On Monday, The Security Service of Ukraine (also known as the SBU) had announced that they had discovered and destroyed five bot farms since the war had started with Russia. These bot farms were spreading misinformation to Ukrainian citizens during the war, causing panic among them. These bot farms had over 100,000 fake social media accounts spreading this misinformation, and some are even responsible for spreading fake bomb threats.

At these bot farms, The Security Service of Ukraine had found at least 100 GSM gateways, close to 10,000 SIM cards, and other laptops and mobile devices. This equipment allowed for these bot farms to run at large capacity.

What is a bot farm?

A bot farm manages a large number of fake accounts to create more traffic towards areas on the internet. This traffic is created by these fake accounts clicking on social media posts, liking the posts, sharing them, and commenting on them. This eventually leads to real accounts eventually coming across these posts and could even cause a social media post to become viral.

Bot farms have more applications than just this, some other examples of how bot farms are used today are:

• Creating traffic on other websites
• Downloading apps in the app store and improving their reviews.
• Click frauds, which is the process of clicking on internet ads that will increase revenue on a website and increase advertising revenue.

What can be done to counter bot farms?

In relation to Ukraine, there is now a fact check bot that can detect whether information is relevant or not. The “Perivika” bot was created recently, and The Center of Countering Disinformation at The Nation Security and Defence Council of Ukraine recommends this bot for Ukrainian citizens to fight against misinformation bot farms. Internet users can send a website link of suspected misinformation and the bot will verify if it is real or fake.

Takeaways

While using the internet, it is very important to be aware of what you are viewing on social media or websites in general. Don’t panic if you see a social media post or internet article of concern. There is a good chance that a bot farm could be responsible. Always make sure that you do the proper research in the content that you are viewing. Having trusted sources is a great way to ensure that you are receiving trusted information.

References

https://www.zdnet.com/article/ukraine-takes-out-five-bot-farms-spreading-panic-among-citizens/

https://ssu.gov.ua/novyny/z-pochatku-viiny-sbu-likviduvala-5-vorozhykh-botoferm-potuzhnistiu-ponad-100-tys-feikovykh-akauntiv

https://blog.malwarebytes.com/malwarebytes-news/2022/03/ukraine-shuts-down-disinformation-bot-farm/

https://www.clickguard.com/blog/bot-farms-and-click-bots-invalid-clicks/#:~:text=A%20bot%20farm%20or%20a,IP%20addresses%20and%20web%20sessions.

https://therecord.media/ukraine-dismantles-social-media-bot-farm-spreading-panic/

https://www.investopedia.com/terms/c/click-fraud.asp#:~:text=Click%20fraud%20is%20the%20act,exhaust%20a%20company’s%20advertising%20budget.

https://www.econotimes.com/What-exactly-are-bot-farms-and-why-are-they-useful-or-not-useful-to-us-1596791

https://www.ukrinform.net/rubric-society/3440099-ukraine-unveils-aipowered-factcheck-bot-to-counter-russian-disinformation.html

https://www.ukrinform.net/rubric-society/3440099-ukraine-unveils-aipowered-factcheck-bot-to-counter-russian-disinformation.html

https://www.ukrinform.net/rubric-society/3440099-ukraine-unveils-aipowered-factcheck-bot-to-counter-russian-disinformation.html

Faced with stiffening sanctions from Western countries over its invasion of Ukraine, Russia is considering accepting bitcoin as payment for its oil and gas exports.

In a news conference held last week, the head of Russia’s State Duma committee on energy, Pavel Zavalny said that when it comes to “friendly” nations such as China or Turkey, Russia is willing to be more flexible with payment options. Zavalny named China and Turkey as “friendly” countries because they are “not involved in the sanctions pressure” against Russia.

“We have been proposing to China for a long time to switch settlements in national currencies for rubles and yuan,” he said according to a translated report. “With Turkey, it will be lira and rubles.”

Zavalny added, “you can also trade bitcoins.” Bitcoin is a decentralized digital currency that is exchanged between two parties without involving banks or other financial institutions.

The day before the news conference, Russian President Vladimir Putin said that his country will no longer sell gas to “unfriendly countries.” The ruble’s value has collapsed in response to the sanctions, which included the ejection of Russian banks from the SWIFT international payments system.

