All posts by Damien Garvey

Call for Social Media Websites to Provide Data

The new head of GCHQ, Robert Hannigan, has called for social media websites to work more closely with intelligence agencies to help reduce the threat of terrorist organisations.

The GCHQ is an intelligence and security organisation which aims to keep Britain safe.

Hannigan believes that the use of social media websites have become one of the primary methods of communication that terrorist organisations use in an attempt to avoid surveillance due to the reluctance of many social media companies to work with surveillance organisations.

Hannigan stated, “However much they [tech companies] may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us. The challenge to governments and their intelligence agencies is huge – and it can only be met with greater co-operation from technology companies.”

Hannigan added, “GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, cannot tackle these challenges at scale without greater support from the private sector, including the largest US technology companies which dominate the web.”

Jamie Bartlett who is the author of the book The Dark Net: Inside The Digital Underworld, believes that it is a very difficult issue to deal with due to the sophisticated methods that the organisations use to try and avoid censorship.

Bartlett stated, “It is incredibly difficult for them [intelligence agencies] and the police and indeed on the big internet service providers to actually get a handle on just how much propaganda, how much material is being produced and shared by Islamic State and other terrorist groups on these platforms.”

Bartlett added, “What we’ve seen with Islamic State and indeed every other terrorist group is quite a sophisticated way of avoiding censorship. Islamic State has been really very good at creating hundreds of different accounts on Twitter and Facebook and every time they’re closed down, they simply start again.”

There will always be a problem with just how much information people and service providers believe is a suitable amount to provide intelligence and security organisations.

It is therefore very important that whatever information you provide to a social media website, that you are happy and understand that it may find its way to an intelligence and security organisation.

Do you think that social media websites should be made to work more closely with intelligence and security organisations?

JPMorgan Chase Hit by Data Breach

JPMorgan Chase which is an American multinational banking and financial services company has officially announced that they have suffered a data breach which has compromised data belonging to 76 million households and 7 million small businesses.

It is believed that the attorneys general of Connecticut and Illinois have started an investigation into the data breach.

JPMorgan Chase notified the US Securities and Exchange Commission (SEC) on Thursday which declared that customer information such as names, addresses, phone numbers and emails addresses have been compromised.

On a slightly more positive note for the affected customers, JPMorgan Chase haven’t found any evidence that information such as customer account numbers, passwords, date of births or social security numbers have been compromised.

JPMorgan first became aware of a possible data breach in August and stated that they were working with US law enforcement authorities. It has also been revealed that the cyber-thieves had spent a month accessing the confidential data before the security breach was found.

Illinois attorney general Lisa Madigan believes that this is one of the most troubling data breaches to have ever occurred and that this breach proves that no data is ever safe from cybercriminals.

Madigan stated, “This is among the most troubling breaches ever — and not just because of its magnitude, but because it proves that there is probably no database that cyber criminals cannot compromise.”

Madigan added, “Chase is trying to diminish the extent of the breach, but what’s clear is that people can no longer assume their information is safe. Americans must assume that cyber criminals are working 24/7 to steal their personal information.”

Avivah Litan who is a security analyst for Gartner also believes that no data is now safe from cyber-thieves and that you cannot afford to take your foot of the pedal when it comes to data security.

Litan stated, “This is really a slap in the face of the American financial services system. Honestly, this is a crisis point.”

Litan added, “You have to be paranoid now. You can’t slack off. There is no such thing as data confidentiality anymore. Everything is out there.”

Google and Apple Introduce Encryption by Default

Google has revealed that their next mobile operating system, Android L, will encrypt users’ data by default. Apple has also confirmed that devices that are running its latest operating system, iOS8, will also encrypt data by default.

These measures are to make it more difficult for thieves or law enforcement agencies to obtain the data.

This isn’t the first time that Google and Apple have offered encryption for mobile devices but it was optional and needed to be enabled. As a result, many users were actually unaware of the capability to encrypt their data or hadn’t enabled it.

A spokesman for Google stated, “For over three years, Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement. As part of our next Android release, encryption will be enabled by default out of the box, so you won’t even have to think about turning it on.”

It is thought that the step to encrypt data by default is more to do with data privacy than protection as US firms will not have to hand data over to law enforcement agencies. As Google and Apple will not possess the data due to it being in an encrypted format and  having no knowledge of the encryption keys, it will be unreadable to them.

Google and Apple are already part of an alliance group called Reform Government Surveillance which has been set up in an attempt to persuade the US government to drastically change its surveillance programmes.

It is now very important that any confidential or sensitive data is stored in a secure state as the threat of cyber-thieves is increasing. They are developing more sophisticated methods of attacks as the value of obtaining confidential data is increasing.

Did you know about the data encryption feature? Have you enabled the encryption?

eBay Targeted by Cyber-Thieves

Online auction and sales company eBay has been successfully infiltrated by cyber-thieves which has potentially compromised credentials belonging to users.

Credentials may have been stolen when users clicked on some listing links which automatically redirected to a spoof site which was designed to steal credentials. This site had been designed to look like the online marketplace’s welcome page.

eBay was made aware of this but it took them over 12 hours to remove the listing from their website. It is yet known how many users had clicked on this link and entered account details within this time period.

Dr Steven Murdoch who is from University College London’s Information Security Research Group believes that the response time from eBay’s security team wasn’t good enough in this instance but that they are normally pretty competent when it comes to security.

Murdoch stated, “eBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad. The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces.”

Murdoch added, “eBay is pretty competent, but obviously it has been caught out here. Cross-site scripting is well within the top 10 vulnerabilities that website owners should be concerned about.”

Paul Kerr who is an IT worker from Alloa in Clackmannanshire discovered the threat and believes that other users will not have realised the danger that they were in.

Kerr stated, “You can bet your bottom dollar that somebody’s going to click on that and be redirected to a third-party site and they’re going to enter their details and be compromised. You can bet your bottom dollar that somebody’s going to click on that and be redirected to a third-party site and they’re going to enter their details and be compromised.”

An eBay spokesperson claimed that the eBay network hadn’t been infiltrated but that it was a case of abuse by a user.

The spokesperson stated, “The eBay corporate network has not been compromised. This appears to be a case of abuse by a user who placed malicious links within a few product listings on eBay.co.uk. We take the safety of our marketplace very seriously and remove listings that are in violation of our policy on third-party links.”

It is very important that users remain aware when online and only enter confidential details such as passwords when 100% sure that the website is legitimate and secure. It is also important that different passwords are used for each online account to ensure that if a password is compromised, it cannot be used to access several different accounts.

Gmail Addresses and Passwords Posted Online

Millions of Gmail addresses have been posted onto a Russian website along with a set of passwords for the accounts.

The total number of Gmail addresses and passwords that were posted online approached the five million mark but there are serious doubts with whether the passwords are correct.

Security experts believe that the passwords are not correct and that they are either old ones that have been obtained through phishing attacks or that they are passwords that have been used on other sites in conjunction with Gmail addresses.

Reddit users have confirmed that they have found their Gmail addresses in the list but that the provided passwords have never been used in conjunction with their Gmail account.

Reddit user InternetOfficer stated, “The password that I generally use for other services is shown in this list and not my Gmail password. This proves that the hackers hacked into some other service where Gmail address (or other email addresses) are used and got the password of that service not Gmail password.”

Google have stated that they have seen no evidence that their systems have been successfully hacked but did confirm that some users have been asked to change their password.

In a security blog released by Google, it stated, “We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords.”

As cybercriminals are developing more sophisticated methods of attacks, it is vital that security measures are in place and regular updated. It is recommended that strong, different passwords are used for different accounts to ensure that access cannot be obtained to multiple accounts through obtaining one password.

Twitter Offer Bug Bounty Rewards

Twitter has become the latest company to offer computer experts financial rewards for discovering a vulnerability in their security systems. This is known as a bug bounty.

Twitter has confirmed that there is a minimum reward of $140 (£85) available but that no limit has been set on the maximum reward that is available.

Twitter released a statement confirming the bug bounty. The statement read, “There is no maximum reward. Reward amounts may vary depending upon the severity of the vulnerability reported. Twitter will determine in its discretion whether a reward should be granted and the amount of the reward.”

Twitter concluded, “This is not a contest or competition. Rewards may be provided on an ongoing basis so long as this program is active.”

The bug bounty actually started in June through a company called HackerOne but there were no financial rewards available. This was reflected in the uptake as only 44 bugs were reported but this is now expected to increase.

In order to be considered for financial rewards, the person reporting the vulnerability must be the first to have reported it and not disclose the vulnerability until it has been resolved.

Twitter is not the first company to set up a bug bounty which has been successfully utilised by other market leading companies such as Microsoft and Google. A bug bounty helps companies reduce the number of security flaws they have and can also prove very profitable for individuals who discover any security flaws.

One example of this occurred when a security expert earned $100,000 from Microsoft during their bounty program.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal