CyberSecurity Pulse 2016-04-28
|“The world moves, and ideas that were once good are not always good.”|
|Dwight D. Eisenhower|
A Mexican Electoral Database Follows the Trend of Exposed Voters
Apart from the Mexican voters database already breached, we can count at least other three. Firstly, the database of the Turkish Ministry of Interior in which details of nearly 50 million Turkish citizens including full name, gender, identification numbers and their own mailing addresses were included. Secondly, a new information leakage linked to Philipine voters (which exceeded 300 GB) lead to the publication of details of over 55 million citizens. Apart from the Philippines and Turkey, these leaks can also affect western countries like the US. The online availability of more than 600,000 voters in Pennsylvania has also given access to voters data which included phone numbers and electoral participation.
This information has a value when used for impersonation of people on the network but can also be used to easen fraudulent password recovery processes. In addition, information on voters is a good target for malware campaigns as it is very likely that not all political parties with access to this information have updated systems with minimum safety standards. The truth is that the more organizations that can deal with this information, the more exposed it would be to a leak. We'll need to have a look at the standards to prevent this from happening.
Good Acceptance Among Assistants of the First Hacking Session of Anonymous Group
Classes on activism in the school created by the hacktivist collective Anonymous within the Tor anonymity network started last Sunday with a very good reception from the audience. The first hacking session imparted through the channel #class was attended by over 200 people, with a significant success amongst the Russian community. As part of the initiation programme, the topics touched on issues related to operational security (OpSec), anonymous navigation and surveillance programs or encrypted messaging, but the organizers have promised that specific security audits issues will be discussed in upcoming sessions.
What About Safeguards of Surveillance Programs?
Privacy International, an organization committed to fighting for the right to privacy, has published more than a thousand pages of documents about UK surveillance programs. The documents reveal the details of so-called "Bulk Personal Datasets," or BPDs, which could contain "hundreds to millions of records" of people who are not suspected of any wrongdoing. Furthermore, they show a lack of any real safeguards in place to prevent abuse of these intimate data sets beyond just "trust us".
Rest of the Week´s News
FBI Paid for a 0-day to Get into San Bernardino iPhone
FBI Director James Comey suggested to a conference in London that his agency would have paid more than $1.3 million to hackers who were able to unlock the iPhone 5C that was used by Syed Farook Rizwan, the dead terrorist who masterminded the attack in San Bernardino, California, in December 2015.
How Hackers Managed to Steal $80 Million to a Bank
Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.
Secret Backdoor on Facebook Server to Steal Passwords
A security researcher accidentally came across a backdoor script on one of Facebook’s corporate servers while finding bugs to earn cash reward from Facebook. Scanning Facebook's IP address space that led him to the files.fb.com domain that was hosting a vulnerable version of the Secure File Transfer Application (SFTA) which was used by Facebook employees for file sharing.