Tag Archive for: defends

Hong Kong Cyberport defends move to not reveal hacking attack, says stolen data includes details on staff and ex-workers, credit card records

/in


It added: “We were subsequently made aware that some information available on the dark web could potentially be related to the incident and we immediately made a public announcement on [September 6] and contacted persons who may have been affected.”

Cyberport is a base for 1,900 start-ups and tech companies. Photo: Shutterstock

Police said an investigation by the force’s cybersecurity and technology crime bureau was under way.

The Office of Privacy Commissioner for Personal Data on Tuesday said it had since received one inquiry from an affected individual. The privacy watchdog said it had launched a compliance investigation, but declined to go into further details.

The stolen data was available on the dark web, a hidden corner of the internet, but the tech hub did not mention the scale of the breach.

A ransomware group reportedly blackmailed Cyberport after hacking its computer system and stealing and encrypting the data. It demanded that a ransom of US$300,000 be paid by Tuesday to get back access to the data.

‘No system is invincible’: technology-related crimes in Hong Kong surge 47.3%

According to Cyberport, a sizeable amount of personal data was limited to individuals’ names and contact details, including phone numbers or email addresses.

Human resources-related data included identity card number, date of birth, social media accounts, and academic and bank account details, as well as health information.

Cyberport said it had engaged independent cybersecurity experts to investigate the incident and provide a remedy. The investigation and remediation were continuing.

The business park has 140 employees and is a base for 1,900 start-ups and tech companies.

The data breach was first disclosed earlier this month by cybersecurity information platform FalconFeedsio, which said on social media that ransomware group Trigona had added Cyberport to its victim list.

Hong Kong records sixfold rise in technology-based crimes in a decade

According to Palo Alto-based cyber-risk consultancy Unit 42, Trigona ransomware is relatively new and was first discovered by security researchers in late October 2022, with organisations involved in manufacturing, finance, construction, agriculture,…

Source…

Wray defends FISA, says law used to ‘detect and thwart’ Chinese hacking of US critical infrastructure

/in


The FBI was able to “detect and thwart” Chinese hackers attempting to access U.S. critical infrastructure, as well as malign threats from other adversaries, under Section 702 of the Foreign Intelligence Surveillance Act, FBI Director Christopher Wray said Friday in a letter to Congress defending the law.

Fox News Digital obtained letters Wray sent to House Speaker Kevin McCarthy, R-Calif., and Senate Majority Leader Chuck Schumer, D-N.Y., on Friday highlighting the positives of the surveillance tool amid significant reforms the bureau has made under his leadership.

The letters come on the same day the FISA Court released its 2023 opinion, which said a U.S. senator and a state senator were queried under FISA Section 702 in June 2022, and a state judge was queried in October 2022 — demonstrating a “failure” to follow FBI policy.

The opinion, though, said “the FBI has been doing a better job in applying the querying standard,” and said its compliance rate with that standard is more than 98%, after the implementation of reforms.

FISA COURT OPINION REVEALS A US SENATOR, STATE SENATOR, STATE JUDGE GOT SWEPT UP IN 702 QUERIES

FBI Director Christopher Wray

FBI Director Christopher Wray speaks during a news conference in Omaha, Nebraska, on Aug. 10, 2022. (AP Photo/Charlie Neibergall)

Wray’s letters highlighted the successes the bureau has had in combating threats, using the tool of Section 702, which will sunset on Dec. 31 and requires congressional reauthorization.

“Section 702’s critical importance to our national security has only grown with the evolution of technology and threats. Without Section 702 we would be unable to plug a critical intelligence gap — one that foreign threat actors regularly exploit as they traverse computer networks and electronic service providers to conduct cyberattacks, espionage campaigns, or coordinate with likeminded terrorists,” Wray wrote.

Wray called Section 702 “invaluable” to the FBI’s ability to “know what our foreign adversaries are doing and how they are doing it — intelligence without which we could not protect Americans or the homeland.”

Section 702 of Foreign Intelligence Surveillance Act (FISA) allows the government to conduct targeted surveillance of non-U.S. citizens…

Source…

Mucheru defends govt over IEBC hacking claims » Capital News

/in


NAIVASHA, Kenya, Jun 11 – Information Communication and Technology (ICT) Cabinet Secretary Joe Mucheru has rubbished claims that the Government was planning to hack the Independent Electoral Boundaries Commission (IEBC) Information technology system in order to rig the forthcoming General Elections in favour of one presidential candidate.

Mucheru said IEBC was an independent body that is procuring its own Information Technology (IT) systems for the upcoming elections and the ministry was not involved in any way in this process.

“We do not have any plans or intension to hack the IEBC servers neither do we have the know-how to do it because the servers are procured and secured by the IEBC itself,” Mucheru said.

He said the allegations coming from one section of the political divide were pure political rhetoric saying it is not possible to hack the system secured by IEBC itself without prior knowledge or information about its security.

The CS was speaking in Naivasha on Friday when he officially closed the Cyber Security Strategy 2022 – 2026 workshop which he said will give guidelines that will help the government strengthen the cyber security laws.

On network coverage in the country during the coming elections, the CS assured the country that the entire country will be covered for the ease of transmission of the election results as IEBC had procured 1,500 satellite modems to be used in the areas not covered by the 3G network.

The country goes to polls on August 9 with over 20million registered voters expected to elect their leaders at six levels- presidential, gubernatorial, senatorial, county women representatives, member of parliament and member of county assemblies.

Mucheru said Kenya has the highest international bandwidth per internet user with 566.41kilobites per second and a compounded annual growth rate of 52 percent making it one of the most digitalized countries in the world.

Advertisement. Scroll to continue reading.

He said every sector and industry and the government at large had adopted and relied heavily on ICTs and the internet as economic and governance resources and hence the need to secure our digital space.

The CS said to this…

Source…

Colonial CEO Defends Hack Response and Offers Lessons Learned

/in


(Bloomberg) — The chief executive officer of the pipeline company hit by a ransomware attack last month apologized to a U.S. Senate panel for the incident that paralyzed the East Coast’s flow of gasoline, diesel and jet fuel, while defending his company’s response and offering tips for future hacking victims.

“We are deeply sorry for the impact that this attack had, but are also heartened by the resilience of our country and of our company,” Colonial Pipeline Co. CEO Joseph Blount Jr. said at Tuesday’s hearing.

Blount’s appearance before the Senate Homeland Security and Governmental Affairs Committee comes as Congress readies its response to the hack, which affected 45% of the East Coast’s fuel supply, driving up gasoline prices and sparking shortages at filling stations after the company shut the roughly 5,500-mile pipeline on May 7.

The senators’ questions for Blount were direct but relatively gentle. Blount was contrite — and sometimes vague — on some details about the company’s cybersecurity protections. When asked about Colonial’s cybersecurity budget, for instance, he said they had spent $200 million on information technology over five years without specifying how much was defending against hacks.

Blount said responding quickly to contain the threat and swiftly communicating with the government were among the most important lessons he learned from the incident.

The hackers, who the FBI said have been linked to a group known as DarkSide operating in Russia, were able to breach the company’s computer system April 29 using a virtual private network — or VPN — account, an encrypted internet connection that allowed employees to remotely access the company’s computer network. Blount testified that the VPN account only had single-factor authentication.

The “legacy” network “was not intended to be in use,” said Blount, who took over as Colonial CEO in 2017. He added that the company is still trying to determine how the hackers gained the needed credentials to exploit it.

Senator Rob Portman, a Republican from Ohio and the ranking member on the committee, called out this failure. “Mr. Blount you’re a victim, and we understand that,”…

Source…