Apr 182019
 

Hacktivism is seeing a resurgence recently, in no small part fueled by the arrest of Julian Assange. #Op hashtags for the UK, Sweden, and Ecuador signal the intent of the attackers.

The police.uk site was back up at the time of this posting, but that was just one site hit. Rogue Media Labs reported that @Cyberghost404 of the Philippine Cyber Eagles (@PhCyberEagles) released a data dump with data from more than two dozen UK police-related agencies. The data dump, obtained by DataBreaches.net, does not appear to leak particularly sensitive personal information, and it is not clear what site the data were obtained from. The files, including spread sheets on stop-and-searches, organized by police unit/location, and outcomes, seem to be February data that was accessed or dumped at the beginning of April.

I suppose the question for now is:  what other files might these hacktivists have acquired that they have yet to dump?

Apr 182019
 

Remember what I said earlier today about India being a data protection mess? Here’s another example. Mohit Kumar reports:

An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified.

Founded over two decades ago, JustDial (JD) is the oldest and leading local search engine in India that allows users to find relevant nearby providers and vendors of various products and services quickly while helping businesses listed in JD to market their offerings.

Rajshekhar Rajaharia, an independent security researcher, yesterday contacted The Hacker News and shared details of how an unprotected, publicly accessible API endpoint of JustDial’s database can be accessed by anyone to view profile information of over 100 million users associated with their mobile numbers.

Read more on The Hacker News.  JustDial subsequently responded with the following statement (courtesy of THN’s Twitter account):

As TheHackerNews notes in their Twitter thread on this matter (begins here), THN did not declare this a data breach. That said, they do take exception to certain claims by JustDial.  As one example, THN tweets:

Statement says, “older versions cater to only a tiny fraction of users.”

Incorrect. we have verified that old APIs (exist since 2015) were fetching data from database to which the new protected APIs are also connected.

Hence, leaking profile data of even the very latest users.

So, this is still an openly disputed incident with more follow-ups by THN and JustDial likely.

Apr 182019
 

For the past year or more, I’ve been receiving numerous  tips and notifications  from trusted researchers about leaks and breaches involving entities in India.  While some of the incidents involve alleged miscreants, other incidents involve human error or misconfiguration situations.  But as many of us have experienced and reported, when it comes to data protection in India, it is often close to impossible to: (1) get entities in India to secure personal information and (2) notify them when their failures have been found by researchers (cf, this post). And then, as Brian Krebs has sadly noted, even when you do reach firms to notify them, they do not always respond appropriately.

Today, Gemini Advisory is releasing a new report their findings with respect to payment card data breaches in India. Of note, Stas Alforov and Christopher Thomas report that Gemini found more than 3.2 million Indian payment card records were compromised and posted for sale in 2018, which elevated India to third in the world in the total amount of stolen payment cards.

This was no small uptick, either.  Gemini reports that they identified a 219% spike in Indian payment cards added that year due to a significant rise in stolen Card Not Present (CNP) and Card Present (CP) data.

Of special note, the increasing demand was supported by a 150% surge in the sale price of card data, from a median price of $6.90 USD (approx. 478.02 Indian Rupees) in 2017 to $17 USD (approx. 1,177.73 Indian Rupees) in 2018.

Based on their data and analyses:

Gemini Advisory assesses with high confidence that fraud levels in India, particularly CNP fraud, will likely surpass those of the United Kingdom in 2019, making Indian-issued payment cards the second-most targeted cards in the world.

You can read their full report at https://geminiadvisory.io/india-rising-cybercrime-frontier/

Given how many U.S. firms outsource to India, Gemini’s report serves as a timely reminder that companies need to pay heightened attention to the data security deployed by their third-party providers or vendors. This also applies to the healthcare sector as payment card data, if linked to a patient’s name, are considered identifiers under HIPAA.

 

Apr 172019
 

Hell hath no fury like a vengeful insider, Wednesday edition.  Catalin Cimpanu reports:

In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless.

[…]

In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless.

Read more on ZDNet.

Apr 162019
 

Brian Krebs reports:

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Read more on KrebsOnSecurity.com.  Note that post-publication, Brian added an update:

Update, April 16, 9:11 a.m. ET: Not sure why it did not share this statement with me, but Wipro just confirmed to the India Times that it discovered an intrusion and has hired an outside security firm to investigate.