Log in

Posts Tagged ‘Cryptography’

A spear phishing attack on IMF

June 15th, 2011

IMF Headquarters - Image via Wikipedia

Hackers are not only getting into gaming sites; they are eyeing the monetary world as well. It is the International Monetary Fund (IMF) this time. This happened just after a day Citibank faced cyber attack and names, account numbers and email addresses of more than 200,000 North Americans Citibank account holders were compromised.

Before we move ahead and discuss the story in detail, let us try to understand the difference between phishing and spear phishing. While phishing floods millions of email inboxes and relies on mass attack, spear phishing is more about selectively targeting individuals who have been identified previously. That means spear phishing can potentially attack a small bunch of people working in the same organization.

It appears that some foreign government was behind the data breach. According to IMF spokesman David Hawley the incident was under investigation and the fund was completely functional. Fox News reported that the IMF’s computers had been hacked into similar to the latest incident in November 2008 via malicious software.

The World Bank deactivated a cyberlink it has with the IMF as one of IMF’s desktop was compromised and large quantity of data was obtained. The hackers had deliberately infected a computer at the IMF with malware trained to steal information. This is a new kind of malware, one that gave hackers broad access toIMF’s systems – helping to gain ‘hot market’ information. Email warnings about “increased phishing activity”were received on June 1 and employees were warned against opening emails from unknown senders, access suspicious video links or click on attachments . IMF had sent an internal memo on June 8 about the actual cyber-attacks to its board members and employees.

Political foes, especially China, could be behind the attack as data related to monetary policies is of utmost value. The IMF studies the economic stability of its 187 members and analyzes each nation’s financial risk. It supervises the global financial system and recently played a major role in the economic bailout of Greece, Ireland and Portugal. This came as a rude shock when the country was just grappling with IMF chief Dominique Strauss-Kahn’s sexual asasult scandal.

Unless the IMF reveals more information about what data was compromised and how it happened, it is difficult to figure out who was behind the attack and the extent of the loss. The Federal Bureau of Investigation is in charge of this investigation.

Contact Alertsec for your data security needs

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in data breach

Tags: alertsec AlertSec Xpress Cryptography data theft prevention drive encryption Encryption International Monetary Fund World Bank

Citigroup’s customer data compromised!

June 9th, 2011

Data Breach

It is unbelievable but remains a fact that a determined hacker can easily get into anyone’s computer and access confidential data. Even a big corporate giant, Citigroup, was not spared!

According to Citigroup, hackers have breached Citigroup’s network and accessed data of thousands of bank-card holders in the United States.

The incident was discovered last month during a daily ‘check-up’. 1% of the bank’s credit card accounts have been compromised. Customer names, account numbers, addresses, email addresses and a few other demographic fields were accessed. The hackers were not lucky enough to get info such as birth dates, card security codes, card expiration dates and social security numbers as they were stored at a different location.

The bank’s spokesperson confirmed that the bank is reaching out to affected customers and issuing them new credit cards. Strong security measures have been implemented to prevent such an incident from taking place again. Law-enforcement officials have been notified.

What is shocking is that Citigroup knew that their customers’ data was compromised back in early May. But the public is informed only now, one full month later. One Canadian found out about the problem after his ATM transaction was denied, rather than through official notification from his bank.

FDIC Chairman Sheila Bair said on Thursday that the Federal Deposit Insurance Corp is in the process of implementing guidelines for banks and might ask some banks to increase their data security when a customer accesses his online accounts.

Data breaches are a fact of today’s cyber world but companies are obligated to inform their customers in time.

About Alertsec: You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Citigroup Hack of the Day (geeks.thedailywh.at)
Citigroup hit by hackers (zdnet.com)

No comments »

Posted in Alertsec Express, data breach

Tags: Citigroup Credit card Cryptography Customer Federal Deposit Insurance Corporation Sheila Bair Social Security number United States

ACS: Law Fined over Data Breach

May 25th, 2011

DATA Breach

Data breaching is one the most dangerous criminal offense in the case of internet and computer law. According to ICO every organization should encrypt their data, so that an unknown person can not access their data. The law says that the data stored in the computers and mobile data storage devices of every organization must be encrypted, because these are the main targets of the hackers. As most of the data contains personal details, so if anybody hacks the data or it is lost due to the fault of some people the organization will suffer as the hacker can misuse it for his own benefits.

Though every organization is aware about the effect of data loss and the importance of data encryption but most of them neglect this part. According to modern research the negligence towards the data encryption mainly happens due to the lack of commitment of the ICO. In most of cases it has been found that ICO released the accused person or the organization by just imposing a minimum fine, whereas the actual amount of fine is very high.

Recently Andrew Crossley, the controversial solicitor has been accused of data breach. It has been found that he and his organization was sharing files illegally. However the information security world was shocked when they found that Andrew had been fined only £1,000 by the ICO for data breach.

The ICO gave some reasons in their defense. In a press conference they announced that the way Andrew and his organization were using the personal details of other organizations and their clients that were totally illegal and unlawful. That was against the law of data breaching. As soon as it came to the sight of ICO they took immediate action against Andrew. But as ACS law had seized all the properties of Andrew so he was unable to pay the full amount. Taking this into consideration, ICO decreased the amount of fine.

But the people are not happy with this decision, because according to the law of data breach the amount of fine must be £400 * the number of people’s data has been misused. So the amount should have been much higher than £1,000. They have even questioned the impact and power of ACS law and ICO. Because according to the law ICO has no power to investigate the property of the accused person. They have to depend on the documents of that person and it is very easy to manipulate those documents. Though the case of Andrew went to the court and the court also announced him guilty of data breach and misusing but still the ICO failed to fine him more.

This is not the first time where a person has been released by the ICO after charging a very low amount of money. As a result of this the people are losing their faith in ICO day by day. So the government has to take some immediate steps to increase the power of ICO.

About Alertsec:
Alertsec is the front runner in offering data encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption.

No comments »

Posted in Alertsec Express, Lawsuits and settlements, Security Flaw, data breach, data encryption

Tags: ACS:Law Cryptography data breach data breach incidents Data Breaches Data storage device disk encryption Encryption Law organization Personal computer

Leak Fear as Hospital Loses Patient Detail

April 29th, 2011

Flah Drive

As the number of laptop and data storage device robbery increasing day by day, the negligence of different organizations about the implementation of data encryption software and laptop encryption software come to the notice of ICO. Though ICO is trying hard to make all the organizations aware about the importance of encryption of data but the organizations are showing to less energy to encrypt the laptops and data storage devices. As a result of that any short of data or device loss is making huge effect on the organization.

ICO came to know that recently at Queen Marry Hospital a flash drive which contained the details of the patients of that hospital had been lost. Though the main copy of those data has been stored in a computer with password protection but the data in the flash drive was neither encrypted nor password protected.

The hospital informs that the flash drive contained the names and id numbers of at least 19 patients of them. From this we can easily understand the situation that is going to occur if the incident came to the notice of those patients. And not only in this hospital but this thing is happening in everywhere like; schools, different organizations even in antivirus developing organizations also. A source of the hospital informed that the data was stored in the flash drive from a password protected computer to upgrade the computer. The management of the hospital immediately lodged a report to the police and they assured that the treatment of the patients would not be affected due to this incident.

Such type of incidents shows us the importance of data encryption software, computer security software. If encryption is enabled in our system and storage devices then we do not have to worry about the manipulation of data after the data has been lost. Though a lot of encryption software is available in the market and ICO is trying their best so that every organization uses those encryption softwares to protect their system and data but due to unawareness and negligence most of the organizations show lethargy to implement it in their organizations. ICO has decided to take some serious steps so that every organization will implement those softwares in their organization.

Though the hospital informed the police and the patients and apologized to them for their mistakes, just to put off the light from their fault but everyone can easily understand the effect of this incident.

About Alertsec:-

Alertsec is one of the leading data encryption software providers. Alertsec offers computer protection that is convenient and affordable. Analysis of the total cost of ownership of the Alertsec Xpress solution and the major alternatives show that the benefits of the Cloud Service can cut the TCO by up to half.

No comments »

Posted in Alertsec Express, Computer security, Data Protection, Encryption, Encryption Chip, Hard Disk, USB Key, full disk encryption

Tags: Cloud computing Cryptography data encryption Data storage device Encryption security

Cord Blood Registry Data Loss

March 12th, 2011

LTO 2 cartridge without the top shell Note: Th...

Image via Wikipedia

The ever growing data theft problems have now attacked the world’s largest stem cell bank which Cord Blood Registry (website www.cordblood.com). On being affected by data breach, the bank has mailed warning letter to over 300,000 people. Apparently the theft involved loss of storage tapes as well as a laptop from an employee’s car.

We were going through the reports and this incident was first discovered by the author of scamsafe who received a notification letter from the bank since he is a customer. The letter was dated for February 14th 2011.

A PDF copy of the letter can be downloaded from datalossdb.org website. The letter written by Execute Vice President, External Affairs clearly notifies the customers of a potential data theft.

According to the police reports, the theft incident happened before midnight on Dec. 13, 2010 exactly outside a private data center in San Francisco. The data center is called 365 Main Street. But what is really surprising is that the customers received letter from the Bank only in February 14.

The director of corporate communications, Kathy Engle says that the tapes that have been stolen contained personal information of customers that was un-encrypted.

According to Engle, “Notifications went out to approximately 300,000 people,” Engle says. “The vast majority of those people were clients who had signed up prior to 2006, but we did the broadest evaluation of possible missing data, which also included some more recent clients or recent prospect activity.” “The tapes may have contained personal client data of adults (credit card numbers, driver’s license numbers or social security numbers); nothing on children and no health information at all”.

While CBR is not a HIPAA-covered entity neither did the breach covered any health information what is not clear is whether CVV codes/Credit Card numbers were stored on the stolen backup and the breach did not involve any health information.

As one would expect, the Cord Blood Registry bank has strengthened its security:

We have taken extra steps on behalf of our customers in providing the credit monitoring free of charge. CBR has also strengthened and tightened our data security procedures. We hired security experts and implemented a number of improvements to protect our client data. The company continues to monitor these processes but will not share any details of these changes in order to preserve the integrity of the security mechanisms. The data on the tapes was not encrypted. We recognize that the loss of unencrypted data poses a risk, and that’s why we sent out the notices to our customers.

Here’s a video from ABC news which analyzes this breach:

What the customers think?

An IT professional who also happens to be an ex-employee at EMC, the storage company was shell-shocked with the new. He questioned, “What on earth are LTO4 tapes doing in a trunk with all this ’secure’ information? CBR hasn’t described what was actually stolen either. I’m frustrated.”

Another woman, Tania Doughter who is the mother of a 4 year old said, “They came highly recommended, we trusted them”. “We gave them information on our family and on our new baby.” However, now she has serious doubts about her decision as parents across the country are receiving new about the major data breach.

If you are potentially impacted by the data breach incident, you can write an email to Cord Blood at client_inquiries@cordblood.com or telephone (888) 578-4480.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.