Tag Archive for: afghan

UK defence ministry fined for Afghan data breach

/in


UK defence ministry fined for Afghan data breach

by AFP Staff Writers

London (AFP) Dec 13, 2023






The UK defence ministry has been fined �350,000 ($440,000) for disclosing personal information of 265 Afghans seeking to flee the Taliban, a data watchdog announced on Wednesday.

“This deeply regrettable data breach let down those to whom our country owes so much,” said UK data commissioner John Edwards.

The error saw the email addresses of hundreds of people, including Afghan interpreters potentially eligible for relocation to Britain, openly included in the “to” field, rather than blind copied.

It first came to light in September 2021, soon after the Taliban takeover of Afghanistan, and the chaotic efforts to evacuate vulnerable people from the country.

Ben Wallace, who was defence minister at the time, apologised and disclosed that one official had been suspended.

Britain’s Afghanistan evacuation plan has been widely criticised, with the government accused by MPs of “systemic failures of leadership, planning and preparation”.

Hundreds of Afghans eligible for relocation were left behind, many with their lives potentially at risk after details of staff and job applicants were left at the abandoned British embassy in Kabul.

In his ruling, Edwards said “very challenging” conditions on the ground and fast-paced decision-making were no excuse for not protecting personal information.

Those affected “were vulnerable to reprisal and at risk of serious harm,” he added. “When the level of risk and harm to people heightens, so must the response.”

A total of 245 people had their details inadvertently disclosed, 55 of whom had thumbnail pictures on their email profiles.

Two people “replied all” to all recipients and one included their location, Edwards’ office said.

“The data disclosed, should it have fallen into the hands of the Taliban, could have resulted in a threat to life,” it added in a statement.

Recipients were told to delete the email, change their email address and tell the team in charge of relocations of their new details via a secure form.

Two other data breaches were discovered during the investigation. A total of 265 people were affected in all three…

Source…

Facebook, Twitter and LinkedIn secure Afghan users’ accounts amid Taliban takeover

/in


The Facebook logo is displayed on a mobile phone in this picture illustration taken December 2, 2019. REUTERS/Johanna Geron/Illustration

Aug 19 (Reuters) – Facebook, Twitter and LinkedIn said this week they had moved to secure the accounts of Afghan citizens to protect them against being targeted amid the Taliban’s swift takeover of the country.

Facebook (FB.O) has temporarily removed the ability for people to view or search the friends lists of accounts in Afghanistan, its security policy head Nathaniel Gleicher tweeted on Thursday.

Gleicher also said the company had launched a “one-click tool” for users in Afghanistan to lock down their accounts, so people who are not their Facebook friends would be unable to see their timeline posts or share their profile photos.

Human rights groups have voiced concerns that the Taliban could use online platforms to track Afghans’ digital histories or social connections. Amnesty International said this week that thousands of Afghans, including academics, journalists and human rights defenders, were at serious risk of Taliban reprisals.

The former captain of the Afghan women’s soccer team has also urged players to delete social media and erase their public identities.

Twitter Inc (TWTR.N) said it was in touch with civil society partners to provide support to groups in the country and was working with the Internet Archive to expedite direct requests to remove archived tweets.

It said if individuals were unable to access accounts containing information that could put them at risk, such as direct messages or followers, the company could temporarily suspend the accounts until users regain access and are able to delete their content.

Twitter also said it was proactively monitoring accounts affiliated with government organizations and might temporarily suspend accounts pending additional information to confirm their identity.

A LinkedIn spokesman said the Microsoft-owned (MSFT.O) professional networking site had temporarily hidden the connections of its users in Afghanistan so other users would not be able to see them.

Reporting by Elizabeth Culliford in London
Editing by Chris Reese and Sam Holmes

Our Standards: The Thomson Reuters Trust Principles.

Source…

Chinese Hackers Attacked Afghan Council Network, Cybersecurity Firm Says  | Voice of America

/in


As part of a cyberespionage operation targeting Central Asian countries, Chinese hackers recently sought to breach the computer networks of Afghanistan’s National Security Council, researchers at cybersecurity firm Check Point reported.

The alleged attack by the Chinese-speaking hacking group known to cybersecurity experts as IndigoZebra is the latest in an operation that goes back as far as 2014 and has targeted political entities in neighboring Uzbekistan and Kyrgyzstan, the researchers wrote in a report released Thursday. Other countries might also have been targeted, the researchers said.

The Afghan operation came in early April, when hackers impersonated a senior official in the office of the president of Afghanistan to infiltrate the country’s National Security Council. They did this after gaining access to the official’s email account and using it to send national security officials a “dupe email” urging action about an upcoming press conference.

“Yesterday, I called your office and no one answered it,” the hackers posing as the official wrote in the email. “We have received your file and modified it. There is an error in the third line of the second page. Please confirm whether the error exists.”

Effects unknown

Acting on the email would have activated malware, and it remains unclear if anyone on the council fell victim to the attack. A spokesman for the council told VOA he was not aware of the attempted breach.

Lotem Finkelstein, head of threat intelligence at Check Point Software Technologies in Tel Aviv, Israel, said it was highly unusual for hackers to use “ministry-to-ministry” deception, as was the case in Afghanistan, to carry out a cyberattack.

“This tactic is vicious and effective in making anyone do anything for you; and in this case, the malicious activity was seen at the highest levels of sovereignty,” Finkelstein said.

FILE - In this Aug. 11, 2019, file photo an iPhone displays a Facebook page in New Orleans. Facebook says hackers in China…
FILE – An iPhone displays a Facebook page, Aug. 11, 2019. Facebook said March 24, 2021, that hackers in China had used fake accounts and impostor websites in a bid to break into the phones of Uyghur Muslims.

This is the first major Chinese cyberespionage operation in Afghanistan to come to…

Source…

Feds quiz 2 more in alleged NYC bomb plot – MSNBC

/in

NEW YORK – Federal investigators have questioned two men whose photographs were shown to a Muslim religious leader along with a picture of an Afghan immigrant accused of plotting a bomb attack in New York City.

Read more