Log in

Posts Tagged ‘alertsec’

NATO could be the next victim of a data breach

June 27th, 2011

NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.
”
NATO’s strategy

NATO’s Strategic Concept, identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Data Protection, data breach, data encryption

Tags: alertsec Arizona Bookselling breach notification Check Point computer encryption software Computer security Credit card data breach data theft prevention disk encryption full disk encryption NATO Personally identifiable information

Video game maker Sega the latest victim of data breach

June 22nd, 2011

With every new data breach, hackers are proving their smartness and honing their hacking skills. The gaming world appears to be an lucrative area for them as the latest victim to have online identities and passwords stolen is Video game maker Sega. Sega produces games for a range of consoles, including the PlayStation 3, Nintendo DS, Microsoft’s Xbox 360 and Nintendo’s motion-control Wii.

Sega’s servers were accessed and information belonging to 1.3 million customers was stolen from Sega’s database. That included names, email addresses, dates of birth and encrypted (not hashed or plain-text) passwords.

Surprisingly credit card numbers have not been affected. Sega Pass, Sega’s online system for giving newsletters, demos and other perks, had been closed for a complete investigation.

As per the latest update, 1,290,755 accounts have been compromised. Sega confirmed that no financial; data was stolen. Sega’s network is being currently strengthened and Lulz Security has taken the lead to find the perpetrators. They stated on Twitter that they would help “destroy” the responsible party because they love the Dreamcast.

What is puzzling is that the attack on Sega’s network took place after it confimed to have put new security measures following the data breach on Sony’s PlayStation Network

“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” Sega spokeswoman Yoko Nagasawa told Reuters, adding it is unclear when the firm would restart Sega Pass.

According to BBC report, customers have been advised to change their log-on details on other services and websites where they used the same credentials. In addition, Sega has reset all customer passwords.

Comparison with breach at Sony’s and Citigroup

Sega handled this situation better than Sony and Citigroup. It locked down the system and wasted no time in informing its customers. Sony informed almost after a week and Citigroup had the nerve to tell people that they didn’t disclose information because they didn’t want to shock customers !

Reality check

No system is 100% secure. So in case data theft takes place what is important is

1) Financial data does not get affected and

2) Systems should be immediately closed down, customers should be informed on time and security ought to be strengthened

Time for Alertsec to step in

By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Alertsec’s mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users

No comments »

Posted in data breach

Tags: alertsec breach notification computer encryption software Computer security Credit card data encryption

London Health Programmes under fire for failing to report laptop loss

June 19th, 2011

Laptop Loss is a Major Business Risk

In the last few posts we talked about data theft/illegal data accessing. This post talks about the physical theft i.e. stealing of laptops ! Laptop theft is a significant threat to computer users. Many tools such as laptop locks, alarms and visual deterrents such as stickers or labels have been developed to prevent laptop theft. Victims of such a theft lose hardware, software and important data if they fail to back it up.

London Health Programmes, a medical research organisation based at the NHS North Central London health authority, has lost 20 laptops. This could be the biggest ever health care data breach suffered by the NHS.

Only 3 laptops have been recovered so far. One of the missing computers contained details of 8.63 million people and the NHS medical records of 18 million hospital visits, operations and procedures. The information included the postcode, age, ethnic origin of the respective patients, but not their names. This machine was, unfortunately, not encrypted. It was taken from a storeroom of NHS.

Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach,” the ICO said in a statement on Wednesday.

According to a spokeswoman for the ICO told ZDNet UK ”If the data has been breached, the implications could be serious, according to the ICO. “[The NHS] holds millions of [bits of] data on millions of people. They’re probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day,”

NHS has suffered multiple breaches in the past few years. The Information Commissioner’s Office issued a public warning to the NHS in the year 2009 to beef up security.

What could be more disturbing is the fact that the laptops could have been encrypted all along. David Tomlinson, managing director of Taunton-based Data Encryption Systems, said the NHS has a licence to run McAfee software on all its computers, including the SafeBoot disk encryption product.

“If someone wasn’t encrypting their laptops, questions should be asked,” he said, “because they’ve paid for [the encryption].”

The Information Commissioner’s Office (ICO) and the police are investigating the theft.

