Tag Archives: USA

EU denies US intelligence access to data vaults

MEPs have decided to put an end to the provisionally enforced Swift pact that had allowed US intelligence services access to details of millions of bank transfers performed by European citizens.

The Swift pact had allowed US authorities an unprecedented level of access to financial data. The intention behind the agreement was to help with the fight against international terrorism. But in spite of repeated requests from Washington for a renewal of the agreement, the European parliament has brought about its closure.

MEPs voted in their hundreds to bring the pact to an end, with most claiming that the data sharing had infringed on the rights of millions of Europeans with no beneficial outcome to justify it.

A spokesperson for the British government revealed that it was their belief that the end of the Swift pact would jeopardise the ongoing fight against terrorism. However, MEPs who voted against the pact said that the agreement had been flawed since its inception and that the US would have to reach a better agreement before personal information could be shared legitimately.

One Dutch MEP said that there were other legal avenues available to the US if it wanted to harvest data relating to financial transactions within the EU in the future. He went on to point out that if MEPs were calling for the right to monitor financial transactions within the US, this would almost certainly be vetoed by Congress.

It seems that MEPs were not acting entirely in line with the governments that they represent, as it is believed that a majority of EU member states were actually in favour of making the Swift pact a permanent fixture of international data sharing. The Swift pact has been in action for nearly 9 years since the attacks on the World Trade Centre in 2001, after which the global hunt for terrorists commenced.

There is clearly a strong sense of emotion driving the decisions being made on both sides of the Atlantic and division between authorities, MEPs and average citizens is creating a very difficult working environment. Clearly the protection of personal data relating to financial transactions is important to everyone, but it could be argued that transparency in this industry is the cost of freedom.

Shell suffers data leak

Oil giant Shell has been the latest in a long line of high profile businesses to come under scrutiny after hundreds of thousands of pieces of personal data were discovered on the open market online last week.

Telephone numbers, addresses and names of Shell staff were amongst the leaked information. A total of more than 170,000 people are believed to have been exposed by the security breach. Even contractors who had worked for Shell for brief periods were amongst those affected and the impact has been felt on a global scale.

In this instance it appears that there is no fraudulent third party involved, but rather a group of disgruntled Shell employees who took it upon themselves to expose the names of thousands linked to the firm.

The data was sent via email to Greenpeace and other groups of climate change campaigners and eco-activists. According to reports the leak was instigated because the staff responsible were attempting to push through changes to the operational intentions of Shell.

A number of Shell staff have apparently become disaffected by the firm’s involvement in the African nation of Nigeria and as a result they had called for changes in attitude and action within the firm, but to no avail.

Staff from Shell’s UK, US and Dutch operations have put their names to the leaked data, with over 100 people sharing the responsibility in all.

Shell took several days to work out a response and to analyse precisely what type of data had been contained in the leaked document. Eventually, in an attempt to minimise the impact of the news, the firm said that the data was 6 months old and that no personal addresses were contained within it.

Shell went even further and said that the leak was not directly caused by current Shell staff, although other reports appear to contradict this.

John Donovan, who operates a website that is critical of Shell, said that there was a greater need for Shell to properly protect the personal data relating to its employees in order to prevent a recurrence of similar leaks in the future.

Mr Donovan’s site has been the source of much leaked information from within the oil firm in the past, although he said that his site no longer contains the recently leaked copy of the database.

Phishing attacks remain high post-Christmas

IT security firm RSA has released new figures suggesting that criminals are heightening their efforts to target unsuspecting consumers in order to steal their personal data, with a 21 per cent rise in the number of phishing websites hijacking established brands to gain misplaced trust.

RSA said that in December 2009 a fifth more brand-based phishing sites appeared than in the previous month and in total 275 brands were mimicked by malicious hackers in the run up to Christmas, which is a new record within the industry.

Despite this news, it appears that in general the number of phishing attacks are actually growing at a slower rate than in the past, with a 3 per cent increase in the total number between November and December 2009 being far lower than the 17 per cent growth that was predicted for the year in whole.

The Global Online Consumer Security Survey that RSA commissions every year has shown that general awareness as to the dangers of phishing sites is increasing, with over 75 per cent of average internet users being wise to the most common tactics employed. This is up from around 33 per cent three years ago.

The UK is second in volume when the total number of phishing attacks are calculated, with the largest number of attacks being in the USA.

Phishing sites always rise dramatically in numbers during December as shoppers are targeted, but according to a recent report by Network Box the number is not abating as it usually does at the start of a new year. In excess of 50 per cent of the malicious emails posted over the last month were revealed to have contained links to phishing websites, indicating that the criminal fraternity is remaining persistent in its attempts to steal identities and harvest sensitive information from consumer’s computers.

Security analyst Simon Heron said that the UK’s emergence from the recession was causing more phishing sites to open their doors, as many people continue to look for bargain-basement deals on the internet with more interest in a low price than in the safety of their personal information.

