CyberSecurity Pulse 2016-04-28

CyberSecurity Pulse 2016-04-28

“The world moves, and ideas that were once good are not always good.”
Dwight D. Eisenhower

Analyst Insight

A Mexican Electoral Database Follows the Trend of Exposed Voters

This week a new data breach has got into the news related to another electoral database. In this case, the personal information of more than 90 million Mexican voters have been exposed. This leak complements others that have taken place recently in what we can start to consider a trend.

CyberSecurity PulseApart from the Mexican voters database already breached, we can count at least other three. Firstly, the database of the Turkish Ministry of Interior in which details of nearly 50 million Turkish citizens including full name, gender, identification numbers and their own mailing addresses were included. Secondly, a new information leakage linked to Philipine voters (which exceeded 300 GB) lead to the publication of details of over 55 million citizens. Apart from the Philippines and Turkey, these leaks can also affect western countries like the US. The online availability of more than 600,000 voters in Pennsylvania has also given access to voters data which included phone numbers and electoral participation.

This information has a value when used for impersonation of people on the network but can also be used to easen fraudulent password recovery processes. In addition, information on voters is a good target for malware campaigns as it is very likely that not all political parties with access to this information have updated systems with minimum safety standards. The truth is that the more organizations that can deal with this information, the more exposed it would be to a leak. We'll need to have a look at the standards to prevent this from happening.

Top Stories

Good Acceptance Among Assistants of the First Hacking Session of Anonymous Group

CyberSecurity PulseClasses on activism in the school created by the hacktivist collective Anonymous within the Tor anonymity network started last Sunday with a very good reception from the audience. The first hacking session imparted through the channel #class was attended by over 200 people, with a significant success amongst the Russian community. As part of the initiation programme, the topics touched on issues related to operational security (OpSec), anonymous navigation and surveillance programs or encrypted messaging, but the organizers have promised that specific security audits issues will be discussed in upcoming sessions. 

More information at Tor Network

What About Safeguards of Surveillance Programs?

CyberSecurity PulsePrivacy International, an organization committed to fighting for the right to privacy, has published more than a thousand pages of documents about UK surveillance programs. The documents reveal the details of so-called "Bulk Personal Datasets," or BPDs, which could contain "hundreds to millions of records" of people who are not suspected of any wrongdoing. Furthermore, they show a lack of any real safeguards in place to prevent abuse of these intimate data sets beyond just "trust us".

More information at Privacy International

Rest of the Week´s News

FBI Paid for a 0-day to Get into San Bernardino iPhone

FBI Director James Comey suggested to a conference in London that his agency would have paid more than $1.3 million to hackers who were able to unlock the iPhone 5C that was used by Syed Farook Rizwan, the dead terrorist who masterminded the attack in San Bernardino, California, in December 2015.

More information at Ars Technica UK

How Hackers Managed to Steal $80 Million to a Bank

Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.

More information at The Hacker News

Secret Backdoor on Facebook Server to Steal Passwords

A security researcher accidentally came across a backdoor script on one of Facebook’s corporate servers while finding bugs to earn cash reward from Facebook. Scanning Facebook's IP address space that led him to the domain that was hosting a vulnerable version of the Secure File Transfer Application (SFTA) which was used by Facebook employees for file sharing.

More information at The Hacker News

Further Reading

DARPA Wants to Build Ultra Secure Messaging App for US Military

More information at The Hacker News

Security Expert Builds Ransomware Blocker for Mac

More information at ZDNet

German Nuclear Plant in Bavaria Infected with Malware

More information at RT News