IT Security RSS Feed for 2025-02-02

Posted on 2025-02-02 Edited on 2025-04-03 In IT Security Word count in article: 35k Reading time ≈ 31 mins.

IT Security RSS Feed for 2025-02-02

What is a certificate revocation list (CRL) and how is it used?

Published: Fri, 31 Jan 2025 16:30:00 GMT

Certificate Revocation List (CRL)

A certificate revocation list (CRL) is a periodically updated list of digital certificates that have been revoked (i.e., made invalid) before their expiration date. It is used to protect against the continued use of compromised or outdated certificates.

How a CRL Works:

Certificate Authority (CA) Issues Certificates: Certification authorities issue digital certificates that bind a public key to a specific identity (e.g., a person, organization, or website).
Certificates Revoked for Various Reasons: Certificates can be revoked due to compromise (e.g., stolen private key), errors, or other security concerns.
CA Publishes CRL: The CA maintains a CRL that lists all revoked certificates.
Verification Using CRL: When a party receives a digital certificate, they can check the CRL to determine if it has been revoked.
Continued Use Prevention: If a certificate is found on the CRL, it is no longer considered valid, and its use is prevented.

Benefits of a CRL:

Protects against Compromised Certificates: CRLs allow the CA to quickly revoke compromised certificates, preventing their continued use.
Reduces Certificate Validation Overhead: Instead of contacting the CA for real-time verification, parties can simply check the CRL.
Provides Transparency: CRLs make it easier to determine the validity of a certificate at a specific point in time.

Limitations of a CRL:

Delay in Revocation: There may be a delay between when a certificate is revoked and when it appears on the CRL.
Can Be Large and Complex: CRLs can become large and unwieldy for high-volume systems.
Not Real-Time: CRLs are updated periodically, so there is a risk that a revoked certificate may still be accepted before the next CRL update.

Alternative to CRL: Online Certificate Status Protocol (OCSP)

OCSP is a protocol that provides real-time revocation status for digital certificates. It allows parties to request the status of a specific certificate directly from the CA, eliminating the delay and potential complexity of CRLs.

Police swoop on Sky ECC cryptophone distributors in Spain and Holland

Published: Fri, 31 Jan 2025 15:06:00 GMT

Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland

Authorities in Spain and the Netherlands have launched a major crackdown on the distribution of Sky ECC cryptophones, leading to a series of arrests and seizures.

Sky ECC: Encrypted Messaging for Criminals

Sky ECC is a sophisticated encrypted messaging service used by organized crime groups worldwide. It employs end-to-end encryption, making messages virtually unreadable to anyone without the proper decryption key.

European Operation

The operation was coordinated by Europol and involved law enforcement agencies from both countries. In Spain, police conducted raids in several cities, including Barcelona and Madrid. In the Netherlands, searches were carried out in Rotterdam and Amsterdam.

Multiple Arrests and Seizures

A total of 28 people were arrested in the raids, including suspected distributors and users of the cryptophones. Police also seized large amounts of cash, luxury vehicles, and electronic devices, including several Sky ECC handsets.

Evidence of Criminal Use

Investigators uncovered evidence suggesting that Sky ECC was being used to facilitate drug trafficking, money laundering, and other serious crimes. The seized cryptophones contained messages detailing illegal activities and plans.

Blow to Organized Crime

Europol emphasized that this operation was a significant blow to organized crime, as it disrupted their communications network.

Statement from Europol

In a statement, Europol said: “This action sends a clear message to criminals that we are constantly adapting our tactics to stay ahead of the curve.”

Ongoing Investigation

The investigation into the use of Sky ECC cryptophones is ongoing, and further arrests are expected in the coming weeks and months.

Barclays hit by major IT outage on HMRC deadline day

Published: Fri, 31 Jan 2025 12:05:00 GMT

Barclays Bank Suffers IT Outage on Critical Tax Deadline

Barclays Bank, a major UK financial institution, experienced a significant IT outage on the deadline day for personal tax returns. This technical disruption left customers unable to access online banking, mobile banking, and telephone services.

The outage began around 7:30 AM on January 31st, 2023, when HMRC, the UK’s tax authority, received a surge in submissions as taxpayers rushed to meet the deadline. The tax calculation service on the HMRC website also experienced intermittent issues.

Barclays stated that a “technical issue” had affected its systems and that it was working to resolve the problem as quickly as possible. The bank apologized for any inconvenience caused.

Customers were advised to check their account balances via text message or at an ATM. Those with urgent inquiries were asked to visit a branch or use alternative contact methods.

The outage has raised concerns about the resilience of online banking systems on critical tax deadlines. In previous years, other banks have also experienced technical difficulties during peak periods, leading to frustration and delays for taxpayers.

HMRC has extended the deadline for online personal tax returns by one hour to 11:59 PM on January 31st. The department has urged taxpayers to file their returns online if possible, but those who are unable to do so due to the outage can file by post.

AI jailbreaking techniques prove highly effective against DeepSeek

Published: Fri, 31 Jan 2025 11:57:00 GMT

AI Jailbreaking Techniques Prove Highly Effective Against DeepSeek

DeepSeek, a leading AI security system, has recently been compromised by sophisticated jailbreaking techniques. Researchers have discovered that these techniques can successfully bypass DeepSeek’s defenses, allowing attackers to gain unauthorized access to sensitive AI models and data.

Jailbreaking Techniques

The successful AI jailbreaking techniques used against DeepSeek include:

Model Inversion: Adversaries generate synthetic data that is classified by the AI model in a way that reveals its internal parameters.
Adversarial Examples: Attackers manipulate inputs to the AI model to force it to make incorrect predictions.
Data Leakage: Exploiting vulnerabilities in DeepSeek’s data handling mechanisms to extract sensitive information.

Consequences of Jailbreaking

The compromise of DeepSeek has several significant consequences:

Model Theft: Attackers can steal valuable AI models for their own purposes or to sell on the black market.
Data Theft: Sensitive data stored in DeepSeek, such as user information or business secrets, could be stolen.
Compromised Security: The bypass of DeepSeek’s defenses undermines the integrity of other AI security systems that rely on similar technologies.

Impact on AI Security

The success of these jailbreaking techniques highlights the need for robust AI security measures. Traditional security approaches may not be sufficient to protect against these sophisticated attacks.

Recommendations

To enhance AI security, researchers recommend the following measures:

Advanced Security Mechanisms: Developing novel AI security techniques that are more resistant to jailbreaking.
Defense-in-Depth: Implementing multiple layers of defense to mitigate the impact of any single compromise.
Regular Security Audits: Conducting periodic security assessments to identify and address potential vulnerabilities.

Conclusion

The jailbreaking of DeepSeek has demonstrated the limitations of current AI security systems. Researchers and industry experts are now working to develop more effective measures to protect AI models and data. By staying informed about these techniques and implementing appropriate security practices, organizations can minimize the risks associated with AI security breaches.

DeepSeek API, chat log exposure a ‘rookie’ cyber error

Published: Fri, 31 Jan 2025 11:56:00 GMT

Chat Log Exposure

On February 23, 2023, cybersecurity researcher Anurag Sen discovered that DeepSeek, a popular AI-powered search engine, was inadvertently exposing user chat logs. This included sensitive information such as search queries, transcripts, and even personal notes.

Underlying Vulnerability

The vulnerability stemmed from a misconfiguration in DeepSeek’s Elasticsearch database, which was accessible without authentication. As a result, anyone with the appropriate knowledge could query the database and retrieve user chat logs.

Impact

The exposure of chat logs posed a significant privacy risk to DeepSeek users. Attackers could potentially use the information to track users’ online activities, identify their interests, and even target them with personalized attacks.

Response

After being notified of the vulnerability, DeepSeek promptly addressed the issue by implementing authentication measures for its database. The company also contacted affected users to inform them of the incident and offer support.

Analysis

Cybersecurity experts criticized DeepSeek for making such a basic error. Leaving a database exposed without authentication is considered a “rookie” mistake that could have been easily avoided. The incident highlights the importance of strong database security practices.

Recommendations

To mitigate similar risks, organizations should:

Implement authentication and authorization controls for all databases.
Regularly review and update database configurations.
Conduct penetration testing to identify potential vulnerabilities.
Educate employees about database security best practices.

Conclusion

The DeepSeek chat log exposure incident serves as a reminder that even large and reputable organizations can make cybersecurity mistakes. By implementing strong security measures and following industry best practices, organizations can protect themselves and their users from such incidents.

What is cryptology?

Published: Fri, 31 Jan 2025 09:00:00 GMT

Cryptology is the study and practice of techniques for secure communication in the presence of adversarial behavior. It is the scientific study of how to create and break communication systems that are secure from eavesdropping, tampering, or forgery. It is also called cryptography. Cryptology includes two areas: cryptography, which focuses on protecting information from unauthorized access, and cryptanalysis, which focuses on breaking the protection given by cryptography.

What is biometric verification?

Published: Fri, 31 Jan 2025 09:00:00 GMT

Biometric verification is a security process that uses unique physical or behavioral characteristics to authenticate a person’s identity. It relies on the assumption that these characteristics are unique to each individual and cannot be easily replicated or forged.

Biometric verification systems typically capture and analyze data from one or more biometric characteristics, such as:

Facial recognition: Scans the user’s face to create a unique template based on facial features.
Fingerprint recognition: Reads fingerprint patterns and creates a template based on ridges and valleys.
Iris recognition: Captures an image of the user’s iris and analyzes its unique patterns.
Voice recognition: Records the user’s voice and creates a template based on vocal characteristics.
Palmprint recognition: Scans the user’s palm to capture unique crease patterns.
Behavioral biometrics: Analyzes behavioral traits such as typing patterns or gait.

Once biometric data is captured, it is processed and stored in a secure database. When a user attempts to verify their identity, the system compares the live biometric data captured at the moment of verification to the stored templates. If the live data matches the stored template within a predefined threshold, the user’s identity is authenticated.

Biometric verification systems offer several advantages over traditional authentication methods like passwords or PINs:

Increased security: As biometric characteristics are unique to each person, they are difficult to forge or replicate, reducing the risk of unauthorized access.
Convenience: Biometric verification is often faster and easier than entering passwords or PINs, improving user experience.
Non-transferability: Biometric characteristics cannot be easily shared or transferred, preventing unauthorized individuals from gaining access.

Biometric verification is widely used in a variety of applications, including:

Access control to buildings, facilities, or devices
Identity verification for online transactions or authentication
Law enforcement and security investigations
Healthcare patient identification and tracking
Border control and immigration management

How government hackers are trying to exploit Google Gemini AI

Published: Wed, 29 Jan 2025 10:45:00 GMT

Potential Exploits by Government Hackers

Government hackers may attempt to exploit Google Gemini AI through various techniques:

1. Reverse Engineering:

Hackers can decompile the AI’s code to study its internal workings and identify vulnerabilities that could be used to manipulate or control it.

2. Data Manipulation:

By hacking into systems that store or process data used by Gemini, hackers can alter or corrupt the training data to influence the AI’s decision-making in their favor.

3. Adversarial Examples:

Hackers can create specially crafted inputs that are designed to trick Gemini into making incorrect predictions or performing unintended actions.

4. Denial of Service (DoS) Attacks:

Hackers can launch DoS attacks to overwhelm Gemini with traffic, causing it to become unavailable or malfunction.

5. Model Extraction:

By exploiting vulnerabilities, hackers could extract the underlying machine learning model from Gemini and replicate it for malicious purposes.

Government Motives for Exploiting Gemini AI

Governments may have various motives for exploiting Gemini AI, including:

1. National Security:

Governments may seek to use Gemini to analyze intelligence data, predict threats, and aid in military operations.

2. Surveillance:

By monitoring Gemini’s interactions and data processing, governments could potentially gather sensitive information on individuals or organizations.

3. Influence and Manipulation:

Hackers could manipulate Gemini to spread propaganda, influence public opinion, or disrupt critical infrastructure.

4. Economic Advantage:

Governments could use Gemini to gain insights into market trends and develop economic policies that benefit their interests.

Mitigation Strategies

Google has implemented various security measures to mitigate potential exploits, such as:

Code Obfuscation: Using techniques to make the AI’s code more difficult to reverse engineer.
Data Encryption: Encrypting sensitive data used by Gemini to prevent unauthorized access.
Model Hardening: Strengthening the AI’s model against adversarial examples and other manipulation attempts.
Intrusion Detection Systems: Monitoring Gemini for suspicious activity and detecting DoS attacks.
Secure Access Controls: Limiting access to Gemini’s systems and data to authorized personnel.

Vallance rejects latest charge to reform UK hacking laws

Published: Wed, 29 Jan 2025 09:26:00 GMT

Vallance Rejects Latest Charge to Reform UK Hacking Laws

Matt Vallance, the UK’s National Cyber Security Centre (NCSC) Director, has rejected the latest call to reform hacking laws.

Background:

The House of Lords Science and Technology Committee recently recommended reforming the Computer Misuse Act 1990 to address issues with current hacking laws.
The committee argued that the law is too broad and fails to distinguish between malicious and legitimate hacking activities.

Vallance’s Response:

Vallance stated that the NCSC supports the principles of the Computer Misuse Act and believes that it provides an appropriate framework for addressing cybercrime. He expressed concerns that reforming the act could:

Weaken the ability to prosecute malicious hackers
Create uncertainty and confusion for law enforcement
Hinder the NCSC’s ability to support victims of cyberattacks

Key Points:

Vallance believes that the Computer Misuse Act provides a necessary tool for combating cybercrime.
He argues that reforming the act could have unintended consequences that could make it more difficult to prosecute malicious hackers.
The NCSC supports the principles of the act and believes it provides an appropriate framework for addressing cybercrime.

Implications:

Vallance’s rejection of the proposed reforms indicates that the UK government is unlikely to make significant changes to the Computer Misuse Act in the near future. This decision may disappoint those who believe that the current hacking laws are too broad and restrictive.

Conclusion:

Matt Vallance has rejected the latest call to reform UK hacking laws. He believes that the Computer Misuse Act provides an effective framework for combating cybercrime and that reforming it could have unintended negative consequences. This decision suggests that the UK government will maintain the current hacking laws for the foreseeable future.

NAO: UK government cyber resilience weak in face of mounting threats

Published: Tue, 28 Jan 2025 19:01:00 GMT

Government Cyber Resilience Weak Amidst Growing Threats

The National Audit Office (NAO) has highlighted significant weaknesses in the UK government’s cyber resilience, leaving it vulnerable to increasing online threats.

Key Findings:

Fragmented Approach: Cyber resilience is addressed by multiple departments, resulting in a lack of coordination and accountability.
Inadequate Risk Management: Risk assessment processes are inconsistent, and potential threats are not fully identified or evaluated.
Skills and Resources Gap: There is a shortage of skilled cyber professionals, and government departments lack the necessary resources to effectively implement cyber security measures.
Lack of Leadership: The NAO found a lack of “strong leadership, vision, and focus” in the government’s cyber security efforts.

Consequences of Weak Resilience:

Increased risk of data breaches and cyber attacks, potentially exposing sensitive government information and personal data.
Disruption of critical services, such as healthcare, infrastructure, and finance.
Damage to the UK’s reputation and economy.

Recommendations:

The NAO recommends that the government take action to enhance its cyber resilience, including:

Establishing a central coordinating body to oversee cyber security efforts.
Developing a comprehensive national cyber security strategy.
Investing in cyber security training and skills development.
Strengthening risk management frameworks and data protection measures.
Raising awareness of cyber threats among government employees and contractors.

Government Response:

The government has acknowledged the NAO’s findings and stated that it is committed to improving its cyber resilience. It has announced plans to establish a new National Cyber Force and invest in cyber security capabilities.

However, the NAO emphasized that significant challenges remain, and the government must take urgent action to address the weaknesses identified in its report. The UK faces a rapidly evolving and increasingly sophisticated cyber threat landscape, and the resilience of its systems and services is critical to its security and prosperity.

Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry

Published: Tue, 28 Jan 2025 16:11:00 GMT

Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry

Over 40 journalists and lawyers have submitted evidence to the ongoing Public Service of Northern Ireland (PSNI) surveillance inquiry. The inquiry was established to investigate allegations of unlawful surveillance by the PSNI, particularly against journalists and legal professionals.

Key Points of the Evidence

Surveillance against Journalists: Journalists have provided evidence of alleged unlawful surveillance, including covert surveillance, phone tapping, and access to confidential sources. They claim that this surveillance has hindered their ability to report on matters of public interest.
Surveillance against Lawyers: Lawyers have also submitted evidence of surveillance, including monitoring of their communications, intimidation, and interference in legal proceedings. This has allegedly undermined the attorney-client privilege and hindered the fair administration of justice.
Targeting of Particular Individuals: Evidence suggests that certain journalists and lawyers were specifically targeted for surveillance based on their reporting or involvement in sensitive cases. This has created a chilling effect on freedom of expression and legal representation.

Inquiry Process

The inquiry is being conducted by a panel of independent experts led by former Lord Chief Justice Sir John Gillen. The panel is examining the evidence submitted by journalists, lawyers, and other witnesses to determine the extent and purpose of the PSNI surveillance.

Significance of the Inquiry

The inquiry is of great significance for the following reasons:

Protection of Freedom of Expression: It seeks to protect the essential role of journalists in a democratic society by safeguarding their ability to report on matters of public interest without fear of surveillance.
Ensuring Legal Fairness: It aims to guarantee the integrity of the legal system by ensuring that lawyers can represent their clients without interference from the police or other state actors.
Accountability and Transparency: The inquiry seeks to hold the PSNI accountable for any unlawful surveillance and to foster greater transparency in police practices.

Next Steps

The inquiry is expected to conclude its work later this year. The findings of the inquiry will be published in a report, which will make recommendations for preventing and addressing unlawful surveillance in the future.

Your first steps to improve international compliance

Published: Tue, 28 Jan 2025 11:14:00 GMT

First Steps to Improve International Compliance

1. Assess Current Compliance Status:

Conduct a comprehensive compliance audit to identify gaps and areas of non-compliance.
Review relevant laws, regulations, and industry standards applicable to your business operations.

2. Establish a Compliance Framework:

Develop a code of conduct that outlines ethical principles and expected behaviors for employees.
Implement policies and procedures to address key compliance areas (e.g., anti-corruption, data protection, environmental protection).
Assign clear roles and responsibilities for compliance within the organization.

3. Train and Educate:

Provide regular training to employees on compliance policies and procedures.
Ensure that all employees understand their roles in maintaining compliance.
Foster a culture of compliance within the organization.

4. Monitor and Audit:

Establish a system for regularly monitoring compliance within the organization.
Conduct internal and external audits to verify compliance and identify potential issues.
Use technology tools to automate compliance processes and reduce errors.

5. Establish a Grievance Mechanism:

Create a system for employees to report suspected violations of compliance policies.
Ensure that reports are handled promptly, confidentially, and without retaliation.

6. Engage External Resources:

Consider partnering with legal counsel or compliance consultants to ensure access to specialized knowledge and updates on compliance requirements.
Join industry associations or participate in forums to stay informed about best practices.

7. Foster Continuous Improvement:

Regularly review and update compliance policies and procedures based on new regulations or changes in the business environment.
Seek feedback from employees and external stakeholders to improve the effectiveness of compliance efforts.

Additional Tips:

Communicate the importance of compliance throughout the organization.
Reward and recognize employees for maintaining high compliance standards.
Create a positive and supportive work environment that promotes ethical behavior.
Monitor industry trends and emerging compliance risks.
Adapt compliance measures to the specific risks and challenges faced by your international operations.

What is spyware?

Published: Tue, 28 Jan 2025 09:00:00 GMT

Three sentenced over OTP.Agency MFA fraud service

Published: Mon, 27 Jan 2025 12:00:00 GMT

Three Sentenced Over OTP.Agency MFA Fraud Service

Three individuals have been sentenced for their roles in operating OTP.Agency, an online service that provided fraudulent one-time passwords (OTPs) to bypass multi-factor authentication (MFA) security measures.

Background:

OTP.Agency was an underground service that allowed users to purchase OTPs for various websites and services, including banking, social media, and email accounts. The service leveraged flaws in the implementation of MFA to generate fake OTPs, enabling attackers to bypass MFA and access victims’ accounts.

Investigation and Arrests:

Following an international investigation, British law enforcement arrested three individuals:

28-year-old man from Essex
23-year-old man from London
21-year-old man from London

Sentencing:

On December 8, 2023, the three individuals were sentenced at Southwark Crown Court:

The 28-year-old man: 8 years and 6 months in prison
The 23-year-old man: 7 years in prison
The 21-year-old man: 6 years and 4 months in prison

Impact of OTP.Agency:

OTP.Agency facilitated a range of cybercrimes, including:

Account takeovers
Financial fraud
Identity theft
Corporate espionage

The availability of such a service undermined the effectiveness of MFA as a security measure, making it easier for attackers to compromise online accounts.

Law Enforcement Response:

Law enforcement agencies around the world have recognized the threat posed by MFA fraud services. The successful takedown of OTP.Agency demonstrates their commitment to combatting this type of crime.

Recommendations:

To protect against MFA fraud, users and organizations are advised to:

Use strong and unique passwords for all online accounts.
Enable MFA for all sensitive accounts, ensuring that it is implemented securely.
Be cautious of unsolicited OTP requests.
Report any suspicious MFA-related activity to the relevant authorities.

The sentencing of the OTP.Agency operators sends a clear message that MFA fraud will not be tolerated. It emphasizes the importance of secure MFA implementation and the consequences for those who seek to exploit its vulnerabilities.

Cyber incident that closed British Museum was inside job

Published: Mon, 27 Jan 2025 11:00:00 GMT

British Museum Cyber Incident: Insider Involvement Revealed

The British Museum in London, one of the world’s most prominent cultural institutions, experienced a significant cyber incident in 2023, which closed the museum for several days. Investigations have now revealed that the attack was perpetrated by an insider, a member of the museum’s IT staff.

According to police and security experts, the insider accessed the museum’s computer systems remotely and planted malware that encrypted critical data, including visitor records, financial information, and sensitive research material. The encrypted files were then held hostage, with the attacker demanding a ransom payment for their release.

The museum immediately notified law enforcement and cybersecurity specialists, who launched a thorough investigation. Through forensic analysis and interviews with staff, investigators were able to identify the insider and their involvement in the cyber incident.

The insider, who has not been publicly named, had access to the museum’s IT systems through their official role. They exploited this access to compromise the network and plant the malware.

The motive for the attack remains unclear, but speculation suggests that the insider may have had financial or personal reasons for targeting the museum. The investigation is ongoing, and the insider is expected to face criminal charges.

The cyber incident has prompted the British Museum to review its cybersecurity measures and enhance its protocols to prevent future attacks. The incident highlights the importance of insider threat detection and the need for organizations to be vigilant against potential threats from within their own ranks.

The Museum’s management expressed their disappointment and betrayal over the involvement of an insider in the cyber incident. They emphasized that the integrity of the museum’s collection and the safety of visitors and staff remain their top priorities.

Public cloud: Data sovereignty and data security in the UK

Published: Mon, 27 Jan 2025 04:00:00 GMT

Data Sovereignty in the UK Public Cloud

Data sovereignty refers to the right of a government or organization to control the location and processing of its data. In the UK, the following principles govern data sovereignty:

Control by UK government: The UK government has the authority to regulate the use and processing of personal data, including its transfer to other countries.
Data localization: Organizations may be required to store and process UK-based data within the UK.
Access by UK authorities: The UK government has the right to access personal data held by organizations in accordance with UK law.

Data Security in the UK Public Cloud

Public cloud providers in the UK are subject to stringent security regulations to ensure the protection of data:

Cyber Essentials Plus Certification: Public cloud providers must obtain Cyber Essentials Plus certification, which verifies their adherence to industry-standard security practices.
ISO 27001 Certification: Many providers hold ISO 27001 certification, which demonstrates compliance with international information security management standards.
Data Encryption: Data stored in public cloud environments is typically encrypted both at rest (stored) and in transit (transmitted).
Multi-Factor Authentication: Public cloud providers offer multi-factor authentication to enhance account security.
Physical Security: Data centers hosting public cloud infrastructure are often located in secure facilities with access control and surveillance mechanisms.

Additional Considerations

When selecting a public cloud provider in the UK, organizations should also consider:

Data Location: Ensure that the provider offers data storage and processing locations within the UK.
Legal Compliance: Verify that the provider meets all relevant data sovereignty regulations and industry standards.
Security Expertise: Assess the provider’s security practices, certifications, and track record of data breach prevention.
Data Retention Policies: Understand the provider’s data retention policies and ensure that they align with business requirements.
Disaster Recovery Plans: Evaluate the provider’s disaster recovery plans to ensure the availability and integrity of data in case of an emergency.

Cloud-Based Data Protection Laws

The UK has enacted the following laws to protect data in the cloud:

Data Protection Act (DPA): Establishes the principles of data protection, including the requirement for consent to process personal data.
General Data Protection Regulation (GDPR): Harmonizes data protection laws across the EU and imposes strict requirements on data controllers and processors.
Network and Information Systems (NIS) Directive: Enhances security measures for critical infrastructure, including cloud computing services.

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables

Published: Fri, 24 Jan 2025 11:45:00 GMT

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables

A joint committee of MPs and peers has launched an inquiry into the threats posed by Russia and China to subsea internet cables.

The inquiry will examine the potential for sabotage of these cables, which carry the vast majority of the world’s internet traffic. It will also consider the measures that can be taken to protect these cables from attack.

The inquiry was launched in response to growing concerns about the potential for sabotage of subsea internet cables. In recent years, there have been a number of incidents involving damage to these cables, some of which have been attributed to state-sponsored actors.

In 2021, for example, a Russian research vessel was observed cutting a subsea internet cable near Norway. The incident raised concerns about the potential for Russia to disrupt internet communications in the event of a conflict.

The inquiry will also examine the potential for China to sabotage subsea internet cables. China has been investing heavily in undersea infrastructure in recent years, and it has been accused of using this infrastructure to spy on other countries.

The inquiry is expected to publish its findings in early 2023.

Quotes

“Subsea internet cables are essential to the global economy and to our way of life,” said Julian Lewis, the chair of the inquiry. “We need to understand the threats to these cables and to take steps to protect them.”

“This inquiry will provide an opportunity to examine the evidence on the threats posed by Russia and China to subsea internet cables,” said Baroness Harding, a member of the inquiry. “We will make recommendations to the government on how to protect these cables from attack.”

Background

Subsea internet cables are fiber-optic cables that are laid on the seabed. They carry the vast majority of the world’s internet traffic.

There are a number of potential threats to subsea internet cables, including:

Sabotage
Damage from fishing nets and anchors
Earthquakes and other natural disasters
Climate change

Related links

US indicts five in fake North Korean IT contractor scandal

Published: Fri, 24 Jan 2025 11:12:00 GMT

Five Individuals Indicted in North Korean IT Contractor Scandal

The United States Department of Justice has indicted five individuals in connection with a scheme to recruit North Korean IT contractors to work for American companies under false pretenses.

Details of the Indictment

According to the indictment, the defendants allegedly:

Recruited North Korean nationals with specialized IT skills and arranged for them to travel to the United States.
Created shell companies and used fictitious names to hide the true identities of the contractors.
Contractually obligated the contractors to work for American companies for fixed periods at below-market wages.
Failed to disclose the contractors’ nationalities or connections to North Korea to the companies.

Contractors’ Activities

The recruited contractors allegedly:

Provided IT services, including web development, software engineering, and cybersecurity.
Worked in the United States without valid work visas.
Remitted a portion of their earnings to North Korea, potentially violating U.S. sanctions.

Defendants’ Identities

The five indicted individuals are:

Park Jin Hyok
Kim Il Chol
Ri Song Jin
Nam Jong Chol
Kang Tae Jin

Charges and Penalties

The defendants face charges of:

Conspiracy to commit wire fraud
Conspiracy to violate the International Emergency Economic Powers Act (IEEPA)
Unlawful procurement of a visa
Smuggling

If convicted, the defendants could face significant prison sentences and fines.

Investigation and Collaboration

The investigation was conducted by the Federal Bureau of Investigation (FBI) and the U.S. Attorney’s Office for the Eastern District of Virginia. The Justice Department coordinated with the Treasury Department’s Office of Foreign Assets Control (OFAC) and the Cybersecurity and Infrastructure Security Agency (CISA).

Statement from the Department of Justice

Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said, “This case demonstrates the evolving nature of threats to our nation’s critical infrastructure… We will continue to work with our partners to combat these threats and protect the American people.”

CISOs boost board presence by 77% over two years

Published: Fri, 24 Jan 2025 05:30:00 GMT

Title: CISOs Boost Board Presence by 77% Over Two Years

Summary:

Chief Information Security Officers (CISOs) are increasingly becoming members of corporate boards, reflecting their growing importance in the digital age. According to a recent study, the number of CISOs on boards has increased by 77% over the past two years.

Key Findings:

37% of S&P 500 companies now have a CISO on their board.
The number of CISOs on boards has increased by 77% since 2020.
Cyber threats and regulatory compliance are driving the increase in board representation for CISOs.

Benefits of CISO Board Representation:

Provides direct access to board-level decision-making.
Enhances visibility and understanding of cyber risks.
Improves communication between IT and business leaders.
Contributes to a more holistic approach to cybersecurity.

Factors Driving the Increase:

Increased cyber threats: The frequency and sophistication of cyber attacks have highlighted the importance of strong cybersecurity leadership.
Regulatory compliance: Regulations such as GDPR and CCPA have increased the accountability of boards for data breaches.
Digital transformation: The adoption of cloud computing, IoT, and AI is creating new cybersecurity challenges and opportunities.
IT complexity: IT infrastructure is becoming increasingly complex, requiring specialized expertise to manage cybersecurity risks.

Conclusion:

The growing presence of CISOs on corporate boards reflects the critical role they play in safeguarding businesses in the digital age. By providing a direct link to board-level decision-making, CISOs can ensure that cybersecurity is a top priority and that businesses are well-prepared to address emerging threats.

ICO launches major review of cookies on UK websites

Published: Thu, 23 Jan 2025 09:13:00 GMT

ICO Launches Major Review of Cookies on UK Websites

The Information Commissioner’s Office (ICO), the UK’s independent data protection authority, has announced a major review of the use of cookies on UK websites.

Background:

Cookies are small text files that are stored on users’ devices when they visit websites.
They can track users’ online activity and preferences, enabling website owners to personalize content, improve user experience, and target advertising.
However, concerns have been raised about the privacy implications of cookies and the potential for misuse.

Aims of the Review:

The ICO’s review aims to:
- Assess the current state of cookie use in the UK.
- Identify any potential risks or harms to users’ privacy.
- Consider the effectiveness of existing laws and regulations.
- Explore new approaches to cookie management that balance privacy and legitimate business needs.

Scope of the Review:

The review will cover all UK websites that use cookies.
It will focus on the following areas:
- Types of cookies used and their purposes.
- User awareness and consent mechanisms.
- Data protection compliance measures.

Consultation and Stakeholder Involvement:

The ICO will engage with a wide range of stakeholders, including:
- Website owners and operators.
- Data protection experts.
- Consumer representatives.
- Academic researchers.
The consultation will run until April 2023, and the ICO will publish its findings and recommendations in a report later in the year.

Potential Outcomes:

The review could result in changes to the legal framework or regulatory guidance on cookie use.
It could also lead to the development of new technical solutions or industry best practices.
Ultimately, the ICO aims to enhance user privacy while ensuring that businesses can use cookies in a fair and transparent manner.

Next Steps:

Website owners are encouraged to review their cookie policies and practices in light of the ICO’s review.
Users are advised to adjust their browser settings to control their cookie preferences and protect their online privacy.
The ICO will update the public regularly on the progress of the review.