Tag Archives: over

PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

PyeongChang-2018-Winter-Olympics

The Pyeongchang Winter Olympics taking place in South Korea was disrupted over the weekend following a malware attack before and during the opening ceremony on Friday.

The cyber attack coincided with 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of televisions and internet at the main press center, leaving attendees unable to print their tickets for events or get venue information.

The Pyeongchang Winter Olympics organizing committee confirmed Sunday that a cyber attack hit its network helping run the event during the opening ceremony, which was fully restored on 8 am local time on Saturday—that’s full 12 hours after the attack began.

Multiple cybersecurity firms published reports on Monday, suggesting that the cause of the disruption was “destructive” wiper malware that had been spread throughout the Winter Games’ official network using stolen credentials.

Dubbed “Olympic Destroyer” by the researchers at Cisco Talos, the wiper malware majorly focuses on taking down networks and systems and wiping data, rather than stealing information.

The Talos researchers would not comment on attribution, but various security experts have already started attributing the Olympic Destroyer malware to hackers linked to either North Korea, China or Russia.

According to the analysis by Cisco Talos, the attacker had intimate knowledge of the Pyeongchang 2018 network’s systems and knew a “lot of technical details of the Olympic Game infrastructure such as username, domain name, server name, and obviously password.”

“The other factor to consider here is that by using the hard-coded credentials within this malware it’s also possible the Olympic infrastructure was already compromised previously to allow the exfiltration of these credentials,” researchers said.

The Olympic Destroyer malware drops two credential stealers, a browser credential stealer and a system stealer, to obtain required credentials and then spreads to other systems as well using PsExec and Windows Management Instrumentation (WMI), two legitimate Windows administration tools used by network admins to access and carry out actions on other PCs on a network.

The researchers noted that both built-in tools were also abused by the Bad Rabbit ransomware and NotPetya wiper malware last year.

Once installed, the malware then first deletes all possible “shadow” copies of files and Windows backup catalogs, turn off recovery mode and then deletes system logs to cover its tracks and making file recovery difficult.

“Wiping all available methods of recovery shows this attacker had no intention of leaving the machine useable. The sole purpose of this malware is to perform destruction of the host and leave the computer system offline,” reads the Talos blog post.

It’s difficult to accurately attribute this cyber attack to a specific group or nation-state hackers due to sparse of technical evidence to support such a conclusion as well as hackers often employing techniques to obfuscate their operations.

Feds Seize Over 20,500 Domain Names For Selling Counterfeit Products

In a coordinated International cyber operation, law enforcement agencies have seized over 20,520 website domains for illegally selling counterfeit products, including luxury products, sportswear, electronics, pharmaceuticals and online piracy on e-commerce platforms and social networks.

Counterfeiting is a form of trademark infringement that involves the manufacturing and/or distribution of fake lookalike branded products with a primary purpose to confuse or dupe consumers into buying them.

The operation, dubbed “In Our Sites (Project TransAtlantic VIII),” was conducted by Europol in association with the Interpol, the US National Intellectual Property Rights Coordination Centre (NIPRCC), FBI, Department of Justice (DOJ), and law enforcement authorities from 27 European Member States.

Counterfeit goods are a huge business, as the International Trademark Association suggested that around $460 billion worth of counterfeit goods were bought and sold last year alone.

“Targeting copyright-infringing websites that market dangerous counterfeit goods to consumers and engage in other forms of intellectual property theft will continue to be a priority for law enforcement,” said acting IPR Center Director Nick.

“Strengthening our collaboration with police authorities around the world and leaders of industry will reinforce the crackdown on IP crimes, and demonstrate that there is no safe haven for criminals committing these illicit activities.”

Europol has not yet disclosed names of seized domains in its press release, and a spokesperson told The Hacker News that the “participating countries have not allowed us [Europol] to release any of the names yet.”

The seized domains have now been displaying the official seals from various law enforcement departments, along with a message that reads:

This domain name has been seized

Operation in Our Sites-Project TransAtlantic VIII is a coordinated effort by the U.S., European, South American and Asian law enforcement agencies targeting websites and their operations that sell counterfeit goods.

Counterfeit items—range from clothes, bags, watches, perfume, cosmetics, electricals, and pirate DVDs, CDs, computer software, and games—are now being so primarily sold online that spotting difference between fake and genuine items is becoming much harder.

In their fight against the online trade of counterfeit goods, Europol has seized a total of 7,776 websites in previous “In Our Sites” (IOS) editions. IOS was implemented in 2014 and has since increased significantly.

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

oneplus-root-backdoor

Another terrible news for OnePlus users.

Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

A Twitter user, who goes by the name “Elliot Anderson” (named after Mr. Robot’s main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.

The application in question is “EngineerMode,” a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device.

This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.

You can also check if this application is installed on your OnePlus device or not. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list.

oneplus

If it’s there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.

EngineerMode has been designed to diagnose issues with GPS, check the root status of the device, perform a series of automated ‘production line’ tests, and many more.

After decompiling the EngineerMod APK, the Twitter user found ‘DiagEnabled’ activity, which if opened with a specific password (It is “Angela”, found after reverse engineering) allows users to gain full root access on the smartphone—without even unlocking the bootloader.

Although the chance of this application already being exploited in the wild is probably low, it seems to be a serious security concern for OnePlus users as root access can be achieved by anyone using a simple command.

root-oneplus-android-phone

Moreover, with root access in hands, an attacker can perform lots of dangerous tasks on victim’s OnePlus phone, including stealthy installing sophisticated spying malware, which is difficult to detect or remove.

Meanwhile, in order to protect themselves and their devices, OnePlus owners can simply disable root on their phones. To do so, run following command on ADB shell:

“setprop persist.sys.adb.engineermode 0” and “setprop persist.sys.adbroot 0” or call code *#8011#

In response to this issue, OnePlus co-founder Carl Pei said that the company is looking into the matter.

The Twitter user has promised to release a one-click rooting app for OnePlus devices using this exploit. We will update the article as soon as it is available.

Bad Rabbit Ransomware Uses Leaked ‘EternalRomance’ NSA Exploit to Spread

bad-rabbit-ransomware-attack

A new widespread ransomware worm, known as “Bad Rabbit,” that hit over 200 major organisations, primarily in Russia and Ukraine this week leverages a stolen NSA exploit released by the Shadow Brokers this April to spread across victims’ networks.

Earlier it was reported that this week’s crypto-ransomware outbreak did not use any National Security Agency-developed exploits, neither EternalRomance nor EternalBlue, but a recent report from Cisco’s Talos Security Intelligence revealed that the Bad Rabbit ransomware did use EternalRomance exploit.

NotPetya ransomware (also known as ExPetr and Nyetya) that infected tens of thousands of systems back in June also leveraged the EternalRomance exploit, along with another NSA’s leaked Windows hacking exploit EternalBlue, which was used in the WannaCry ransomware outbreak.

Bad Rabbit Uses EternalRomance SMB RCE Exploit

Bad Rabbit does not use EternalBlue but does leverage EternalRomance RCE exploit to spread across victims’ networks.

Microsoft and F-Secure have also confirmed the presence of the exploit in the Bad Rabbit ransomware.

EternalRomance is one of many hacking tools allegedly belonged to the NSA’s elite hacking team called Equation Group that were leaked by the infamous hacking group calling itself Shadow Brokers in April this year.

EternalRomance is a remote code execution exploit that takes advantage of a flaw (CVE-2017-0145) in Microsoft’s Windows Server Message Block (SMB), a protocol for transferring data between connected Windows computers, to bypass security over file-sharing connections, thereby enabling remote code execution on Windows clients and servers.

Along with EternalChampion, EternalBlue, EternalSynergy and other NSA exploits released by the Shadow Brokers, the EternalRomance vulnerability was also patched by Microsoft this March with the release of a security bulletin (MS17-010).

Bad Rabbit was reportedly distributed via drive-by download attacks via compromised Russian media sites, using fake Adobe Flash players installer to lure victims’ into install malware unwittingly and demanding 0.05 bitcoin (~ $285) from victims to unlock their systems.

How Bad Rabbit Ransomware Spreads In a Network

According to the researchers, Bad Rabbit first scans the internal network for open SMB shares, tries a hardcoded list of commonly used credentials to drop malware, and also uses Mimikatz post-exploitation tool to extract credentials from the affected systems.

Bad Rabbit can also exploit the Windows Management Instrumentation Command-line (WMIC) scripting interface in an attempt to execute code on other Windows systems on the network remotely, noted EndGame.

However, according to Cisco’s Talos, Bad Rabbit also carries a code that uses EternalRomance, which allows remote hackers to propagate from an infected computer to other targets more efficiently.

“We can be fairly confident that BadRabbit includes an EternalRomance implementation used to overwrite a kernel’s session security context to enable it to launch remote services, while in Nyetya it was used to install the DoublePulsar backdoor,” Talos researchers wrote.

“Both actions are possible due to the fact that EternalRomance allows the attacker to read/write arbitrary data into the kernel memory space.”

Is Same Hacking Group Behind Bad Rabbit and NotPetya?

Since both Bad Rabbit and NotPetya uses the commercial DiskCryptor code to encrypt the victim’s hard drive and “wiper” code that could erase hard drives attached to the infected system, the researchers believe it is “highly likely” the attackers behind both the ransomware outbreaks are same.

“It is highly likely that the same group of hackers was behind BadRabbit ransomware attack on October the 25th, 2017 and the epidemic of the NotPetya virus, which attacked the energy, telecommunications and financial sectors in Ukraine in June 2017,” Russian security firm Group IB noted.

“Research revealed that the BadRabbit code was compiled from NotPetya sources. BadRabbit has same functions for computing hashes, network distribution logic and logs removal process, etc.”

NotPetya has previously been linked to the Russian hacking group known as BlackEnergy and Sandworm Team, but since Bad Rabbit is primarily targeting Russia as well, not everyone seems convinced with the above assumptions.

How to Protect Yourself from Ransomware Attacks?

In order to protect yourself from Bad Rabbit, users are advised to disable WMI service to prevent the malware from spreading over your network.

Also, make sure to update your systems regularly and keep a good and effective anti-virus security suite on your system.

Since most ransomware spread through phishing emails, malicious adverts on websites, and third-party apps and programs, you should always exercise caution before falling for any of these.

Most importantly, to always have a tight grip on your valuable data, keep a good backup routine in place that makes and saves copies of your files to an external storage device that isn’t always connected to your PC.

Over 500 Android Apps On Google Play Store Found Spying On 100 Million Users

android-spyware-malware

Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations.

Since 90 per cent of Android apps is free to download from Google Play Store, advertising is a key revenue source for app developers. For this, they integrate Android SDK Ads library in their apps, which usually does not affect an app’s core functionality.

But security researchers at mobile security firm Lookout have discovered a software development kit (SDK), dubbed Igexin, that has been found delivering spyware on Android devices.

Developed by a Chinese company to offer targeted advertising services to app developers, the rogue ‘Igexin’ advertising software was spotted in more than 500 apps on Google’s official marketplace, most of which included:

  • Games targeted at teens with as many as 100 million downloads
  • Weather apps with as many as 5 million downloads
  • Photo editor apps with 5 Million downloads
  • Internet radio app with 1 million downloads
  • Other apps targeted at education, health and fitness, travel, and emoji

Chinese Advertising Firm Spying On Android Users

The Igexin SDK was designed for app developers to serve targeted advertisements to its users and generate revenue. To do so, the SDK also collects user data to help target interest-based ads.

android-spyware-malware

But besides collecting user data, the Lookout researchers said they found the SDK behaved maliciously after they spotted several Igexin-integrated apps communicating with malicious IP addresses that deliver malware to devices unbeknownst to the creators of apps utilizing it.

“We observed an app downloading large, encrypted files after making a series of initial requests to a REST API at http://sdk[.]open[.]phone[.]igexin.com/api.php, which is an endpoint used by the Igexin ad SDK,” the researchers explain in a blog post. 

“This sort of traffic is often the result of malware that downloads and executes code after an initially “clean” app is installed, in order to evade detection.”

Once the malware is delivered to infected devices, the SDK can gather logs of users information from their device, and could also remotely install other plugins to the devices, which could record call logs or reveal information about users activities.

