Data Breaches 2016 to 2021

An article regarding a breach that the Government did to themselves.

“Ah McCain. You’ve done it again”.

4 Likes

That probably fails to meet the definition of “data breach” for several reasons (e.g. no PII), but mildly amusing nevertheless.

Don’t ignore the possibility that it was “accidentally on purpose”. Their “talking points” are very likely getting to a lot more ears and eyes than if it were just some government talking head droning on, parroting the party line.

4 Likes

Some interesting (if extremely detailed) research has been done by several Australian universities and the CSIRO on how Internet ‘malicious activity’ has changed in the period 2007 to 2017.

If you’re nerdy enough, you can even download and interrogate the raw data they used.

4 Likes

and have the time.

What’s the summary of how malicious activity has changed?

1 Like

Sorry, I don’t have the time :wink: .

Okay, a few take-outs.

Phishing sources tend to hang around for a while before being blacklisted.

The following table indicates that malware is by far the most reported bad activity.
image

Most activities are sourced to a few countries and autonomous systems (hosts/data centres/software providers). Akamai and Amazon are sources of some malicious activities, but as a proportion of their total services these are small. Next table:

image

The next table shows a reduction early in the reviewed period of Potentially Unwanted Programs (PUPs) as a proportion of all malicious activity. This may be because users are more careful about what they install, and may be because certain large companies got into big trouble for their PUPs (I seem to recall Yahoo getting in trouble for this).
image

The table shows an increase in phishing activity, presumably as monetisation (through Bitcoin etc.) became easier.

5 Likes

This could just as readily gone on the Secrecy thread:

5 Likes

I thought our first national cyber crisis was the NBN, followed more recently by some crazy laws passed by our Parliament just before Christmas 2018.

7 Likes

Yes, crises do often spring from idiocy.

3 Likes

And I forgot to mention the ABS and our census. Apart from the immediate fails, and the retention of personally identifiable information, I read an article that may have been linked from these fora a few days ago saying census data was inadequately de-identified. Just in case it wasn’t from here, though:

4 Likes

Another one for the list.

3 Likes

Yep the ABS one was in the NBN Fixed Wireless topic. NBN fixed wireless

4 Likes

#Need to Know…?

3 Likes

#righttoknow ?

https://yourrighttoknow.com.au

3 Likes

thank you person for the correction! :wink:

1 Like

A reminder to be careful with texts. You never know where they’ve been.
https://www.washingtonpost.com/technology/2019/11/07/forgot-you-not-valentines-day-ghost-texts-arrive-months-late/

This is the US. Whether the situation in Australia is any less insecure, I don’t know.

1 Like

iOS devices by default use ‘iMessage’ when communicating with each other. These are encrypted. Android is in the process of launching a similar feature. Unfortunately this doesn’t help people with one OS messaging the other (unless you use a 3rd party app)

3 Likes

Which is replacing SMS with RCS messaging next year. Unfortunately, that does not appear to mean faster or more secure messaging. (Apparently Telstra calls it Telstra Messaging.)

2 Likes

Or more reliable. It’s still a “best effort” service. There’s no guarantee how long delivery will take - or even whether the message will be delivered at all.

A few years back, a mate recounted a presentation he gave to a group of managers. The managers had developed a habit of communicating by SMS. He was there to tell them that SMS isn’t terribly reliable. While he stood before them, his 'phone sounded. It was an SMS that one of the managers had sent him the previous day. At least it eventually turned up. :laughing:

4 Likes

Not quite 2020 news but getting close is that Wyse lost control of about 2.4 million customers/users data including email addresses, tokens used for Alexa, due to what they say is an employee mistake. To read about the issue the link following has more about it:

5 Likes

‘Human error’ describes what happens when you haven’t adequately trained your employees and/or you have system design that inadequately considers the human element. In other words, it is a cop-out.

3 Likes