by the NotPetya​ virus this month.
More business incubators for technology entrepreneurs creating cyber security products would reap economic benefits, he said.
It had proved successful in Ireland, Israel and Singapore.
Nayar said the Government’s lack of support for cyber safety was not due to a lack of effort, it just needed to do more of what it had planned.
Bridges said the Government’s cyber safety action plan was constantly reviewed and he was open to new initiatives as the risk of cyber attacks intensifies.
Visit Deloitte Fast 50 for more information.

Mac Warner Wants Info on Russian Hacking in West Virginia Election

by

WHEELING — West Virginia Secretary of State Mac Warner is seeking national security clearance for himself and at least one of his office employees after U.S. Department of Homeland Security officials told him the state’s election system was accessed by Russian hackers last year.
Federal officials recently told Warner West Virginia’s voting system was among those in 21 states reached by Russian hackers last year.
Officials at the Department of Homeland Security have not been able to provide secretaries of state any detailed information about how the cyberattacks occurred because of high-level security issues, but Warner said security clearance and information about possible hackings is necessary for secretaries of state so these issues can be addressed and rectified.
The Department of Homeland Security informed Warner of the access made by Russian hackers into West Virginia’s election system as he attended the National Association of Secretaries of State conference in Indianapolis last week.
“Seeing the fact systems have been accessed causes a lot of us to stay on alert for cybersecurity,” Warner said.
“Any reports that hacking occurred in West Virginia are unsubstantiated, and the system was not accessed as far we have information in the Secretary of State’s Office.
All secretaries of state should be given a security clearance so we can discussed whether or not we have been hacked.
He had previously asked to be a member of the commission, but was informed there were already enough Republican secretaries of state on the commission.
They told him they actually needed a Democratic county clerk to join, and asked if he knew of someone in West Virginia.
Warner said he is “not in the camp” that believes President Donald Trump benefited from Russian election hacking last year.

Hacking cars: cybersecurity regulations needed for new vehicles

by

Hacking cars: cybersecurity regulations needed for new vehicles.
David is a certified information security manager and frequently writes and speaks about cybersecurity issues across North America.
It’s just the latest safety issue affecting cars and trucks made by a variety of auto makers over the past few years.
The most stunning hack to date happened in 2015.
After that hack was announced, there was a lot of talk about the need for new laws to regulate cybersecurity in vehicles.
No one set out to make a hackable internet-connected vehicle that could be turned into a weapon.
The problem for Ford, Fiat Chrysler or General Motors is that before they even build a new car, they’re already much more expensive than the equivalent import due to legacy labour costs such as worker pensions, healthcare and other benefits.
But why did the manufacturers hook these systems together?
Marketer A loves these new ideas, each of which can become a branded feature to help differentiate a car from competitors, but more importantly can help add value to the car at little or low cost.
Fixing our smart cars New regulations and oversight of smart cars would be good first steps.

Cybersecurity for Family Offices: Q&A with the director of the Global Family Office Group at Citi Private Bank

by

The white paper surveyed information security experts in and outside of Citi to provide a comprehensive guide on a topic of high interest to Family Offices.
The author of the report, Edward Marshall, director, Global Family Office Group at Citi Private Bank, said, “As seen in recent news, the number of cyberattacks perpetrated against nations, corporations and individuals are increasing at a rapid pace.
One of the most pressing issues our clients face now is cybersecurity as Family Offices have more and more become targets of cyberattacks.
We have seen many Family Offices hire external professionals to provide an initial diagnostic of risks and then depending on complexity, FOs will retain those professionals to provide regular checkups.
This year’s leadership program included a panel on cybersecurity for Family Offices.
For the moment, an in-house Family Office CISO position exists only for the largest Family Offices in North America.
This is in juxtaposition to often well-established corporate governance guidelines seen in the companies that generated the wealth for the principal.
3) Underinvestment in critical information technology systems – While the corporations that often create the wealth for a family are well-equipped with information technology staff and updated technology, the Family Office is often deprived of the same treatment because they typically operate as separate corporate entities in locations convenient for the principal and/or access to capital markets.
This attention, whether desired or avoided, could make the Family Office a target.
Cyber technology vendors and security firms/consultancies will find that Family Offices will be interested in keeping informed on cyber threats and on effective cybersecurity solutions.

Alleged co-founder of AlphaBay dark web marketplace for illegal drugs and weapons found dead

by

Alleged co-founder of AlphaBay dark web marketplace for illegal drugs and weapons found dead.
Alexandre Cazes, believed to be behind dark net marketplace AlphaBay, has been found dead in a Bangkok jail cell.
The suspected co-founder of AlphaBay, one of the largest dark web marketplaces, was found unresponsive at Thailand’s Narcotics Suppression Bureau.
His father Martin Cazes said it was difficult to believe that his son would take his own life.
Mr Cazes senior said he was awaiting the autopsy results and hopes he will find out the truth behind his son’s death.
The US Embassy in Bangkok stated that Mr Cazes was detained at the request of the US “with a view toward extradition to face federal criminal charges.”
Thai police arrested Mr Cazes, also known by the pseudonym DeSnake, on 5 July on charges of drug trafficking and money laundering.
Authorities seized several million dollars, three properties and four Lambourghinis owned by Mr Cazes, according to Deutsch Welle.
Mr Cazes was under investigation by local authorities. “He was a computer expert involved with international transactions of bitcoins,” Major General Soontorn Chalermkiat, a spokesman for Thailand’s Narcotics Suppression Bureau, told AFP.

Data breach: Get proactive about security

by

Data breach: Get proactive about security.
Recently, details of Reliance Jio customers were posted on a website.
Earlier, a hacker stole email addresses and hashed passwords from Zomato’s database.
Access your subscription from anywhere.
Be it your computer, tablet or smartphone using a browser or the App, Your Choice.
Get all the news upates at the end of each day through E-Mail.
Pick the industry that you want to track.
Cut out the clutter.
Read about the people and events shaping business, finance, technology, politics, technology and culture.
Stay informed with newsletters – an easy way to get WSJ content straight to your inbox – making life easier on your busiest days.

Department of Telecom seeks details of alleged Reliance Jio data breach

by

Department of Telecom seeks details of alleged Reliance Jio data breach.
0 The Department of Telecom will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said 15 July.
“They (company) have not come to us but we will seek details from them,” Telecom Secretary Arun Sundararajan told reporters in response to query om DoT’s action over the alleged data breach of Reliance Jio.
There were reports on Sunday which claimed that customer data, including mobile numbers and other details of Reliance Jio users, were allegedly leaked on an independent website.
A 35-year-old computer science dropout from Rajasthan has been arrested for his alleged involvement in the case.
The accused has been identified by his nickname ‘Imran Chippa’ and was arrested from Churu district in Rajasthan.
A resident of Sujangarh town, Chhipa had made the website Magicapk.
He claimed to provide Jio user data through his website, police said.
A Maharashtra Cyber Police senior officer confirmed that some leak had occurred but declined to share details about the quantum of the breach.
Disclaimer: Reliance Industries Ltd. is the sole beneficiary of Independent Media Trust which controls Network18 Media & Investments Ltd.