Category Archives: data breach

WHAT TO DO BEFORE AND AFTER A CYBERSECURITY BREACH?

How to respond when a breach occurs?

As discussed above, managers and organizations should take preventative steps to avoid the risk of a breach occurring. After spending time planning, spending money, and training employees, someone still manages to break through the organization’s security measures? What do you do now?! Once a breach has been discovered, the organization should take the following immediate steps to limit the breach.

Step 1: Survey the damage

Following the discovery of the breach the designated information security team members need to perform an internal investigation to determine the impact on critical business functions. This deep investigation will allow the company to identify the attacker, discover unknown security vulnerabilities, and determine what improvements need to be made to the company’s computer systems.

Step 2: Attempt to limit additional damage

The organization should take steps to keep an attack from spreading. Some preventative strategies include:

  • • Re-routing network traffic
  • • Filtering or blocking traffic
  • • Isolating all or parts of the compromised network

Step 3: Record the details

The information security team should keep a written log of what actions were taken to respond to the breach. The information that should be collected include:

  • • Affected systems
  • • Compromised accounts
  • • Disrupted services
  • • Data and network affected by the incident
  • • Amount and type of damage done to the systems

Step 4: Engage law enforcement

A major breach should always be reported to law enforcement. The law enforcement agencies that should be contacted are: • The Federal Bureau of Investigation (FBI) • The U.S. Secret Service (USSS) • The U.S. Immigration and Customs Enforcement (ICE) • The District Attorney • State and Local law enforcement

Step 5: Notify those affected

If a breach puts an individual’s information at risk, they need to be notified. This quick response can help them to take immediate steps to protect themselves. However, if law enforcement is involved, they should direct the company as to whether or not the notification should be delayed to make sure that the investigation is not compromised. The individuals are usually notified via letter, phone, email, or in person. To avoid further unauthorized disclosure, the notification should not include unnecessary personal information. 

Step 6: Learn from the breach

Since cybersecurity breaches are becoming a way of life, it is important to develop organizational processes to learn from breaches. This enables better incident handling, should a company be effected by a breach in the future. Some learning issues include:

  • Document all mistakes
  • Assess how the mistakes could have been avoided •
  • Ensure training programs incorporate lessons learnt

Must Do’s

  • Organizations must put the proper resources in place to ensure that any form of cybersecurity breach is dealt with swiftly and efficiently. 
  • There should be an effective Incident Response Plan.
  • Thoroughly check all monitoring systems for accuracy to ensure a comprehensive understanding of the threat. 
  • Engage in continuous monitoring of their networks after a breach for any abnormal activity and make sure intruders have been inhibited thoroughly. 
  • It is important to perform a postincident review to identify planning shortfalls as well as the success in execution of the incident response plan. 
  • Be sure to engage with Law Enforcement, and any other remediation support entity, soon after the threat assessment is made to allow for containment of the breach and to inform any future victims.
  • Documentation is paramount. Thorough documentation from the onset of the breach through the clean-up must be a priority to ensure continual improvement of the Incident Response Plan. 
  • It is critical to the success of a business to integrate cybersecurity into its strategic objectives and to ensure that cyber security roles are defined in its organizational structure.

References

Why is a 22GB database containing 56 million US folks’ personal details sitting on the open internet using a Chinese IP address?

Exclusive A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.

The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone’s name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown. It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.

Read more in

https://www.theregister.co.uk/2020/01/09/checkpeoplecom_data_exposed/

CyberSecurity: Hackers can steal your card info at a gas station using card skimmers

What is the Card Skimmer?

Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card’s magnetic stripe.

You might be wonder how each & everything is weaponized to steal your hard earned money.

Gas station pumps are a different story, however. Most can easily be opened using a universal key which isn’t hard to acquire, allowing the skimming hardware to be installed inside so it’s completely invisible to unsuspecting users

To retrieve the data that’s collected throughout a day, like card numbers and PINs, criminals just need to pull up nearby and download it all over a wireless Bluetooth connection. 

How does hacker use card skimmer?

Read more in https://www.thebalance.com/how-credit-card-skimming-works-960773

Is there any solution to this problem?

The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices—like sensors, smartphones, or vehicle tracking hardware—from card skimmers that are using the wireless protocol as a way to harvest stolen data. 

So far Bluetana app has identified successfully 42 Gas stations in United States. As of now, details of smartphone app has not been public because of hackers will find a way to bypass app algorithm.

Data-driven technologies in Political campaigning. Inside the Influence Industry. How it works.

The scandal surrounding Cambridge Analytica that broke on 17 March 2018 was a watershed moment. For many voters, it created a unique insight into how their data was being traded and utilised to target them for political influence: voters realised the effects the technologies were having on them. Despite widespread global attention, there is still very little known about the techniques that are applied to sway citizens’ political views by leveraging the data they give away.

All the data-driven methods from analysing behavioural data to A/B testing and from geotargeting to psychometric profiling, political parties are using the same techniques to sell political candidates to voters that companies use to sell shoes to consumers.

What are voter files?

Voter files are profiles of individual voters that are collected into databases for political campaigning purposes. In its most basic form, a voter file is a list of people who could potentially vote in a given election. This data can also be combined with more detailed information, like party affiliation or registration history. While voter files can vary depending on who produces them—whether electoral administrators, commercial entities or political parties—they often consist of publicly accessible information combined with more detailed data acquired from outside sources and polling. 

What is A/B testing?

When Barack Obama’s 2008 presidential campaign team was having trouble converting web visitors into subscribers, they took a page from commercial marketing’s playbook and decided to change the text on their website. They tested three different messages against the site’s usual ‘Sign Up’ prompt: ‘Learn More,’ ‘Join Us Now’ and ‘Sign Up Now.’ They found that ‘Learn More’ outperformed the default message by a whopping 18.6%.1 When they tested the prompt alongside six different photo and video options, the winning combination boosted their sign-up rate by more than 3 percentage points.

While this number may seem small, the campaign estimated that this single change contributed to nearly three million new email address sign-ups and netted $60 million in new donations.2, 3, 4 Four years later, the Obama re-election campaign ran over 500 similar A/B tests across web and email in 20 months, increasing their donation conversion by 29% and their sign-up conversions by 161%.5, 6

The Complete document is referenced here

https://tacticaltech.org/media/Personal-Data-Political-Persuasion-How-it-works.pdf