About these ads

Archive

Posts Tagged ‘Financial Times’

16-31 December 2013 Cyber Attacks Timeline

January 12, 2014 Leave a comment

Let’s give the welcome to this new infosec year with the first timeline of 2014 (or better the last of 2013) summarizing the main events occurred in the second half of December 2013.

With no doubt, this holiday season has been characterized by the Target breach, whose size is constantly growing (110 million the number of potential victims according to recent estimates). This massive incident has somehow shadowed another massive breached occurred in Turkey, were Russian hackers have allegedly been able to obtain 54 million citizens’ ID Data. With similar numbers, the 300.000 users potentially affected by the Cyber Attack involving Affinity Gaming appear risible.

Other considerable events include a Christmas Intrusion on a BBC server (with the author possibly selling the backdoor access on the underground) and yet another possible intrusion by Chinese hackers on a US target, specifically the Federal Election Commission.

Nothing particularly significant on the hacktivism front characterized by the consolidated “background noise” of events whose sizes are well far from the levels of the recent years.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-31 December 2013 Cyber Attacks Timeline Update2 Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

15-31 May 2013 Cyber Attacks Timeline

And here we are with the second part of the Cyber Attacks Timeline for May (first part here).

The second half of the month has shown an unusual activity with several high-profile breaches motivated by Cyber-Crime or Hacktivism, but also with the disclosure of massive Cyber-Espionage operations.

The unwelcome prize for the “Breach of the Month” is for Yahoo! Japan, that suffered the possible compromising of 22 million users (but in general this was an hard month for the Far East considering that also Groupon Taiwan suffered an illegitimate attempt to access the data of its 4.1 million of customers).

On the cyber-espionage front, the leading role is for the Chinese cyber army, accused of compromising the secret plans of advanced weapons systems from the U.S. and the secret plans for the new headquarter of the Australian Security Intelligence Organization.

On the Hacktivism front, this month has been particularly troubled for the South African Police, whose web site has been hacked with the compromising of 16,000 individuals, including 15,700 whistle-bowlers.

Other noticeable events include the unauthorized access against the well known open source CMS Drupal (causing the reset of 1 million of passwords), the trail of hijacked Twitter accounts by the Syrian Electronic Army and also an unprecedented wave of attacks against targets belonging to Automotive.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

May 2013 Cyber Attacks Timeline Part II Read more…

Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Missing BlackBerry Of Dominique Strauss-Kahn

November 28, 2011 2 comments

Examples in which political news provide hints for Information Security are happening too often (think for instance to the UK Phone Hacking Scandal). The latest comes from the affair involving Dominique Strauss-Kahn and his alleged sexual encounter with a maiden during the horrible day of May, 14th 2011. The details which are being disclosed on that story show that the BlackBerry owned by DSK played a crucial role in the event, both because it had likely been hacked, and because it was used as a decoy to catch DSK at the airport.

All the traditional ingredients of Mobile Security are mixed up in this story: a device used for both personal and business purposes, which is hacked and whose stolen information is used to harm the victim.

The details were given on Friday, the 25th of November, when Financial Times published an anticipation of an investigation carried on by the journalist Edward Epstein to be published in full by the New York Reviews of Books. The investigation tells with an unprecedented level of details the two hours that sank Dominique Strauss-Kahn and wrecked his political career on May, 14th 2011 during his stay at the Sofitel New York Hotel, and the alleged sexual assault encounter with Nafissatou Diallo, the maid he had encountered in the presidential suite.

DSK was then head of International Monetary Fund and leading Socialist Contender against Nicolas Sarkozy (well ahead him in opinion polls) for the French Presidential Election in April 2012. As known the aftermaths of the scandal (although all the charges were dismissed by the prosecutor on August 23rd, 2011) destroyed his political ambitions for the rush at the French Presidential Chair.

