Tag Archive for: didn’t

Portal didn’t have minimum security, says Palak

/in


Star Digital Report

Sun Jul 9, 2023 02:21 PM Last update on: Sun Jul 9, 2023 06:21 PM

Zunaid Ahmed Palak. File photo

“>

Zunaid Ahmed Palak. File photo

The incident of leaking sensitive personal information of millions of Bangladeshi citizens on the internet from the website of a government organisation was due to technical weaknesses of the site, Zunaid Ahmed Palak said today.

“We saw that there were technical glitches,” the state minister for post, telecommunications and information technology said, noting that the website itself was fragile. “That is why the information is exposed to people.”

For all latest news, follow The Daily Star’s Google News channel.

There is no scope to avoid responsibility for this incident, he added.

He was speaking at the inauguration of the Bangabandhu International Cyber Security Awareness Award programme at the BCC Auditorium of ICT Tower in the capital’s Agargaon.

Answering journalists’ questions after the event, he said the state has suffered a great loss due to this incident.

He said the portal from which the information was made public did not have minimum security. Despite being warned, the officials of the concerned department did not take it into account. Due to their negligence, the state has suffered huge losses.

“We have yet to find evidence that cybercriminals have taken any data. What we found was that there was a technical weakness in the government’s website. As a result, the information was very easy to see.”

He said, “We announced 29 critical institutions, but the number is increasing step by step. After the cyber-attack on Bangladesh Bank in 2016 in which $81 million was stolen, we realised the importance of cyber security. Out of these 29 institutions, the institution which we identified in the list as number 27 fell into such a situation.”

The state minister’s comment comes after reports that a security exploit in a Bangladeshi government website has resulted in the exposure of sensitive personal information belonging to millions of Bangladeshi citizens on the internet.

The leaked data…

Source…

Jacksonville mom ‘didn’t know son’s Xbox could connect to social media’ after he threaten day care shooting, police say

/in


JACKSONVILLE, Fla. – A Jacksonville teenager was arrested Friday after police said he threatened to shoot up a daycare center in San Marco. Investigators said he posted the threat on a gaming chatroom using his Xbox.

After police spoke to the teenager’s mother about what her son did, she told police she had no idea her son could use his gaming system to communicate on social media.

To many parents, an Xbox is just a gaming system. But in reality, the Xbox is a computer much like a desktop hard drive.

An Xbox is a gaming system that can be linked to the internet to download games and movies, and even connect to social media. This was evident when Jacksonville police showed up at an apartment inside this Northside complex and arrested a 15-year-old boy.

Related: Jacksonville teen used Xbox to threaten day care shooting, police say

Ad

That’s when the boy’s mother told police she had no idea her son’s gaming console could connect to social media.

News4JAX spoke with cyber security expert Chris Hamer who said this should be a wake-up call for all parents who are not computer savvy.

“Parents need to be aware that these consoles are fully-fledged computers with the capacity of surfing the internet and communicating in both directions,” Hamer said. “That issue is if you leave your child alone with an Xbox or PlayStation, not only can they present a credible threat to the outside world but they can also be groomed by people who deliberately go into the chatroom, game rooms, and the lobbies for these different programs to find their next victim.”

So in addition to monitoring your child’s activity on the home computer or smartphone — parents are being urged to monitor their kids’ activities on gaming consoles.

Hamer said while parents may not be too computer savvy, kids who are caught posting threats online are also not as computer savvy as they may think.

Ad

“The individuals that are making less than intelligent decisions as to their activities online may or may not be aware that their IP addresses can be tracked right to their provider and thus to their house,” Hamer said.

One tip parents should know is that it doesn’t matter if you’re using a home computer, a cell…

Source…

A Hacker Group Has Been Framing People for Crimes They Didn’t Commit

/in


Image for article titled A Hacker Group Has Been Framing People for Crimes They Didn't Commit

Image: Sean Gladwell (Getty Images)

For at least a decade, a shadowy hacker group has been targeting people throughout India, sometimes using its digital powers to plant fabricated evidence of criminal activity on their devices. That phony evidence has, in turn, often provided a pretext for the victims’ arrest.

A report published this week by cybersecurity firm Sentinel One reveals additional details about the group, illuminating the way in which its digital dirty tricks have been used to surveil and target “human rights activists, human rights defenders, academics, and lawyers” throughout India.

The group, which researchers have dubbed “ModifiedElephant,” is largely preoccupied with spying, but sometimes it intervenes to apparently frame its targets for crimes. Researchers write:

The objective of ModifiedElephant is long-term surveillance that at times concludes with the delivery of ‘evidence’—files that incriminate the target in specific crimes—prior to conveniently coordinated arrests.

The most prominent case involving Elephant centers around Maoist activist Rona Wilson and a group of his associates who, in 2018, were arrested by India security services and accused of plotting to overthrow the government. Evidence for the supposed plot—including a word document detailing plans to assassinate the nation’s prime minister, Narendra Modi—was found on the Wilson’s laptop. However, later forensic analysis of the device showed that the documents were actually fake and had been artificially planted using malware. According to Sentinel researchers, it was Elephant that put them there.

This case, which gained greater exposure after being covered by the Washington Post, was blown open after the aforementioned laptop was analyzed by a digital forensics firm, Boston-based Arsenal Consulting. Arsenal ultimately concluded that Wilson and all of his so-called co-conspirators, as well as many other activists, had been targeted with digital manipulation. In a report, the company explained how extensive the intrusion was:

Arsenal has connected the same attacker to a significant malware infrastructure which has been deployed over the course of approximately four years to…

Source…

AT&T says that alleged massive customer data hack didn’t happen on its watch

/in


AT&T says that alleged massive customer data hack didn't happen on its watch

Last week T-Mobile elicited groans after it confirmed a massive hack of customer data — its fourth such hack in four years. For a short time it appeared that something similar had happened to its in-country carrier rival, AT&T: a post on an illicit hacker forum claimed to have customer data from 70 million people, selling for $200,000. But in contrast with T-Mobile’s response, AT&T says its investigation of the sample data indicates that it didn’t come from the company’s servers.

MarketWatch quotes an AT&T email sent to members of the media: “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems.” The implicit conclusion is that either the data was gathered from third-party sources given access to AT&T customer info (which is certainly possible), or that the poster on the forum simply made up the data and is looking for a quick payday.

That’s also very possible: we’re talking about criminals who illegally steal data to sell for the purposes of identity theft. It’s not hard to believe that said people would be above simply lying their way into a windfall. Now would be a natural time to do so, soon after a similar company confirmed yet another successful penetration of its systems.

On the same note, it’s also worth pointing out that a massive telecom company has sufficient motivation to be, shall we say, “downplay” news that its data security isn’t up to snuff. The only thing we can say for sure is that attacks on customer data, and the marketplace and culture surrounding them, aren’t going away any time soon.

Source…