hold

now browsing by tag

 
 

#deepweb | Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians

Source: National Cyber Security – Produced By Gregory Evans

LifeLabs announced this past week that hackers had invaded its computer system and put the records of 15 million Canadians at risk

Veronica Henri / Veronica Henri/Toronto Sun

OPINION: If the cybercriminals already have a copy, then retrieving data by paying ransom will not suddenly disallow the attackers from further using that data

LifeLabs — Canada’s major provider of lab diagnostics and testing services — announced on Dec. 17 that hackers had potentially accessed computer systems with data from “approximately 15 million customers” that “could include name, address, email, login, passwords, date of birth, health card number and lab test results.”

As a Canadian citizen whose data and whose family’s data is probably among the 15 million records stolen, my first thought is about the implications of this breach.

At the International Cybercrime Research Centre in the School of Criminology at Simon Fraser University, we’ve been studying online hacker communities for about seven years and the Dark Web for the past four years. The Dark Web, with its large number of marketplaces (called cryptomarkets, think eBay for drugs and stolen data), is a fascinating place where all sorts of products, data and services are made available for purchase. Payments are made using anonymous (mostly) untraceable digital currencies. I would expect parts of LifeLabs’s database to eventually end up in a marketplace like that.

So how did this happen? Details of the hack have not been revealed due to the ongoing investigation, but hopefully we will eventually learn the specifics. According to the Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC), “cyber criminals penetrated the company’s systems, extracting data and demanding a ransom,” which LifeLabs paid.

This points to a likely ransomware attack, where the attacker encrypts the data on a computer system and makes it inaccessible. Unless a backup of the data exists, the only way to recover the data is by paying the attacker a ransom, who sends the victim the decryption keys to unlock the data. Most of these ransomware attacks use encryption so strong that even security firms cannot unlock the files, which has led to a new type of business where consultants help ransomware victims negotiate and pay the ransom.

In most ransomware cases the data remains on the victim’s computer, but its access is revoked through strong encryption. This implies that the attackers do not actually have a copy of the data and thus the chances for future revictimization remain low. However, the language of the OIPC indicates that in this case, the data were “extracted.” This puts a new twist on the story.

Ransomware attackers sometimes do use ransomware — software that threatens to block access or publish data — that not only locks files, preventing the victim from doing anything, but also leaks the files back to the attackers. This allows the attackers to potentially extort more money from the victim, as happened a few weeks ago to Allied Universal, a security firm in California. That seems to be the case with LifeLabs.

If this is true, then our data is out there, in the hands of cybercriminals, and will remain out there. LifeLabs has stated that they have “retrieved the data by making a payment,” but if the cybercriminals already have a copy, then retrieving it will not suddenly stop the attackers from further using that data.

Did LifeLabs not have a proper backup and recovery procedures in place so it could recover from this failure without having to resort to paying a ransom?

The likely scenario is that LifeLabs fell victim to a ransomware attack, possibly sparked by a phishing email with a malicious link or attachment, which resulted in up to 15 million customers’ information (our information, not LifeLabs’) being extracted to the attackers. LifeLabs paid the ransom to regain access to the data and continue business.

What can we, as customers, do? Unfortunately, not much.

The data theft is beyond our control. Periodically we must do business with third-parties that require our personal information and we have no choice but to hand it over. Implicit in this transaction is that the other party (LifeLabs, for example) will protect that data. The only available option we have as customers is to be vigilant of our personal information, including financial and health details; but this is after the data theft.

We must check our credit card statements, our credit histories, our insurance claims. We must not use the same password in multiple places and should use two-factor authentication whenever possible.

Potentially the best way to prevent future breaches would be to incentivize organizations that collect our personal details to secure them properly. This could be done by changes to the legislation, like in the European Union and its new General Data Protection Regulation (GDPR) introduced in 2018.

In August 2018, the British Airways website was breached and 500,000 customer details stolen. The United Kingdom’s Information Commissioner’s Office handed down a fine of £183 million (approximately $321 million), based on a new U.K. law designed to mirror the EU’s GDPR. With penalties like that, third-party organizations would have no choice but to take data security seriously, rather than as an operational cost.

Richard Frank is assistant professor of criminology at Simon Fraser University.


Letters to the editor should be sent to provletters@theprovince.com.

CLICK HERE to report a typo.

Is there more to this story? We’d like to hear from you about this or any other stories you think we should know about. Email vantips@postmedia.com.

Source link
——————————————————————————————————

The post #deepweb | <p> Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.

 

Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers hold Sydney start-up’s customer database for ransom

Source: National Cyber Security – Produced By Gregory Evans

Hackers hold Sydney start-up’s customer database for ransom

Small Sydney tech company Qnect is in damage control after its customer data was reportedly stolen and held for ransom. The attack comes just weeks after ransomware known as WannaCry disabled over 300,000 computers and essential services worldwide. The hackers, calling themselves RavenCrew, threatened to publish the data – including…

The post Hackers hold Sydney start-up’s customer database for ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

SC businesses hold Cybersecurity Summit to focus on threats

Source: National Cyber Security – Produced By Gregory Evans

SC businesses hold Cybersecurity Summit to focus on threats

Small and medium-sized businesses from across South Carolina were in Columbia Tuesday for a Cybersecurity Summit, to learn how to better protect themselves and your personal information. “Those governmental agencies or businesses have your information, so businesses are doing all they can to protect it,” says Ted Pitts, president and CEO of the South Carolina Chamber of Commerce, which hosted …

The post SC businesses hold Cybersecurity Summit to focus on threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How your fitness tracker could compromise your personal data and let hackers hold you to ransom

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans HACKERS could hold people to ransom through personal data obtained from their smartphones, watches, television and even fitness trackers, cyber security experts … View full post on Become007.com

Education’s Tenuous Hold on 2016 Ballot – Education Week

In a heated election year, education has proven to be a muted issue at the presidential level, but a hot topic in a variety of state showdowns.

View full post on Education Week: Charter Schools







#pso #htcs #b4inc

Read More

The post Education’s Tenuous Hold on 2016 Ballot – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

Source: National Cyber Security – Produced By Gregory Evans

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers.   “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.”   The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director )   “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said.   As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them.   The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan.  IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year. appeared first on National Cyber Security.

View full post on National Cyber Security

Contentment to have and to hold

One statistic more than any other sets the scene for the suburb of Waverley. Where the rest of Dunedin, riven by loneliness and failed, transitory relationships, boasts a marriage rate of a sad 40%*, Waverley, the suburb of steady, solid and secure love, soars high at 60%. Read that again – 60%. Read More….

The post Contentment to have and to hold appeared first on Dating Scams 101.

View full post on Dating Scams 101

‘Hackers’ Director: Rollerblading Didn’t Hold Up, But the Rest of the Movie Does

Source: National Cyber Security – Produced By Gregory Evans

On September 15, 1995, Hackers was released in the theaters to a relative thud, recovering less than half its production budget at the box office. But the tale of a group of high school hackers—with cool-sounding hacker handles like “Zero Cool” and “Acid Burn”—stumbling upon a grand corporate conspiracy found a second life on home video, becoming a cult classic two decades later. Directed by Iain Softley—who’d previously made the Beatles dramatization Backbeat, and subsequently directed K-PAX and The Skeleton Key—the film is all sorts of dated. There’s heartthrob Jonny Lee Miller doing his best to put on a New Yorker accent, there’s some unknown punk named Angelina, there’s the nebulously famous Fisher Stevens. Matthew Lillard’s in it, and so is Marc Anthony. Everyone rollerblades or skateboards. It’s probably the most 90s movie of all time. But despite its residence in an era of phone booths (that sometimes twirl) and modems that go “reeeeee-unnnhhhhhh!” it’s also prescient portrayal of the approaching promises and dangers of this internet thing. I woke up at the crack of dawn to chat with Softley about the 20th anniversary of the movie. MOTHERBOARD: How long has it been since you watched Hackers? Iain Softley: I […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post ‘Hackers’ Director: Rollerblading Didn’t Hold Up, But the Rest of the Movie Does appeared first on National Cyber Security.

View full post on National Cyber Security

Councilman to hold press conference Wednesday on new crime-fighting technology being used in Detroit

Source: National Cyber Security – Produced By Gregory Evans

7 Action News is expecting to learn more Wednesday, September 23, about a form of crime-fighting technology Detroit police have been using for about a year now. The technology is called Shotspotter and it’s been credited with helping police in cities across the country. Detroit Councilman Scott Benson will host a press conference this afternoon. The Detroit Police Department installed the Shotspotter program over a year ago. It detected more than two dozen shots fired in the first week. Here’s how it works. Microphones covered in weatherproof casing are placed in spots with high crime. When a shot is fired the sensors relay information to police to help them originate the area where the shots came from by sending them real-time GPS data. That data then takes police to a small area that enables them to track down activity faster. Source: http://www.wxyz.com/news/region/detroit/councilman-to-hold-press-conference-wednesday-on-new-crime-fighting-technology-being-used-in-detroit

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Councilman to hold press conference Wednesday on new crime-fighting technology being used in Detroit appeared first on National Cyber Security.

View full post on National Cyber Security