How to Protect Your Android From This Malware

Google has since removed all the Android apps utilizing the rogue SDK from its Play Store marketplace, but those who have already installed one such app on their mobile handsets, make sure your device has Google Play Protect.

Play Protect is Google’s newly launched security feature that uses machine learning and app usage analysis to remove (uninstall) malicious apps from users Android smartphones to prevent further harm.

In addition, you are strongly advised to always keep a good antivirus application on your device that can detect and block malicious apps before they can infect your device, and always keep your device and apps up-to-date.

Android malware continues to evolve with more sophisticated and never-seen-before capabilities with every passing day. Last month, we saw first Android malware with code injecting capabilities making rounds on Google Play Store.

A few days after that, researchers discovered another malicious Android SDK ads library, dubbed “Xavier,” found installed on more than 800 different apps that had been downloaded millions of times from Google Play Store.

Powered by WPeMatico

Facebook Covertly Launches A Photo-Sharing App In China

facebook-moment-colorful-balloons

The Chinese market is no doubt a pot of gold for big technology giants with over 700 million internet users, but the Chinese government heavily controls the Internet within its borders through its Golden Shield project – the Great Firewall of China.

The Great Firewall has blocked some 171 out of the world’s leading websites, including Google, Facebook, Instagram, Twitter, Tumblr, Dropbox, and The Pirate Bay in the country.

But tech giants like Facebook and Google always try alternative ways to infiltrate the market.

Now it seems like Facebook is trying to secretly enter the largest populous market by releasing an all new social networking app in China that does not carry its brand.

Dubbed Colorful Balloons, the photo-sharing app appears to mimic the look and feel of Facebook’s Moments, an app that allows its users to share photos with their friends and family members.

facebook-moment-colorful-balloons

According to The New York Times, Facebook approved the release of Colorful Balloons back in May and released it through a Chinese company called Youge Internet Technology, without any affiliation with the social networking company.

China banned Facebook in July 2009, its photo-sharing app Instagram in 2014 and even partially blocked the largest instant messaging platform WhatsApp in July. Since then Facebook CEO Mark Zuckerberg trying to break into the world’s biggest online market.

Zuckerberg has made a number of visits to China in recent years to re-enter in the market, meeting with Chinese government officials and reportedly working on a censorship tool for the country to help it suppress posts from appearing in a particular geographic area.

Colorful Balloons now gives the social networking company a way to get an idea on how Chinese users digitally share information with their families and friends or interact with their favourite social media platforms.

Unlike the Moments app which connects users through Facebook, the Colorful Balloons app links users through China’s biggest social network, WeChat.

facebook-moment-colorful-balloons-2

Like Moments, Colorful Balloons has been designed to collate photographs from your smartphone’s photo albums and then share them, but in China, it does so with the use of a QR code used by WeChat.

Since the app is currently not widely distributed in the country, it is not clear if the Chinese government is aware of this Facebook’s efforts. The Cyberspace Administration of China did not respond to a request for comment from the NYT.

In response to this news, Facebook said it’s “spending time understanding and learning more about the country in different ways. Our focus right now is on helping Chinese businesses and developers expand to new markets outside China by using our ad platform.”

The Chinese government is likely already reviewing the app in question, which could end up disappearing if the government find anything suspicious.

Powered by WPeMatico

Companies Could Face $22 Million Fine If They Fail to Protect Against Hackers

data-breach-hacking

Over the past few years, massive data breaches have become more frequent and so common that pretty much every week we heard about some organisation being hacked or hacker dumping tens of millions of users records.

But even after this wide range of data breach incidents, many organisations fail to grasp the importance of data protection, leaving its users’ sensitive data vulnerable to hackers and cyber criminals.

Not now! At least for organisations in Britain, as the UK government has committed to updating and strengthening its data protection laws through a new Data Protection Bill.

The British government has warned businesses that if they fail to take measures to protect themselves adequately from cyber attacks, they could face fines of up to £17 Million (more than $22 Million), or 4% of their global turnover—whichever amount is higher.

However, the financial penalties would be a last resort, and will not be applied to those organisations taking proper security measures and assessing the risks adequately, but unfortunately become a victim of cyber attack.

The penalties would be issued by the data protection regulator, the Information Commissioner’s Office (ICO).

“Our measures are designed to support businesses in their use of data and give consumers the confidence that their data is protected and those who misuse it will be held to account,” Digital Minister Matt Hancock said in a government press release.

Hancock said this newly-proposed Data Protection Bill would:

  • Make it easier and simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal information held by organisations to be erased
  • Enable parents to give consent for their child’s data to be used
  • Require “explicit” consent to be necessary for processing user’s sensitive data
  • Expand the definition of “personal data” to include IP addresses, DNA and internet cookies
  • Strengthen and update Data Protection Law to reflect the changing nature and scope of the country’s digital economy
  • Make it easier and free for users to require companies to disclose the personal data they hold on them
  • Make it easier for users to move data between service providers

The proposal is being considered as part of a government consultation launched on Tuesday by the Department for Digital, Culture, Media and Sport for deciding how to implement the Network and Information Systems (NIS) Directive from next May.

This is separate from the General Data Protection Regulations (GDPR) that are aimed at protecting data rather than services.

The GDPR will replace the British Data Protection Act 1998 from 25 May 2018 and the government have confirmed that Brexit will not change this.

This new proposal is mainly focused on ensuring critical infrastructures, like transport, health, energy, and water are protected from cyber attacks that could result in major disruption to services, as was seen in Ukraine last year.

The proposal will also cover other cyber threats affecting IT infrastructures such as power failures, hardware failures and environmental hazards.

The move comes after the British NHS ( National Health Service) became the highest-profile victim of the recent WannaCry ransomware attack, which resulted in the shutdown of hospitals and operations, patient records being made unavailable and ambulances being diverted.

Powered by WPeMatico

Hacking A $1500 ‘Smart Gun’ With $15 Magnets

hacking-smart-gun

I think we should stop going crazy over the smart things unless it’s secure enough to be called SMART—from a toaster, security cameras, and routers to the computers and cars—everything is hackable.

But the worst part comes in when these techs just require some cheap and easily available kinds of stuff to get compromised.

Want example? It took just cheap magnets purchased from Amazon online store for a security researcher to unlock a “smart” gun that only its owner can fire.

The German manufacturer of the Armatix IP1 “smart” gun which claimed the weapon would ‘usher in a new era of gun safety’ as the gun would only fire by its owners who are wearing an accompanying smartwatch.

However, for the first time, a skilled hacker and security researcher who goes by the pseudonym “Plore” found multiple ways to defeat the security of Armatix GmbH Smart System and its $1,400 smart gun.

According to a detailed report by Wired, the smart idea behind the Armatix IP1 is that the gun will only fire if it is close to the smartwatch, and won’t beyond a few inches of distance from the watch.

However, Plore found three ways to hack into the Armatix IP1 smart gun, and even demonstrated (the video is given below) that he could make the smart gun fire without the security smartwatch anywhere near it.

Smart Gun Hacking Demonstrated:

Plore placed $15 magnets near the barrel of the gun, doing this made him bypass the security watch, thereby defeating the Armatix IP1’s the electromagnetic locking system altogether.

“I almost didn’t believe it had actually worked. I had to fire it again,” the researcher said. “And that’s how I found out for $15 (£11.50) of materials you can defeat the security of this $1,500 (£1,150) smart gun.”

Plore was also able to jam the radio frequency band (916.5Mhz) of the gun from ten feet away using a $20 (£15) transmitter device that emits radio waves, preventing the owner from firing the gun even when the watch is present.

The researcher was also able to hack the gun’s radio-based safety mechanism by using a custom-built $20 RF amplifier to extend the range of the watch.

When the owner squeezes the trigger, the gun sends out a signal to check whether the watch is there or not.

But the researcher was able to intercept the signal using a radio device, which acts as a relay that could extend the range by up to 12 feet, meaning somebody else other than the owner could be wearing the watch, defeating its fundamental security feature.

Plore believes that if smart guns are going to become a reality soon, they will need to be smarter than this one.

Powered by WPeMatico

How Microsoft Cleverly Cracks Down On “Fancy Bear” Hacking Group

russian-fancy-bear-hacking-group

What could be the best way to take over and disrupt cyber espionage campaigns?

Hacking them back?

Probably not. At least not when it’s Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups.

It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by “Fancy Bear” hacking group by using the lawsuit as a tool — the tech company cleverly hijacked some of its servers with the help of law.

Microsoft used its legal team last year to sue Fancy Bear in a federal court outside Washington DC, accusing the hacking group of computer intrusion, cybersquatting, and reserving several domain names that violate Microsoft’s trademarks, according to a detailed report published by the Daily Beast.

Fancy Bear — also known as APT28, Sofacy, Sednit, and Pawn Storm — is a sophisticated hacking group that has been in operation since at least 2007 and has also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election.

The hacking group is believed to be associated with the GRU (General Staff Main Intelligence Directorate), Russian secret military intelligence agency, though Microsoft has not mentioned any connection between Fancy Bear and the Russian government in its lawsuit.

Instead of registering generic domains for its cyber espionage operations, Fancy Bear often picked domain names that look-alike Microsoft products and services, such as livemicrosoft[.]net and rsshotmail[.]com, in order to carry out its hacking and cyber espionage campaigns.

This inadvertently gave Microsoft an opportunity to drag the hacking group with “unknown members” into the court of justice.

Microsoft Sinkholed Fancy Bear Domains

The purpose of the lawsuit was not to bring the criminal group to the court; instead, Microsoft appealed to the court to gain the ownership of Fancy Bear domains — many of which act as command-and-control servers for various malware distributed by the group.

“These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents,” the report reads.

Although Microsoft did not get the full-ownership of those domains yet, the judge last year issued a then-sealed order to domain name registrars “compelling them to alter” the DNS of at least 70 Fancy Bear domains and pointing them to Microsoft-controlled servers.

Eventually, Microsoft used the lawsuit as a tool to create sinkhole domains, allowing the company’s Digital Crimes Unit to actively monitor the malware infrastructures and identify potential victims.

“By analyzing the traffic coming to its sinkhole, the company’s security experts have identified 122 new cyber espionage victims, whom it’s been alerting through Internet service providers,” the report reads.

Microsoft has appealed and is still waiting for a final default judgment against Fancy Bear, for which the hearing has been scheduled on Friday in Virginia court.

Powered by WPeMatico

Over 14 Million Verizon Customers’ Data Exposed On Unprotected AWS Server

verizon-data-breach

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers’ personal details exposed on the Internet after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details open on a server.

Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access.

The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual’s account, even if the account is protected by two-factor authentication.

“The exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning,” explained UpGuard’s Dan O’Sullivan in a blog post.

NICE Systems is an Israel-based company that is known for offering wide-range of solutions for intelligence agencies, including telephone voice recording, data security, and surveillance.

verizon-data-breach-leak

According to the researcher, it is unknown that why Verizon has allowed a 3rd party company to collect call details of its users, however, it appears that NICE Systems monitors the efficiency of its call-center operators for Verizon.

The exposed data contained records of customers who called the Verizon’s customer services in the past 6 months, which are recorded, obtained and analyzed by NICE.

Interestingly, the leaked data on the server also indicates that NICE Systems has a partnership with Paris-based popular telecommunication company “Orange,” for which it also collects customer details across Europe and Africa.

“Finally, this exposure is a potent example of the risks of third-party vendors handling sensitive data,” O’Sullivan said. 

“NICE Systems’ history of supplying technology for use in intrusive, state-sponsored surveillance is an unsettling indicator of the severity of this breach of privacy.”

Vickery had privately informed Verizon team about the exposure in late June, and the data was then secured within a week.

Vickery is a reputed researcher, who has previously tracked down many exposed datasets on the Internet.

Just last month, he discovered an unsecured Amazon S3 server owned by data analytics firm Deep Root Analytics (DRA), which exposed information of more than 198 Million United States citizens, that’s over 60% of the US population.

In March this year, Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) which was also left unsecured on Amazon cloud storage server for anyone to access.

In the same month, the researcher also discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM).

In 2015, Vickery also reported a huge cache of more than 191 Million US voter records and details of as many as 13 Million MacKeeper users.

Powered by WPeMatico