The account of Edward Epstein reveals several shadow zones which seem to support the hypothesis according to which DSK was the victim of a plot (for instance the strange visits of Nafissatou Diallo to room 2820, a room on the same floor of the Presidential Suite borrowed by DSK, whose occupant’s identity was never released by Sofitel on grounds of privacy).

You may guess at this point what this history has to deal with Information Security. Well, it has much to deal with, since one of the Shadow Zones just concerns one of DSK’s Blackberry cell phones, the one he called IMF Blackberry, used to send and receive texts and e-mails for both personal and IMF business, which DSK believed had probably been hacked, and which has not been found since then. Moreover the lost BlackBerry was used as a decoy to catch him on board of Flight 23, few minutes before living for Paris.

If you think the mobile security risks are exaggerated and the promiscuous use of mobile devices for personal and professional purposes is not harmful and do not constitute a security hazard, you should better read the following lines.

The account of Mr. Epstein tells that, the morning of May, the 14th, DSK had received a text message from Paris from a woman friend temporarily working as a researcher at the Paris offices of the UMP, Sarkozy’s political party. The message warned him that at least one private e-mail he had recently sent from his BlackBerry to his wife, had been read at the UMP offices in Paris. It is unclear how the UMP offices might have received this e-mail, but if it had come from his IMF BlackBerry, he had reason to suspect he might be under electronic surveillance in New York.

At 10:07 AM he called his wife in Paris on his IMF BlackBerry, telling her of his problem. He asked her to contact a friend who could arrange to have both his BlackBerry and iPad examined by an expert. An exam that would never happen for his Blackberry…

The call records show that DSK used his IMF BlackBerry for the last time at 12:13 PM to tell his Daughter Camille he would be late for lunch. This happened approximately 7 minutes after the maiden entered his room, which occurred at 12:06 PM according to Hotel key records, and most of all after the controversial encounter, likely occurred in this Time Interval, which is still a matter of dispute.

DSK realized his IMF BlackBerry was missing only nearly two hours later, at 14:15 PM while going to the Airport in taxi. At the beginning he believed he had left the cellphone to the Restaurant and immediately called his daughter (with a spare mobile phone) asking her to go back there for a check. The footage at the Restaurant shows that she effectively went there looking for the lost object. Of course she was not able to find it and at 14:28 PM she sent him a message indicating she could not find it.

At 15:01 PM, while approaching the airport, DSK was still attempting to find his missing phone, calling it from his spare with no answer. According to the records of the BlackBerry company, the IMF device had been disabled at 12:51 PM.

At 15:29 PM, he called the hotel from the taxi, indicating his room number and giving a phone number, so that he could be called back, in case his phone was found.

Thirteen minutes later he was called back from a hotel employee who was in the presence of a police detective. The hotel employee falsely told him that his phone had been found and asked where it could be delivered. DSK told him that he was at JFK Airport and that he had a problem since his flight left at 4:26 PM. He was reassured that someone could bring it to the airport in time, so he gave her the Gate and Flight number which allowed the police to call DSK off the plane and take him into custody at 4:45 PM.

 DSK’s BlackBerry is still missing and the records obtained from BlackBerry show that the missing phone’s GPS circuitry was disabled at 12:51 PM. Probably the cell phone was “lost” inside the Sofitel, for sure this occurrence has prevented DSK to verify if he was under surveillance or not.

The reasons why DSK was so concerned about the possible interception of his messages on this BlackBerry are not clear even if Epstein suggests a couples of scenarios. The phone could contain some embarrassing information related to the scandal occurred to Carlton Hotel in Lille where high-class escort women were allegedly provided by corporation to government officials (I believed this kind of affair only happened in Italy)  (DSK denies that he was connected to the prostitution ring.). Otherwise his concern could also derive from other matters, related to his IMF role, such as the sensitive negotiations he was conducting for the IMF to stave off the euro crises.

Still doubtful about Mobile Security Risks?

Follow

Get every new post delivered to your Inbox.

Join 2,705 other followers