“Unfriendly countries” refers to those that have imposed sanctions on Russia after the war against Ukraine. Some of the countries include: Canada, United States, Britain, South Korea, Norway, Singapore and Ukraine.

The European Union relies heavily on Russia’s oil and gas shipments, further complicating efforts by Western nations to increase economic pressure on Russia over its invasion of Ukraine. The United States has implemented a ban on Russia’s oil and gas imports, even though they obtained a small amount of its energy needs on those shipments.

Putin states, “if ‘unfriendly countries’ wants to buy Russian natural gas, they have to open ruble accounts in Russian banks. From these accounts, payments will be made for the gas delivered from Russian banks.” This announcement caused energy prices to spike earlier this week.

The move is likely to bolster the Russian currency which suffered in value and lost over 20 percent this year. Sanctions imposed by the United States, UK and other European allies, following the invasion of Ukraine, have put a strain on Russia’s rubles and raised its cost of living.

What’s the risk?

Russia’s economy has been battered by the unprecedented sanctions, and needs to be shored up and “Bitcoin is seen as the highest growth asset” according to David Broadstock, a researcher at the Energy Studies Institute in Singapore. However, the value of Bitcoin has swung as much as 30 percent since the beginning of this year. Evidently, accepting Bitcoin, compared with other traditional currencies, increases risk in the trade of natural gas.

Moreover, one of the “friendly” trade partners for Russia is China, however; cryptocurrency is currently banned for use in China. “This clearly limits potential for payment using Bitcoin” said Broadstock. There are concerns that Russian oligarchs could be using virtual currencies to avoid sanctions. This has spurred Ukraine’s government as well as the United States and European politicians to ask cryptocurrency platforms to ban all Russian users. But many firms have ruled this out.

Sources:

Russia proposes bitcoin for oil shipments to ‘friendly’ countries (nypost.com)

What Is Bitcoin and How Does It Work? – Forbes Advisor INDIA

Explained: Eclipse Attacks On Blockchains And How To Stop Them (cnbctv18.com)

Putin says Russia will make ‘unfriendly’ countries pay for gas in rubles | CBC News

putin_62319bebbd5a0.PNG (725×475) (indiatimes.in)

russia bitcoin – Bing images

The state of Saskatchewan is a member of Digital ID & Authentication Council of Canada since the March of 2020 and has been considering implementing a Digital ID system in the province. In its current standing Alberta already has a similar application implemented. The intended purpose of this system is to speed up the government processes. Rather then to wait for an authentication code or visiting a registry office, a citizen can access to government in a fast manner from the comfort of their homes. This feature by itself certainly does not appear to cause any harm and would make the people of Saskatchewan’s lives easier. But when considering the implementation of such a system we shouldn’t look over what it means for the future.

In its current standing the Digital ID system would just enable the access of an individual to his/her government services online, and the use of this feature is completely optional as anyone who does not want to use it can instead just do it the “old” way. But it is not hard to see this promise of options disappearing shortly after Digital ID proves itself functional as it would render the expenses caused by other means unnecessary. But even then what trouble could it cause for the society at that point in time. Nothing much really. But while providing a means to make interactions between the citizen and the government easier, Digital ID also provides a foundation for a system that can legally keep track of an individual’s daily interactions online and record them. Now that you can be legally identified online to interact with the government, in the upcoming years it is much easier to link your identification not just to your car registration request you make on the online registry but also to any random article you read.

The problem is not the government having your identification information (They already do as they are supposed to) or it choosing an online storefront for its services. The problem is any government entity having control or access to anything that does not concern them in a functional sense. In the future, implementations like Digital ID could make it much harder for an average citizen to keep his/her online interactions a private affair. This would alter our behavior, making the society itself less free as a whole, since people tend to act differently under supervision than they would have without it even though their actions wouldn’t be a misconduct or a crime. They might be ashamed of someone else having knowledge of their lives or even worse they could be avoiding unjust prosecution.

Of course the government is not the enemy but we shouldn’t forget that it is not the master either. And no, Digital ID is not gonna transform Saskatchewan into communist Russia and probably is something that needs to be implemented one way or another. We are living in a digital age after all. The point I want to emphasize is that it is indeed an existing threat that harmless implementations such as Digital ID could evolve to be tools of intrusion and authoritarianism and it is up to the individual to keep this from happening by exercising their democratic rights to keep the government out of places where they have no business.

Sources:

Big Brother Scott Moe plans to reduce what little privacy we have left – MooseJawToday.com

CPIN – Turkey – Gulenists – v1.0 (DRAFT) (justice.gov)

Bylock Kullanıcısı FETÖ Sanığına 6 Yıl 3 Ay Hapis Cezası – Memurlar.Net (www-memurlar-net.translate.goog)

Honda is a renowned multinational automobile manufacturer known for affordability, safety, and reliability. Honda is the eighth largest automaker in the world and the largest producer of internal combustion engines. In Canada, Honda vehicles are extremely popular. The Honda Civic is a household name that everyone is familiar with. In fact, The Honda Civic is among the bestselling vehicles of last year. So, what exactly is Honda’s issue? One word: Security. 

Recently a vulnerability was discovered by a small research team that demonstrated how an attacker could possess the ability to remotely unlock, lock, and start the engine of Honda vehicles. According to the researchers, this bug affects the immensely popular 2016-2020 Honda Civic vehicles. This however is not the first time a vulnerability like this has occurred for Honda. As recently as 2020, a similar bug was discovered in Acura TSX, Accords and the HR-V vehicle models. This vulnerability is not new and is seemingly widespread and as a Civic owner myself, I am quite concerned. 

Why is there a security vulnerability? The culprit is remote key fobs. Remote key fobs have existed since 1982 when the French automaker Renault, implemented the first iteration of remote key fobs as a means of unlocking a vehicle without a traditional key. A decade later, the technology evolved when Mercedes-Benz implemented the first keyless remote system that allowed the user to start the engine without a traditional key. These technological advancements led to push-to-start vehicles becoming increasingly popular in modern times. Most remote key systems use radio waves to transmit information from the key fob and to the vehicle from a short distance. This allows the owner to unlock, lock, and start the engine of their vehicle remotely. Although this technology is convenient, it opens many possibilities for security vulnerabilities if not implemented properly. 

The security issue is Honda’s neglect to encrypt or add any layer of security to the radio signals transmitted from a key to the vehicle. This makes the transmission extremely susceptible to simple ‘Replay’ attacks where an attacker intercepts the radio transmission and plays it again later. This simple attack can be carried out by anyone in the signal range of the key if they have the proper equipment to do so. Once an attacker has possession of the transmission it can continue to be used without limit. However, the attacker’s freedom is limited as they cannot drive away with the vehicle. To do so, the physical key fob must be inside the vehicle thanks to the ‘Immobilizer chip’ present in key fobs that ensures that only a key programmed into the car is able to enable it. Although your car cannot be stolen, the contents of it are easily available and your car’s engine can be left running undesirably which is especially detrimental with today’s gas prices. 

To demonstrate, here is the “lock” command that is sent by the remote key fob that would be intercepted by an attacker: 

653-656, 667-668, 677-680, 683-684, 823-826, 837-838, 847-850, 853-854 

All an attacker needs to do to unlock the vehicle is flip the bits and send the transmission back. 

A simple and effective solution would be for Honda to implement a ‘rolling code’ system that ensures that every radio transmission is encrypted and uses a unique code every time. Although Honda is aware of the issue, they refuse to provide a solution for their customers, dismissing the issue as inevitable and downplaying it as the work of sophisticated car thieves. Unfortunately, for the time being, the only way to ensure that your vehicle is safe from such an attack is to refrain from using your remote key fob. 

Sources:

https://thehackernews.com/2022/03/hondas-keyless-access-bug-could-let.html

https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/

https://informationsecuritybuzz.com/expert-comments/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/

https://latesthackingnews.com/2022/03/29/researchers-release-car-exploit-that-allows-hackers-to-lock-unlock-and-start-hondas/https://www.itsecuritynews.info/hackers-can-use-a-replay-attack-due-to-a-honda-vulnerability/ 

Cyberattacks present a new challenge to the concept of jurisdiction. Attackers can commit devastating crimes in countries that they will never visit in person. Targeting systems outside of one’s home country is advantageous: it makes reprisal from the owners of those systems difficult for jurisdictional reasons. Extraditing criminals is not easy; investigating criminals who reside outside of one’s jurisdiction is even less so.

The US has attempted to tackle this problem with a piece of legislation known as the CLOUD (“Clarifying Lawful Overseas Use of Data”) Act. Passed in 2018, this Act was inspired by Microsoft’s refusal in 2016 to obey a warrant from US law enforcement authorities to share a subscriber’s email messages that were stored in Ireland [1]. The CLOUD Act makes US access to data within another country with which the US has signed a COUD Act agreement more streamlined and efficient. The converse is also true: countries with which the US has signed a CLOUD agreement have the same access to US data. The Act also enables law enforcement authorities to conduct real-time surveillance on individuals in another country if a suitable warrant has been provided. So far, the US has entered into agreements with Australia and the UK. It is now beginning negotiations with Canada.

The primary function of the Act is to facilitate the work of law enforcement agencies. Warrants produced by law enforcement in one country will (generally) have legal force in the other country. However, the Act does allow challenges to warrants issued from a foreign government when the warrant violate the legally enshrined privacy rights of the country in which it is served [2]. Another safeguard in the CLOUD Act is its requirement that the US Attorney General certify to Congress that the law of any viable partner country contains “robust substantive and procedural protections for privacy and civil liberties” [3]. In other words, the US is unlikely to sign a CLOUD agreement with Russia any time soon.

While the details of Canada’s agreement have yet to be fleshed out, many experts are already concerned about the form that the agreement may take. They cite flaws and ambiguities already present in the CLOUD Act. Stephen Smith argues that the CLOUD Act is overly vague and ambiguous in its sections on surveillance of individuals in foreign countries. Thus, Canada would do well to make sure that these ambiguities are cleared up in any agreement that it signs with the US [4].

Privacy lawyers have also expressed concerns about the effects that pressure from Canadian law enforcement may have on the agreement. As David Fraser argues, the RCMP’s longstanding “lawful access” agenda may have an influence on Canada’s side of the negotiations.

Negotiations have just begun. It will be some time before we have a clear idea of the shape that the agreement will take. Implementing this new agreement will no doubt require amendments to Canada’s existing privacy laws. Hopefully those amendments will not be drastic.




Sources:

[1] https://www.theregister.com/2022/03/23/us_canada_cloud_act/?td=rt-3a.

[2] https://blog.privacylawyer.ca.

[3] https://www.itworldcanada.com/post/canada-u-s-to-negotiate-treaty-to-speed-up-police-data-access-requests

[4] https://www.thestar.com/politics/2022/03/25/a-bilateral-data-sharing-deal-with-us-better-than-status-quo-says-privacy-watchdog.html.

Text of the US CLOUD Act: https://www.congress.gov/bill/115th-congress/senate-bill/2383/text

Okta Inc (OKTA.O), whose authentication services are used to grant access to networks by firms such as FedEx Corp (FDX.N) and Moody’s Corp (MCO.N), and more than 15,000 clients, announced on Tuesday that it had been hacked and that some clients may have been affected. Okta reported that in the “worst-case” 366 of its clients were affected and that their “data may have been viewed or acted upon” – the company’s stock dropped 9% as a result of the announcement.

Although the breadth of the breach is unknown, it might have significant ramifications because Okta, located in San Francisco, manages access to hundreds of firms’ networks and apps.

Now let us get to the topic, they were hacked and this breach was carried out by the cyber-gang Lapsus$. Lapsus$ hackers utilize the same old method to get around MFA.

According to Ekram Ahmed of cyber-security firm Checkpoint, the ransomware gang is a South American threat actor that has lately been linked to cyber-attacks on certain high-profile targets. The cyber-gang is infamous for extortion, threatening the publication of sensitive information if its victims do not comply with their demands.

The gang has claimed to have broken into several high-profile firms, including Microsoft, in the past.

The malicious activities, which granted the threat actor access to nearly 366 Okta customers, took place over a five-day period between January 16 and 21, during which the hackers carried out various phases of the attack, including privilege escalation after gaining an initial foothold, persistence, lateral movement, and internal network reconnaissance.

The vulnerability was eventually discovered two months later, when LAPSUS$ uploaded images of the compromise on their Telegram channel on March 22.

Okta said that it just received a short report regarding the issue from Sitel on March 17 after sharing symptoms of the breach with them on January 21. The criminal gang then said on March 22, the same day it posted the screenshots, that it had gotten a copy of the full investigative report.

The criminal gang then received a copy of the full investigative report on March 22, the same day it posted the screenshots.

“Even when Okta received the Mandiant report in March explicitly detailing the attack, they continued to ignore the obvious signs that their environment was breached until LAPSUS$ shined a spotlight on their inaction,” Demirkapi wrote in a tweet thread.

In a comprehensive FAQ written on March 25, the San Francisco-based firm admitted that it made a “mistake” in failing to warn its consumers about the January hack.

“In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today,” Okta said, adding it “should have more actively and forcefully compelled information from Sitel.”

Company’s reaction after the attack:

Cloudflare, one of Okta’s clients, stated in a blog post that it did not believe it had been hacked.

“There is no evidence that our system has been hacked or compromised,” FedEx told Reuters.

Thanet, which uses Okta to make it easier for employees to manage and sign in to different apps, told BBC News that the attack “has not affected the council’s data’s security,” but that it “will continue to monitor the issue.”

The National Cyber Security Centre in the United Kingdom claimed it has “not observed any indication of effect in the United Kingdom.”

At last, here is a video from youtube which summarises it all:

Sources:

[1] https://www.bbc.com/news/technology-60849687

[2] https://techcrunch.com/2022/03/28/lapsus-passwords-okta-breach/

[3] https://thehackernews.com/2022/03/new-report-on-okta-hack-reveals-entire.html

[4] https://www.wired.com/story/lapsus-okta-hack-sitel-leak/

[5] https://www.reuters.com/technology/authentication-services-firm-okta-says-it-is-investigating-report-breach-2022-03-22/

Thank you all for your time and consideration.

Hewlett-Packard

Hewlett-Packard or HP is a multinational information technology company that is widely known for their consumer-grade electronic equipment. Most offices today will use HP in some form, whether that be through their laptops, monitors, printers etc. HP was the leading PC manufacturer from 2007-2013, this alone shows us how widespread HP products are, which makes it even more significant when there are critical flaws in their systems. 

What is UEFI

UEFI stands for Unified Extensible Firmware Interface, it defines the interactions between an operating system and the machine firmware. UEFI is a replacement of the BIOS and is also backwards compatible with it. They support remote diagnostics and repair even when there is no operating system.

Why firmware flaws are bad

Since firmware is what allows the machine to boot up, firmware flaws leave the machine vulnerable to attacks before they even boot. Once malicious code has been injected into your machine within the firmware, it is hard to detect and remove since it evades hard resets and a majority of security measures. Another concern regarding malicious access to the firmware is the fact that an attacker can brick a computer by preventing it from booting.

What the specific issue with HP UEFI is

One of the most concerning flaws fixed in this most recent patch is the vulnerability in the System Management Mode, which allows the execution of arbitrary code with the highest privileges. 

According to the U.S Commerce and Homeland Security, “Securing the firmware layer is often overlooked, but it is a single point of failure in devices and is one of the stealthiest methods in which and attacker can compromise devices at scale.”

References:

https://thehackernews.com/2022/03/new-16-high-severity-uefi-firmware.html

https://www.bleepingcomputer.com/news/security/hp-patches-16-uefi-firmware-bugs-allowing-stealthy-malware-infections/

Cryptocurrency has lately been at the forefront of a lot of scams. It has been the very tool which has allowed scammers, thieves and hackers to all be able to net huge profits without getting caught. Just recently on March 24th, there was a flash loan attack on One Ring Protocol which allowed the scammers to walk away with $1.4 million. The stolen funds were turned into a tumbling protocol, or in other words, it made the funds impossible to track as it made the transaction history obscure. Which brings to the question, does cryptocurrency have the same integrity as fiat currency moving forward?

Why do criminals prefer crypto currency?

