The hacking community is having lots of fun at
TalkTalk's expense or TalkTalk is in much more trouble than they are
admitting.
Posted while maintaining what I think is an
appropriate level of skepticism…
Ben Ellery and Jaber Mohamed, who continue to
report as if the dark web is something new, report that they are in
contact with someone who uses the handle “The Martian” who claims
to have 1 million TalkTalk users’ information – email
addresses, bank account numbers and sort codes – available for bulk
purchase. Obviously any such claim conflicts significantly with
TalkTalk’s assessment of how many customers had their data stolen,
as just yesterday, they announced that the total number of customers
whose personal details were accessed is 156,959 and of these
customers, 15,656 bank account numbers and sort codes were
accessed.
So…. less than 16 thousand or 1 million? Do you
believe the individual The Mail communicated with or
TalkTalk (or neither)? According to the reporters, “The Martian”
claims to have intimate knowledge of last month’s cyber-attack which has left huge numbers of TalkTalk customers exposed to fraud, and wiped millions off the company’s share price.
He said he was directly communicating with those responsible on the day of the hack, which he claimed occurred three days before TalkTalk reported it to the police. The criminals later passed him a database of customers’ details
The reporters claim that they verified the
authenticity of a sample of data they received – at least to the
extent that those named in the sample are TalkTalk customers. It’s
not clear to me whether those customers’ data had been caught up in
any prior TalkTalk data breach.
Read more on The
Daily Mail, and don’t be confused by their coverage of the
fourth arrest in the case (the 16-year-old from Norwich). I don’t
think they mean to suggest that that youth is “The Martian.”
Another follow-up...
Steve Orr has a follow-up on the Excellus
BlueCross BlueShield data breach that was disclosed
in September, but the scant details still available will
doubtless continue to frustrate those who want to know how the breach
occurred and why it took almost 20 months for Excellus to detect it.
And the available facts serve as a reminder that encryption
does not prevent all breaches. [Primary
use of encryption is to render any data unusable, except to those
with the key. Bob]
The Excellus breach was one of the largest in the
healthcare sector, affecting over 10 million members and their
dependents. It may also have impacted
Highmark BlueCard holders who obtained services
from Excellus providers. The initial attack reportedly occurred on
December 23, 2013, but was not detected until August, 2015.
By now, about a dozen lawsuits have been filed
against Excellus and its parent company, Lifetime
Healthcare.
From the git-go, Excellus claimed that this was a
“sophisticated” attack. And while that phrase may be over-used,
frankly, if Mandiant is having problems figuring out what happened
and how, Excellus may be right.
Unlike some other big breaches in the healthcare
sector, spear phishing does not appear to have been involved in
obtaining employee passwords, at least according to an Excellus
spokesperson. But however they got in, the attackers were able to
plant malware on the systems that enabled acquisition of employee
login credentials. Orr reports:
The user accounts that were compromised at Excellus were of employees with high-level administrative access, which allowed them to roam freely through company data. The company told Nozzolio that the hackers could have unlocked any encrypted data they found “because of the type of access the attacker possibly had.”
Forensic analysis by Mandiant indicated that the
hackers maintained access until May 11, 2015. It’s not clear what
may have happened on that date that prevented further access.
Even then, Excellus did not become aware of the
intrusion for another three months, until August 5, 2015. They
announced the breach on September 9, 2015.
Read more on Democrat
& Chronicle.
For my Computer Security students. Compare to
yesterday's article on mobile Apps.
Exposing
the Hidden Web: An Analysis of Third-Party HTTP Requests on One
Million Websites
by Sabrina
I. Pacifici on Nov 7, 2015
Exposing
the Hidden Web: An Analysis of Third-Party – HTTP Requests on One
Million Websites. International Journal of Communication,
October 2015. Timothy Libert.
“This article provides a quantitative analysis
of privacy compromising mechanisms on one million popular websites.
Findings indicate that
nearly nine in ten websites leak user data to parties of
which the user is likely unaware of; over six in ten websites spawn
third-party cookies; and over eight in ten websites load Javascript
code from external parties onto users’ computers. Sites which leak
user data contact an average of nine external domains, indicating
users may be tracked by multiple entities in tandem. By tracing the
unintended disclosure of personal browsing histories on the web, it
is revealed that a handful of American companies receive the vast
bulk of user data. Finally, roughly one in five websites are
potentially vulnerable to known NSA spying techniques at the time of
analysis.”
Just a curious question but what government agency
is responsible for reporting security bugs to businesses?
NSA
says how often, not when, it discloses software flaws
No comments:
Post a Comment