Better late than never, the Department of Health issued a statement saying all NHS organisations should ensure laptops are encrypted.

Alertsec at your service

Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Computer security, laptop theft

Tags: alertsec AlertSec Xpress computer encryption software Health care laptop London Medical research National Health Service Notebooks and Laptops Sun Theft

A spear phishing attack on IMF

June 15th, 2011

IMF Headquarters - Image via Wikipedia

Hackers are not only getting into gaming sites; they are eyeing the monetary world as well. It is the International Monetary Fund (IMF) this time. This happened just after a day Citibank faced cyber attack and names, account numbers and email addresses of more than 200,000 North Americans Citibank account holders were compromised.

Before we move ahead and discuss the story in detail, let us try to understand the difference between phishing and spear phishing. While phishing floods millions of email inboxes and relies on mass attack, spear phishing is more about selectively targeting individuals who have been identified previously. That means spear phishing can potentially attack a small bunch of people working in the same organization.

It appears that some foreign government was behind the data breach. According to IMF spokesman David Hawley the incident was under investigation and the fund was completely functional. Fox News reported that the IMF’s computers had been hacked into similar to the latest incident in November 2008 via malicious software.

The World Bank deactivated a cyberlink it has with the IMF as one of IMF’s desktop was compromised and large quantity of data was obtained. The hackers had deliberately infected a computer at the IMF with malware trained to steal information. This is a new kind of malware, one that gave hackers broad access toIMF’s systems – helping to gain ‘hot market’ information. Email warnings about “increased phishing activity”were received on June 1 and employees were warned against opening emails from unknown senders, access suspicious video links or click on attachments . IMF had sent an internal memo on June 8 about the actual cyber-attacks to its board members and employees.

Political foes, especially China, could be behind the attack as data related to monetary policies is of utmost value. The IMF studies the economic stability of its 187 members and analyzes each nation’s financial risk. It supervises the global financial system and recently played a major role in the economic bailout of Greece, Ireland and Portugal. This came as a rude shock when the country was just grappling with IMF chief Dominique Strauss-Kahn’s sexual asasult scandal.

Unless the IMF reveals more information about what data was compromised and how it happened, it is difficult to figure out who was behind the attack and the extent of the loss. The Federal Bureau of Investigation is in charge of this investigation.

Contact Alertsec for your data security needs

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in data breach

Tags: alertsec AlertSec Xpress Cryptography data theft prevention drive encryption Encryption International Monetary Fund World Bank

Codemasters ‘ attacked by hackers’

June 12th, 2011

Image via Wikipedia

It is the era of hacking ! Before the Cyber-world recovers from the recent data attack on Sony and Citigroup, hackers have managed to access personal data of Codemasters ’s users.

The story

The British games developer was attacked on June 3 and personal details like names, addresses and phone numbers of thousands of people were stolen. IP addresses, details of last site activity, order history, biographies, Xbox Live Gamer-tags of the Codemasters CodeM database and the DiRT 3 VIP code redemption page were also a part of the theft. Luckily payment details were not hacked into as those were processed by an external provider.

Codemasters.com and its associate web services have been taken off the web till the investigation is on. Users have been advised to log on to the company’s Facebook Page for more information. US and UK websites have also been redirected to the company’s Facebook page. A new Web site is in the pipeline.

According to BBC News, the company is still probing about possible suspects. The number of affected users is still not known. It could be anywhere from thousand to hundred thousand. The company said. “We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law”

Data Security

Gamers have also been advised to change their passwords linked with Codemasters accounts. Codemasters spokesperson has further advised to refrain from opening any suspicious mail that might lead a user to an illegal website. Users need to be extra cautious of emails asking them to share their password or any other personal information

Users’ reactions

Leanne Lee from Eastbourne, Codemasters website user, blamed the company of being slow to report. She was shocked that she was told a week later after the breach occurred and that too via an impersonal email. According to Brad Langford of Manchester, Codemasters or any video game company for that matter does not really require sensitive information like birth place and birth dates.

Breaking news

‘Epic Games’ suffers cyber attacked ! Stay tuned..

Data security with Alertsec

D ata security is of utmost importance for any organization. This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Had the company used Alertsec’s services, the information would have been secure. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial