Pages

Tuesday, February 08, 2022

Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected

Bank of England Warns of Record Slump in Standard of Living, As It Hikes Interest Rates for Second Time in Two Months

The decision to implement back-to-back rate hikes, for the first time since 2004, heaps yet more pressure on household incomes and struggling businesses. It came a day after the UK Government passed generous tax cuts for banks.  


North Korea Hacked Him. So He Took Down Its Internet.


News Corp. hacked, reporters targeted; believed China-linked

Lexington Herald Leader: “News Corp., publisher of The Wall Street Journal, said Friday that it had been hacked and had data stolen from journalists and other employees, and a cybersecurity firm investigating the intrusion said Chinese intelligence-gathering was believed behind the operation. The Journal, citing people briefed on the intrusion, reported that it appeared to date back to February 2020 and that scores of employees were impacted. It quoted them as saying the hackers were able to access reporters’ emails and Google Docs, including drafts of articles.

 News Corp., whose publications and businesses include the New York Post and Journal parent Dow Jones, said it discovered the breach on Jan. 20. It said customer and financial data were so far not affected and company operations were not interrupted. But the potential impact on news reporting and sources was a serious concern. News organizations are prime targets for the world’s intelligence agencies because their reporters are in constant contact with sources of sensitive information. 

Journalists and newsrooms from Mexico and El Salvador to Qatar, where Al-Jazeera is based, have been hacked with powerful spyware. Mandiant, the cybersecurity firm examining the hack, said in a statement that it “assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests.”..


 Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected - ProPublica: “A surge in identity theft during the pandemic underscores how easy it has become to obtain people’s private data. As hackers are all too happy to explain, many of them are cashing in on it.Consider some of the episodes last year in which large quantities of personal data were stolen: 300 million customer and device records for users of a service that’s supposed to shield internet traffic from prying eyes; a 17.6-million-row database from a secondorganization, containing profiles of people who participated in its market research surveys; 59 million email addresses and other personal data lifted from a third company



These sorts of numbers barely raise an eyebrow these days; none of the incidents generated major press coverage.Cybertheft conjures images of high-tech missions, with sophisticated hackers penetrating multiple layers of security systems to steal corporate data. But these breaches were far from “Ocean’s Eleven”-style operations. They were the equivalent of grabbing jewels from the seat of an unlocked car parked in a high-crime neighborhood.In each case, the companies left the data exposed online with little or no security. So says Pompompurin, a pseudonymous hacker who posted the millions of stolen records cited above on RaidForums, a discussion board popular with cybercriminals seeking personal data. 

Pompompurin told ProPublica that he often doesn’t need to do much hacking to get his hands on sensitive personal data. Many times, it’s left in cloud storage folders available to anyone with internet access. Pompompurin said he scans the web for such unguarded material and then leaks it on RaidForums “because I can and it’s fun.”…

Such incidents helped make 2021 a record year for data breaches, according to the Identity Theft Resource Center. Data exposure events, in which sensitive data is left sitting online, were responsible for cybersecurity incidents involving an estimated 164 million of the 294 million people victimized in 2021, according to the center…There’s another reason, one that companies don’t like to talk about: It’s often cheaper to clean up a breach than it is to avoid one in the first place. Corporate losses from a data breach typically run around $200,000, according to a recent study of 56,000 cybersecurity incidents published by the Cyentia Institute, a cybersecurity research firm.The low costs don’t justify investing more in data security, according to Sasha Romanosky, a researcher at the RAND Corporation who has studied the issue. “The companies don’t bear the cost of these actions,” Romanosky said. “It is borne by the consumers.”…



 

Why Young Workers Are Driving a Wave of Unionization

The young are again on the forefront of change, now by challenging neoliberal atomization and indoctrination by forming unions.