Cloud security improvements requested by Microsoft

In a bid to increase confidence in cloud computing, Microsoft is calling for legislative and regulatory action from vendors and the US government aimed at improving the security of current cloud platforms.

Microsoft’s senior VP Brad Smith told the Washington D.C. based think tank at the Brookings Institute last week that businesses were not being provided with enough motivation to switch from in-house data backup and storage systems over to the cloud.

As a cloud provider itself Microsoft is of course affected and Mr Smith’s call for transparency in cloud security measures and standards would also require that the US government took it upon itself to create policies designed to police cloud computing. Mr Smith also suggested that there should be stronger powers available to punish criminals seeking to compromise the integrity of cloud systems.

Mr Smith said that cloud vendors could only win the trust of businesses if they were willing to openly explain how their data was stored and in what way it would be used by them. The involvement of a third party in any aspect of a business’ operation is always going to come under scrutiny and when valuable data is involved this is intensified.

The flow of data from individual PCs in a business network to the cloud would need to be governed by the elected authorities, said Mr Smith. Protecting the privacy of the individual in the eyes of the state would also have to be ensured and it is getting this balance of transparency and security right that is clearly the biggest challenge facing businesses and cloud vendors.

Mr Smith pushed for wider debate on the international stage concerning the regulation and operation of the cloud, because it is clearly necessary to keep global as well as national legislation in step with the ever-progressing technology involved.

Microsoft has evidence to support its desire for a more thorough discussion of cloud security and data protection policy, as a recent survey it commissioned found that 90 per cent of business owners are questioning the security and privacy of data stored using cloud computing. The survey also found that there is much enthusiasm for cloud computing, with 86 per cent saying that they were interested in the opportunities it offers.

Social networking software implicated in data loss lawsuit

A new lawsuit filed in the US claims that a hacker was able to steal the personal information of over 32 million social networking users after exploiting flaws in the security of software produced by the development firm RockYou.

RockYou is behind popular applications used on both Facebook and MySpace and since its creation 4 years ago it has become a major force involved in many of the biggest social networking sites, including Bebo.

The RockYou data vaults hold the personal information and profile passwords of many millions of people from around the globe and a hack which exploited an SQL injection vulnerability could have given the attackers the chance to steal all of this data for their own use, according to the plaintiffs in the suit.

It has been alleged that the breach is particularly severe because the personal data could also be used to access other online accounts held by the same users, including webmail services, which could have serious consequences.

The lawsuit has been filed by Alan Claridge, who allegedly had his data stolen after he used a RockYou photo sharing application online. Mr Claridge claims that his credit card details are amongst the compromised information which has been taken from his online accounts and the notification of the loss was only received by him last week.

Mr Claridge believes that RockYou has neglected its responsibility to ensure the security and integrity of the personal data relating to its many customers. It is also accused of exercising less than adequate care when storing data in unencrypted formats.

The final issue raised in the lawsuit is the disparity between the date upon which RockYou was made aware of the hack and the two week period during which it allegedly chose to conceal this fact from its customers.

At this time RockYou has not commented on the legal action which has been brought against it, but whatever the outcome of the case it is likely to have a significant impact on social networking websites and their customers on a global scale.

Cadbury slashes IT budget

Throughout December, UK confectionery giant Cadbury has been seeking to rebuff the attempts by US firm Kraft to take over its business and the latest tactic has involved a promise to drastically reduce the amount it spends on IT each year.

Cadbury currently spends over 70 million annually on supporting its IT infrastructure and developing its administration capabilities, but it will seek to reduce this outlay in order to shore up its defences against the Kraft bid. Cadbury’s chairman Roger Carr has treated the bid by Kraft as almost insulting, claiming that it significantly undervalues the business and would be of no benefit to either party.

The main budget cuts will come in the IT purchasing and procurement schemes which are currently employed by Cadbury and it will instead be focusing on creating a scalable, infrastructure which can be used by its international branches.

Cadbury’s chief of finance indicated that at this time it was believed that 66 per cent of the IT budget was being used ineffectively, blaming the local sourcing of its IT services.

Cadbury currently relies heavily on software and systems operated by German firm SAP, but after a business and resource management platform suffered serious setbacks three years ago and costs of 12 million were incurred as a result, a shake-up of its current IT model was always going to be on the cards.

According to a spokesperson for Cadbury, the company will now focus on creating an international platform which will be procured and paid for centrally, rather than seeking local solutions and paying regionally varying prices for data management and IT services.

Industry observers have commented that the news of Cadbury’s IT shake-up will be troubling for its current IT vendors as it could mean a vast majority will fail to have their contracts renewed, losing a very lucrative client in the process.

Cadbury is one of the many businesses that are realising the benefits of switching away from in-house IT solutions, or relying on solutions of limited scalability which have been superseded by virtualisation and cloud computing alternatives.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal