Category Archives: CYBER ATTACKS


Joint investigation by the Australian and Canadian privacy commissioners finds infidelity website fabricated security qualifications, was storing passwords in plain text.


AshleyMadison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs, the Office of the Privacy Commissioner of Canada says.

In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers.

The hack stole correspondence, identifying details and even credit card information from millions of the site’s users. At the time of the breach in July 2015, AshleyMadison claimed to have 36 million users and took in more than $100 million in annual revenue.

The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts.

Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn’t do enough to guard against being hacked. The company even adorned its website with the logo of a “trusted security award” — a claim the company admits it fabricated.

Poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company, the report found.

Much of the company’s efforts to monitor its own security were “focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data,” the report found.

The company also inappropriately retained some personal information after profiles had been deactivated or deleted by users and did not adequately ensure the accuracy of customer email addresses, the report said. This meant that some people who had never signed up for Ashley Madison were included in databases published online after the hack, it said.

“Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable,” privacy commissioner Daniel Therrien said in a statement. “This is an important lesson all organizations can draw from the investigation.”

The company co-operated with the privacy watchdog’s investigation and has agreed to a compliance agreement. That means if it is found later to have ignored any of the report’s recommendations, it could be held liable in court.

“The company continues to make significant, ongoing investments in privacy and security to address the constantly evolving threats facing online businesses. These investments are the cornerstone of rebuilding consumer trust over the long term,” company CEO Rob Segal said in a statement.

With files from The Canadian Press and Reuters


Henry Sapiecha


Snowden: Exposure of Alleged NSA Tools May Be Warning to U.S.

nsa-logo-sign image www.intelagencies

National Security Agency leaker Edward Snowden says the exposure of malicious software allegedly linked to his former employer may be a message from Moscow, adding a layer of intrigue to a leak that has set the information security world abuzz.

Technical experts have spent the past day or so picking apart a suite of tools purported to have been stolen from the Equation Group, a powerful squad of hackers which some have tied to the NSA. The tools materialized as part of an unusual electronic auction set up by a group calling itself “Shadow Brokers,” which has promised to leak more data to whoever puts in a winning bid.

In a series of messages posted to Twitter, Snowden suggested the leak was the fruit of a Russian attack on an NSA malware server and could be aimed at heading off U.S. retaliation over allegations that the Kremlin was trying interfere in America’s electoral process.

“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” Snowden said. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies. Particularly if any of those operations targeted elections.”

Snowden did not immediately return messages seeking additional comment. The NSA did not immediately return emails seeking comment on his claim. Messages sent to an address registered by the Shadow Brokers were not returned.

The Equation Group was exposed last year by antivirus firm Kaspersky Lab, whichdescribed it at the time as a “God of cyberespionage.” Many have since speculated that the NSA is behind the group, although attribution in the field of cyberespionage is a notoriously tricky issue.


Henry Sapiecha

Phishing, sophisticated attacks most troubling to IT security pros

Staffing, training, budget shortfalls impact ability to protect organization.

black-hat-attendee-survey-graphic-2016 image

IT security professionals fear phishing and sophisticated attacks the most, but worry that staffing, training and budget shortfalls will hinder their ability to protect their organizations.

Adding to the anxiety, 72% of respondents said they felt it is likely their organizations would face a major data breach in the next 12 months. Fifteen percent said they had “no doubt” they would face a major security breach in the next year.

Those results are part of the findings of the 2016 Black Hat Attendee Survey, which was conducted in June with 250 security professionals. The annual Black Hat USA conference kicks off next week in Las Vegas.

The looming threat that eats at IT is phishing and other social engineering attacks. According to this year’s 2015 Verizon Data Breach Investigations Report, 30% of phishing messages were opened by the target recipient, up from 23% just last year. In addition, 12% clicked on the attachment that launched the malicious attachment, up from 11% in 2014.

Those numbers point to another finding in the Black Hat Attendee Survey, 28% of IT security pros said end-users who violate security policy are the weakest part of the corporate security chain. It’s a familiar refrain and a reality that today can come with damaging consequences.

On top of these concerns, the survey showed that companies are facing a serious shortage of qualified security pros. In the survey, 74% of respondents said they don’t have enough staff to deal with the threats they expect to see in the next 12 months.

And it gets worse. Those same IT security pros says they are not spending enough time on the things that most concern them, but instead are tasked with “measuring risk (35%), managing compliance with industry and regulatory requirements (32%), and troubleshooting security vulnerabilities in internally developed applications (27%).”

The survey indicated the gap between concerns and day-to-day actions is growing, and respondents said they were fearful that they are losing the war against cyber crime


Henry Sapiecha


Bank joins Interpol cyber-crime fighting centre

Barclays Bank is the first bank to have an analyst working alongside cyber-crime experts at Interpol’s research and development facility.

lock-hacked-security-symbol image

Barclays is to become the first bank to have a cybercrime analyst working full-time alongside police at Interpol’s Cyber Fusion Centre to improve information-sharing and response to imminent security threats

OPM data breach’s big question: What’s fingerprint data worth in future cyber attacks?

Federal agencies and the intelligence community will form a working group to examine how fingerprint data can be used in future attacks.

Interpol’s centre in Singapore allows law enforcement, the private sector, and academia to work together, sharing threat information and developing responses.

The Barclays cybercrime analyst will join other experts from Cyber Defense Institute, Kaspersky Lab, LAC, NEC, SECOM, Trend Micro, the University of South Australia, and the University of Waikato in New Zealand who are already based at the Interpol Global Complex for Innovation (IGCI).

“The scale and complexity of today’s cyberthreat landscape means cooperation across all sectors is vital,” said Noboru Nakatani, the IGCI’s executive director.

Interpol said its agreement with Barclays will broaden joint efforts in cybersecurity through intelligence sharing, training, and awareness about cyber threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.

Barclay’s Group Chief Information Security Officer Troels Oerting said: “Preventing cybercrime and keeping our citizens safe from being victims of crime in cyberspace is a global task and cannot be done without the involvement of Interpol.”

Banks are among the businesses most commonly targeted by cyber criminals. Last month HSBC said it had defended itself against a major DDoS (Distributed Denial of Service) attack and was working closely with law enforcement authorities to pursue the criminals responsible.


Henry Sapiecha


Hacker claims to be selling millions of Twitter account details

The hacker has links to the MySpace, LinkedIn, & Tumblr “mega breaches.”

twitter-offices-signage image

A hacker, who has links to the recent MySpace, LinkedIn, and Tumblr data breaches, is claiming another major tech scalp — this time, it’s said to be millions of Twitter accounts.

A Russian seller, who goes by the name Tessa88, claimed in an encrypted chat on Tuesday to have obtained the database, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.

Tessa88 is selling the cache for 10 bitcoins, or about $5,820 at the time of writing.

The seller said they obtained 379 million accounts as early as 2015. That would be far more than its 310 million monthly active users, but could account for cumulative accounts, such as inactive users.

An analysis of the database by LeakedSource, a breach notification site which received the database from the seller on Wednesday, showed there are in fact over 32 million purported accounts in the database, after duplicates were removed.

LeakedSource said in a blog post that it was unlikely that Twitter was breached, and pointed to malware as the culprit.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the blog post said.

The group said it was able to verify the passwords associated with 15 users. LeakedSource shared a portion of the database with me. Two colleagues whose email addresses were in the database were able to verify their password. A third colleague said they had not used the email address found in the database to join Twitter.

LeakedSource said that the passwords were likely “stolen directly from consumers, therefore they are in plaintext with no encryption or hashing.” The groups said it did not believe that Twitter stored data in plain-text at the time the data was taken, thought to be around 2014.

“These credentials however are real and valid,” said the group. “The lesson here? It’s not just companies that can be hacked, users need to be careful too.”

As we’ve seen in recent data breaches, the most common password was “123456,” with the third and fourth password being “qwerty” and “password” respectively.

A Twitter spokesperson said in prepared statement: “We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”

In a recent tweet, the company also said that it periodically checks its data against recent password leaks to ensure that accounts stay secure.

Given the high-profile Twitter account takeovers in recent days — which included Facebook co-founder Mark Zuckerberg — it would be an easy assumption to make that Twitter had been hacked.

But Zuckerberg’s account was not in the database obtained by LeakedSource, the blog post said.

The hackers who took over Zuckerberg’s account said at the time they acquired his “dadada” password from the LinkedIn breach.

When asked, a LinkedIn spokesperson declined to comment, pointed to a recently-updated company blog post, but ruled out any new breach, and advised users to change any re-used passwords on other sites.


Henry Sapiecha

Nearly all companies still can’t spot incoming cyber attacks

Almost all organisations are vulnerable to hackers due to lack of cyber security staff or tools, report states.

cybersecurity-with-lock symbol image

Businesses know of cyberthreats – but lack the resources to adequately monitor them

Four out of five businesses lack the required infrastructure or security professionals with relevant skills to spot and defend against incoming cyberattacks.

According to a new report by US cybersecurity and privacy think tank Ponemon Institute on behalf of cybersecurity firm BrandProtect, 79 percent of cybersecurity professionals say that their organisations are struggling to monitor the internet for the external threats posed by hackers and cybercriminals.

Just 17 percent of respondents say that they have any sort of formal process in place for intelligence gathering which is applied across the whole company.

The report found that 38 percent of organisations don’t have any policy on threat intelligence gathering at all, while 23 percent have an approach that is ‘ad hoc’ at best. A further 18 percent say they do have a formal process in place, but it isn’t applied across the entire enterprise.

The Ponemon Institute claimed that businesses are on average experiencing more than one external cyberattack a month, with these repeated security breaches resulting in an annual average cost of around $3.5m.

But while many companies are failing to properly monitor external threats, the majority do recognise that they should be carrying out activities such as monitoring mobile apps, looking out for social engineering and phishing attempts, and keeping an eye on cyber threats – around 60 percent of respondents listed these activities as essential or very important to their business.

So why aren’t more organisations actively pursuing these leads in the interests of protecting themselves against hacks and data breaches? The study reported that there’s an insufficient awareness of risk across whole organisation.

Half of respondents suggested that this was one of the main barriers to achieving effective cybersecurity, while almost as many described a lack of knowledgeable staff and a lack of tools as barriers to this goal – echoing previous reports of a severe lack of cybersecurity professionals and understanding of the risks caused by poor defences.


Henry Sapiecha

Fault Lines – Cyber-war video report

Cyberwar. A conflict without footsoldiers, guns, or missiles.

Instead the attacks are launched by computer hackers. Digital spy rings. Information thieves. Cyberarmies of kids, criminals, terrorists – some backed by nation states.

In the US there Is a growing fear that they pose a massive threat to national security, and a conviction that the world’s military superpower must prepare for the fight ahead.

At stake: Crucial national infrastructure, high value commercial secrets, tens of billions of dollars in defence contracts, as well as values like privacy and freedom of expression.

In this episode of Fault Lines, Josh Rushing enters the domain of “cyber” and speaks to a former US national security official turned cybersecurity consultant, a Silicon Valley CEO, a hacker, and those who warn of a growing arms race in cyberspace.

He asks: Is the US contributing to the militarisation of cyberspace? Are the reports of cyber threats being distorted by a burgeoning security industry? And are the battles being waged in cyberspace interfering with the Internet as we know it?

People featured in this film include: Josh Rushing, John Fraize, Darrel Covell, Rsignia, Keith Alexander, Redbeard, John Verdi, Jay Rockefeller, Olympia Snowe, Jim Lewis, Enrique Salam, Michael Chertoff.


Henry Sapiecha

Cybersecurity: The Real Cyber-war is all around you! Say experts in this video presentation

Published on Mar 10, 2015

In this video, Edward Rietscha, the Cyber security director for U.S. Army Training and Doctrine Command, discusses Cyber warfare and methods to identify weaknesses and protect ourselves from cyber attack. This is another presentation in TRADOC’s monthly civilian professional development series hosted by Ellen Helmerson, TRADOC G1-4 director. Jan. 20, 2015.


Henry Sapiecha

Cyber spies are still using these old Windows flaws to target their victims

‘Dropping Elephant’ cyber-espionage group is using old and long-patched flaws as part of its strategy, but appears to be still finding successes.

cyber-spy-eye image

Government officials are being targeted by very simple methods of cyber-espionage.

Hackers using only the most basic forms of cyberattack have been able to successfully steal files from high-profile governmental and diplomatic targets.

A cyber-espionage operation has targeted individuals and organisations across the globe, although the vast majority of attacks have focused on Chinese government and diplomatic entities, individuals associated with them and partners of these organisations.

Cybersecurity researchers from Kaspersky Lab’s Global Research and Analysis team have been investigating the “aggressive cyber-espionage activity” since February. The researchers suggest that it originates in India and that attacks are undertaken using old exploits, low-budget malware tools and basic social engineering methods.

The simple, but effective threat actor has been dubbed ‘Dropping Elephant’ and use emails which are sent in mass to large numbers to identify potential victims.

While the email itself doesn’t contain a malicous payload, it does send a ping request back to the attackers’ server when the message is opened. The ping providers the cyber-spies with information about the victim, including IP address, type of browser, the device used and its location.


Henry Sapiecha


Cybercrime kingpins are winning the online security arms race

Cybercrime is getting larger and more team driven. It’s time to cast away the idea of the lone-wolf attacker.

shady-hooded-hacker-at-the-computer image

Online attackers do not look like this anymore.

The cliché of the hacker-in-a-hoodie lone wolf is out of date. Cybercrime gangs are now almost as sophisticated as the big businesses they are trying to steal from, leading to a new security arms race that companies are losing.

The increasing threat from organized cyber-criminals and state-sponsored cyber espionage means companies need to forget about the idea of a lone hacker, think through the credible threats to their systems, and deal with them in order to disrupt their attackers’ business models.

“It’s time to think differently about cyber risk, ditching the talk of hackers, and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources — intent on fraud, extortion, or theft of hard-won intellectual property,” said Paul Taylor, UK head of cyber security at KPMG.

According to research by KMPG and BT, 97 percent of companies surveyed said they had been the victims of digital attacks, but only 22 percent were fully prepared to deal with future attacks.

Executives said they were hampered by regulation (49 percent), legacy IT systems (46 percent) and a lack of the right skills and people (45 percent).

“The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The 21st century cyber criminal is a ruthless and efficient entrepreneur,” said Mark Hughes, CEO of BT’s security division.

“We’re up against quite sophisticated organized criminality. Well structured, real businesses, very efficient, very effective,” said David Ferbrache, technical director of cyber security at KPMG.

According to Ferbrache, the last two years have seen some shifts in the patterns of organized cyber criminality, with fraudsters targeting top executives and trying to trick them into making bogus transfers that can cost companies millions.

“CEO frauds now have become a massive issue across many of our clients,” he said.

****A school in Estonia has started a pilot project to teach the basics of cyber security to teenagers.

“Organized crime is spending more time looking at targeting information available on social media. The phishing lures are much better crafted and tailored now, and they can pretend to be senior officers of the company when they know the chief executive is oversees at a conference,” Ferbrache warned.

According to the research, over 90 percent of companies said staff could be open to blackmail and bribery — but less than half have a strategy in place to deal with the threat.

“When you start moving into the big cash-outs, the longer-term operations — that’s the point you see insiders coming into the picture, because you want information on the fraud control measures. Sometimes the way the systems are configured helps the operation along,” said Ferbrache.

IT staff, as well as those with knowledge of finance, could be targeted: “Systems administrators, privileged users — anybody with access credentials, anybody able to initiate financial transactions, anyone who might have an understanding of the fraud control systems and the way they are configured too — they’re all useful,” he warned.

“We have traditionally thought of insiders and outsiders as two separate categories as you move up the tiers in organized crime. That’s not the case. It blurs.”

Crime groups tend to have a loose, federated business model. The heart of each gang will be the kingpin with the idea and the targets, but the organization around them will be a loose collection of different skills. That might include people developing vulnerabilities and exploits to attack services such as DDoS by the hour. Others will be experts in recruiting money mules to launder the cash, or they might be people who specialize in selling stolen information on the black market.

“The way you have to look at these organised crime groups is that most are running a portfolio of operations,” said Ferbrache.


Henry Sapiecha