Archive for May 15, 2017

BREAKING: Bell Customer Info Leaked… More Leaks May Be Coming

Posted in Commentary with tags on May 15, 2017 by itnerd

CBC is breaking a story where 1.9 million Bell customer email addresses and some other info have been leaked by a hacker and more may be coming:

It is not clear when the breach occurred, how the data was accessed, or how long the attacker¬†had access to Bell’s systems.

A person or group alleging to be behind the attack wrote in a post online that they were¬†“releasing a significant portion of Bell.ca’s data due to the fact that they have failed to cooperate with us.”

“This shows how Bell doesn’t care for its customers safety and they could have avoided this public announcement,” the post continues. “Bell, if you don’t cooperate more will leak :)”

Bell has apologized for the leak, and affected customers have been contacted, but questions remain. How did this happen? And what will Bell do to ensure that this never happens again? How about the fact that it looks like this hacker was communicating with Bell? What was that all about? There’s serious questions here that Bell needs addressing. I want to see a response from Bell that is fulsome and complete when it comes to this. But knowing Bell, that likely won’t happen. Though, they are free to surprise me.

Advertisements

This Cyberattack Makes It Clear That It’s Time For Everyone To Wake Up

Posted in Commentary with tags on May 15, 2017 by itnerd

The title of this story sounds a bit harsh, but I think that this cyberattack where tens of thousands of computers in something like 170 countries are being held hostage is a wake up call for a number of groups.

The first group that needs to wake up is consumers, businesses, and governments. This attack has made it clear that we can no longer afford to ignore the topic cybersecurity. We can no longer assume that just because we have anti-virus installed that we are safe. We need to do things like back up our data which would make ransomeware attacks ineffective. We need to not be tempted to click on links or attachments that come as part of a phishing email. We need to not download anything like software, movies or music from places like BitTorrent and the like. We need to make sure that we’re always running an up to date OS (as NHS who was one of the worst hit organizations was apparently still running Windows XP) and be patching it the second that patches appear (as apparently Microsoft had a patch that was on the streets in March that would have mitigated this attack. But clearly not everyone installed it). Lastly, and I am aiming this squarely at governments and businesses, cybersecurity should no longer be an afterthought from a spending perspective. As evidenced by the events of the past few days, spending the money that you need to defend yourself adequately is not an expense, it’s money well spent.

The other group that needs a wake up call is intelligence agencies like the NSA. I say that because part of this attack came from an bug in Microsoft Windows that the NSA was presumably using as part of their “toolkit” to gather intelligence and did not report to Microsoft. However it found its way into the hands of hackers who weaponized it and here we are witnessing the greatest cyberattack to date. When government agencies like the NSA find bugs like this, they should be obliged to report this to the software or hardware vendor in question. They should not be just left out there so that someone like Wikileaks, a hacker, or a nation state stumbles upon it and decides to use it for evil, or discloses it to the world so that someone else can use it for evil. Had the NSA did the right thing when they discovered this bug, we would likely not be here talking about this attack today.

I am hoping that the events of the last few days serve as a wake up call because clearly the world has been unprepared for this sort of event. And clearly that needs to change given the scope and effects of this cyberattack as the next one will be far worse than this one, and have far more catastrophic effects unless we collectively get our act together and prepare for that cyberattack.