The use of fiat currency is a highly regulated system. It is a fairly old system and is something familiar to everyone. Cryptocurrency on the other hand is still very new, decentralized, meaning no governing body controls it, and is somewhat complicated. For those reasons there are lots of different ways to exploit crypto currency in order to conduct criminal activities. 

One of those ways include using the anonymity feature which allows the identities of transaction makers to remain unknown. While transactions that occur on the blockchain are public record, that record only includes the addresses involved in the transaction. Meaning criminals can seemingly trade whatever they want without being linked to their crypto address. This including the fact that there are no third parties involved as a mediator means this transaction cannot be stopped or reversed. The transaction itself is also very easy, lightning fast and doesn’t take up any space as cryptocurrency is a digital asset. All that is required is an internet connection, a wallet application and people can simply transfer millions across borders and store those millions without any issue unlike Pablo Escobar. 

What is a Flash Loan?

Flash loans are loans, where a borrower is lent money, and that money is expected to be paid back. However, unlike a regular loan from a bank, flash loans are uncollateralized and make use of smart contracts which are digital agreements which are cemented on a blockchain network so if the agreement of the contract is breached, the funds go back to the lender. Flash loans are only lent for single transactions and must be paid back before the end of the transaction. So if not paid, the transaction never goes through and money goes back to the lender. These loans are generally used by traders and crypto investors in order to make trades and invest with huge leverage which are otherwise not allowed using regular fiat currency. Because of the lending mechanism and thanks to smart contracts, it is impossible on these loans as transactions essentially just “resets”.

So what exactly happened?

How the attackers were able to steal $1.4 million was actually because of price manipulation, assisted by flash loans which drove large amounts of OShare tokens out of the protocol by exploiting some functions of the loan contract. A protocol is a basic set of rules that allow data to be shared between computers. OShare tokens were then moved from Fantom back to Ethereum and again into Tornado Cash. As per the smart contract used, it was developed to self-destruct after the transaction so others cannot track what and how the attackers actually exploited the system in order to steal the 1.4 million. Due to the funds disappearing into tornado cash it limited anyone from stopping the withdrawal of those funds.

Conclusion

While this sort of attack is very complicated and not a big concern for the majority of people, it does question the integrity of crypto currency and its technology moving forward. Crypto is gaining the interest of more and more people everyday. With the hopes it will soon replace fiat currency. However with the unregulated nature of crypto currency, these attacks show there is still a long way to go before the public even remotely trusts this technology to replace fiat currency as security is still a big concern with cryptocurrency. 

Source;

https://www.cognyte.com/blog/5-reasons-why-criminals-are-turning-to-cryptocurrencies/#:~:text=Cryptocurrencies%20are%20transferred%20between%20peers,for%20terror%20funding%20across%20borders.

https://portswigger.net/daily-swig/flash-loan-attack-on-one-ring-protocol-nets-crypto-thief-1-4-million

https://www.sofi.com/learn/content/flash-loans/#:~:text=Flash%20loans%20are%20a%20form,they’ll%20get%20paid%20back.

https://medium.com/oneringfinance/onering-finance-exploit-post-mortem-after-oshare-hack-602a529db99b

What are the allegations?

The accused are alleged to have installed backdoors and launched malicious software designed to compromise the safety of energy facilities.

The accused are alleged to have installed backdoors and launched malicious software designed to compromise the safety of energy facilities. Two separate groups are accused.

According to the indictment, between May and September 2017, one group is accused of hacking the systems of a petro-chemical plant in Saudi Arabia and installing malware, which cyber security researchers have referred to as “Triton” or “Trisis” on a safety system produced by Schneider Electric. This caused a fault that led the refinery’s electric safety systems to initiate two automatic emergency shutdowns of the refinery’s operation in Saudi Arabia. Between February and July 2018, the conspirators are said to have researched similar refineries in the US and unsuccessfully attempted to hack the company’s computer systems. The accused in this case is said to be an employee of the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics.

The UK said the malicious software was designed specifically to target the plant’s safety override for the Industrial Control System which ran its operations.

“The malware was designed to give the actors complete control of infected systems and had the capability to cause significant impact, possibly including the release of toxic gas or an explosion – either of which could have resulted in loss of life and physical damage to the facility,” the UK Foreign Office said in a statement.

Serious consequences of hacker attacks

• In 2015 Ukraine’s electricity grid was disrupted by a cyber-attack called BlackEnergy, which caused a short-term blackout for 80,000 customers of a utility company in western Ukraine.
• The WannaCry “worm” (a kind of virus) scrambled data on approximately 300,000 computers in 150 countries. The UK’s National Health Service was forced to cancel large numbers of medical appointments.
• NotPetya is thought to be the most costly cyber-attack in history and has been blamed on a group of Russian military hackers by the US, UK and EU authorities. The destructive software was hidden in an update of popular accounting software used in Ukraine, but spread worldwide destroying the computer systems of thousands of companies and causing approximately $10bn (£7.5bn) of damage.
• In May 2021, a state of emergency was declared in a number of US states after hackers caused a vital oil pipeline to shut down. Colonial Pipeline carries 45% of the east coast’s supply of diesel, petrol and jet fuel and the supply led to panic at the pumps. The pipeline company admitted to paying criminals $4.4m in hard-to-trace Bitcoin, in order to get computer systems back up and running

Here’s a video on what ransomware is and how does it work.

Reference:

• https://www.bbc.com/news/world-us-canada-60869580
• https://www.bbc.com/news/technology-60841924
• https://www.youtube.com/watch?v=Vkjekr6jacg

On March 17, 2022, CafePress’ past owner was fined $500,000 for security problems.

What is CafePress?

CafePress is an online retail store that allows customers to create their own products, like custom T-shirts, bags, mugs and other merchandise.

‘Shoddy’ Security

The Federal Trade Commission(FTC) claims that CafePress stored the customers’ information in readable text, kept their data longer than necessary and did not repair known system vulnerabilities. CafePress was hacked and more than 23 million accounts compromised in November 2018. After a year, CafePress was hacked again. An attacker was able to access the data and obtain user private information with weak encryption. This major security incident caused millions of CafePress users’ privacy disclosure that included email addresses, passwords, physical addresses, names, security questions and answers, phone numbers, tens of thousands of card payment information and over 180,000 unencrypted social security numbers.

New Data Breach Alert!

Site: Cafepress
Date: 02/2019
Records: 23,321,980
Status: Undisclosed
Info: Email, First Name, Last Name, Hash

See if your information was leaked for free at (link: https://t.co/Il5zj4Bl4h) https://t.co/3ev8DRCmZ6#weleakinfo #infosec #databreach #OSINT

— We Leak Info (@weleakinfo) July 14, 2019

Secure algorithms

Since 23 million customer records were siphoned from CafePress by hackers in November 2018. CafePress was using the SHA-1 to store the users personal information.

What is SHA-1?

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the National Security Agency and published by the National Institute of Standards and Technology (NIST) as a Federal Data Processing Standard (FIPS). The main purpose of SHA-1 is to take input and create a 160-bit (20-byte) hash value. But during 2005, cryptanalysts have found an effective attack on SHA-1, suggesting the algorithm may not be secure enough to continue to be used, also where google, microsoft and other browser companies claim to refuse to accept SHA-1 web encrypt digital certificates.

Conclusion  

In my opinion, an outdated and unsecured encryption method is more dangerous than no encryption method, because people will be more careful on sites without an encrypted certificate, or decide to avoid using it. But to a site with encrypted digital certificates people would consider it is safe to browse, and to thrust the personal information entered are well protected. An outdated and unsecured encryption method has posed a potential threat to user privacy information. This could cost more trouble, where some time is hard to prevent a data leak that is not from your end.

Sources:

https://www.zdnet.com/article/cafepress-fined-500-million-for-shoddy-security-covering-up-data-breach/

https://it.slashdot.org/story/22/03/20/2351231/cafepresss-previous-owner-fined-500000-for-shoddy-security-covering-up-data-breach

https://www.forbes.com/sites/daveywinder/2019/08/05/cafepress-hacked-23m-accounts-compromised-is-yours-one-of-them/?sh=66a2d027407e

https://en.wikipedia.org/wiki/SHA-1

https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-takes-action-against-cafepress-data-breach-cover

https://www.theregister.com/2019/08/06/cafepress_hack_passwords_stolen/