Rilek1Corner

Tag: hack

  • US And British Spies Hack To Obtain Access To Billions Of Phones

    US And British Spies Hack To Obtain Access To Billions Of Phones

    FRANKFURT — US and British spies hacked into the world’s biggest maker of phone SIM cards, allowing them to potentially monitor the calls, texts and emails of billions of mobile users around the world, an investigative news website reported.

    The alleged hack on Gemalto, if confirmed, would expand the scope of known mass surveillance methods available to U.S. and British spy agencies to include not just email and web traffic, as previously revealed, but also mobile communications.

    The Franco-Dutch company said yesterday it was investigating whether the US National Security Agency (NSA) and Britain’s GCHQ had hacked into its systems to steal encryption keys that could unlock the security settings on billions of mobile phones.

    The report by The Intercept site, which cites documents provided by former NSA contractor Edward Snowden, could prove an embarrassment for the US and British governments. It opens a fresh front in the dispute between civil liberties campaigners and intelligence services which say their citizens face a grave threat of attack from militant groups like Islamic State.

    It comes just weeks after a British tribunal ruled that Britain’s Government Communication Headquarters (GCHQ) had acted unlawfully in accessing data on millions of people in Britain that had been collected by the NSA.

    The Intercept report said the hack was detailed in a secret 2010 GCHQ document and allowed the NSA and GCHQ to monitor a large portion of voice and data mobile communications around the world without permission from governments, telecom companies or users.

    “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques,” said Gemalto, whose shares sunk by as much as 10 per cent in early trading yesterday, following the report.

    The report follows revelations from Snowden in 2013 of the NSA’s Prism programme which allowed the agency to access email and web data handled by the world’s largest Internet companies, including Google, Yahoo and Facebook.

    A spokeswoman for Britain’s GCHQ said yesterday that it did not comment on intelligence matters. The NSA could not be immediately reached for comment.

    A European security source said that mobile devices were widely used by terrorist groups and that intelligence agencies’ attempts to access the communications were justified if they were “authorised, necessary and proportionate.” The source did not confirm or deny that the documents were from GCHQ.

    The source also said Western agencies would sometimes hold on to data over time in order to decrypt the communications of specific intelligence targets.

    The source added that wireless networks in Iran, Afghanistan and Yemen were viewed as having significance intelligence value. These were identified by the Intercept as countries where Britain’s GCHQ intercepted encryption keys used by local wireless network providers.

    SURVEILLANCE

    The new allegations could boost efforts by major technology firms such as Apple Inc and Google to make strong encryption methods standard in communications devices they sell, moves attacked by some politicians and security officials.

    Leaders including US President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such encryption into a mass-market feature could prevent governments from tracking militants planning attacks.

    Gemalto makes SIM (Subscriber Identity Module) cards for phones and tablets as well as “chip and pin” bank cards and biometric passports. It produces around 2 billion SIM cards a year and counts Verizon, AT&T Inc and Vodafone among hundreds of wireless network provider customers.

    The European security source said that an assertion by The Intercept that GCHQ had taken control of Gemalto’s internal network was speculative and not supported by documentation published by the website.

    The Intercept, published by First Look Media, was founded by the journalists who first interviewed Snowden and made headlines around the world with reports on US electronic surveillance programmes.

    It published what it said was a secret GCHQ document that said its staff implanted software to monitor Gemalto’s entire network, giving them access to SIM card encryption keys. The report suggested this gave GCHQ, with the backing of the NSA, unlimited access to phone communications using Gemalto SIMs.

    French bank Mirabaud said in a research report the attacks appeared to be limited to 2010 and 2011 and were aimed only at older 2G phones widely used in emerging markets, rather than modern smartphones. It did not name the source of these assertions.

    Some analysts argued that if a highly security-conscious company like Gemalto is vulnerable, then all of its competitors are as well.

    Gemalto competes with several European and Chinese SIM card suppliers. A spokesman for one major rival, Giesecke & Devrien of Germany, told Reuters: “We have no signs that something like that happened to us. We always do everything to protect our customers’ data.”

    But while security experts have long believed spy agencies in many countries have the ability to crack the complex mathematical codes used to encrypt most modern communications, such methods remain costly, limiting their usefulness to targeted hijacking of individual communications.

     

    Source: www.todayonline.com

  • Personal And Banking Information of 240 Nanyang Polytechnic Alumni Leaked Online After Hack

    Personal And Banking Information of 240 Nanyang Polytechnic Alumni Leaked Online After Hack

    The personal and bank information of 240 Nanyang Polytechnic alumni has been stolen and leaked online.

    Chinese evening daily Lianhe Wanbao reported on Monday that one of the alumni affected, Mr Ho, was informed of the security breach last week through a letter from the school.

    The letter says that there was “unauthorised access” into the polytechnic’s computer system. According to the letter, names and bank account numbers linked to GIRO payments were copied. It also says that the school has managed to delete the information from the website that carried the leaked information. It is not known which website it was.

    Mr Ho is wary although he thinks that nothing can be done using the information stolen.

    “If they have the ability to steal these information, they may have the ability to steal even more. The information they released may not be all the information they have,” Mr Ho was quoted as saying.

    The hackers retrieved information of those who were enrolled between 1994 and 1999, Wanbao reported. The school advised the affected parties to check with the bank on any aunthorised transaction.

    Nanyang Polytechnic has reported the matter to the police. In the letter, the school wrote that it takes the matter “very seriously”.

    “We are conducting a thorough internal investigation and are also working with a leading third party forensics firm to conduct an independent investigation into this matter so as to strengthen our processes and systems,” it added.

     

    Source: www.straitstimes.com

  • K Box: Steps Are Taken to Hold Those Responsible For This Deplorable Act

    K Box: Steps Are Taken to Hold Those Responsible For This Deplorable Act

    hackers

    SINGAPORE: K Box Entertainment Group, which runs a chain of Karaoke outlets, said it is taking the theft of its data as well as publication of its customers’ details “very seriously”. Its Chief Operating Officer Priscilla Ng issued a statement late Tuesday (Sep 16), after the apparent leak of its customer database with more than 317,000 names.

    The Personal Data Protection Commission (PDPC) has said it is concerned about the scale of the leak and is investigating.

    “We are conducting a full internal investigation, and have provided the PDPC and Singapore Police Force with our fullest cooperation. Steps are being taken to remove the stolen data and hold those responsible for this deplorable act wholly accountable to the fullest extent of the law,” Ms Ng said.

    She said K Box has been able to “remove” stolen data and links from at least three websites. “We wish to assure you that controls and safeguards are in place in protecting your data and we take your data privacy very seriously,” she stated.

    A check of URLs emailed to the media by the group claiming to be behind the leak, shows the links are dead. The group, who identified themselves as The Knowns, said they had published the data, to protest an upcoming toll hike at Woodlands Checkpoint.

    Source: http://www.channelnewsasia.com/news/singapore/k-box-taking-data-theft/1365592.html

  • BREAKING: 317,000 Personal Details of Members from K Box Singapore Leaked Online

    BREAKING: 317,000 Personal Details of Members from K Box Singapore Leaked Online

    Screen Shot 2014-09-16 at 10.34.54 am

    SINGAPORE: Personal details of more than 317,000 members of Karaoke entertainment operator K Box Singapore appear to have been leaked publicly.

    At 4.17am on Tuesday morning (Sep 16), a group calling themselves The Knowns emailed links to the list of members’ details to several media outlets, including MediaCorp.

    The list includes names of K Box members as well as their contact number, email address, NRIC number, date of birth and marital status. It also includes K Box-specific data, such as membership numbers and “K Points” earned.

    Channel NewsAsia has been able to verify the details of several of the individuals on the list. One member, who confirmed her details in the list were accurate, said that K Box has not yet contacted her about any leak.

    “I’m a bit freaked out,” said the member, who asked to remain anonymous. “My main concern is that with those details, someone could sign me up for random stuff.”

    Another member whose name was found on the list said he was “extremely concerned what other personal information got leaked” and that he was also worried if other companies’ databases had been hacked. He filed a police report reporting the leak on Tuesday afternoon.

    hackers

    K Box did not respond to phone or email queries from the media. A senior management staff at the company headquarters said the company had “no comment” on the issue.

    Channel NewsAsia understands that the relevant government agencies are aware of the incident and are looking into it.

    The group claiming responsibility for the leak said that it was in response to “the recent increase in toll at Woodlands”, saying that it was “an unnecessary financial burden on working Malaysians”.

    “To show our displeasure, we are releasing the database of Kbox containing more than 300k personal details of its membership. We had done it before and will do it again.”

    Source: http://www.channelnewsasia.com/news/singapore/leaked-k-box-singapore/1364214.html