Researchers in Singapore have demonstrated how hackers can use a smartphone mounted on a drone to steal data intended for wireless printers. The technology detects an insecure printer and intercepts documents by establishing a fake access point that mimics the printer, tricking the computer into sending potentially sensitive data straight to the hacker’s device. Thankfully, this research springs from benevolent motivations and the ‘Cybersecurity Patrol’ app that has been produced is a cost-effective way to scan office spaces and alert corporations to any insecure printers. However, it’s a good reminder for companies to address a vulnerability that’s frequently overlooked. Watch a video exhibiting both the malicious and beneficial uses of this technology here.
Speaking of hackers, Russian hacker Dimitry Belorossov has been sentenced to four and a half years in prison for distributing and operating part of the infamous ‘Citadel’ botnet. Also known as ‘Rainerfox’, Belorossov used the banking Trojan to infect and remotely control more than 7,000 computers of unsuspecting individuals and financial institutions. The US Department of Justice estimates that Citadel reached over 11 million computers worldwide and resulted in more than US$500 million in losses. The 22 year old was sentenced this week after being arrested in Spain in 2013 and pleading guilty to conspiracy to commit computer fraud last year.
In Washington DC, Ari Schwartz this week stepped down as Senior Director for Cybersecurity on the National Security Council. Schwartz joined the White House in 2013 as Director for Cybersecurity Privacy, Civil Liberties and Policy, has been a vocal advocate of information sharing and became a trusted advisor to the Obama administration. The administration has a successor in mind so watch this space for an announcement.
A ruling from the European Court of Justice is pending on the future of ‘Safe Harbour’, an agreement that enables the transfer of customer data from the EU to the US. Since 2000, Safe Harbour has allowed US companies to self-certify that they fulfil EU data security standards and today is used by some of the world’s biggest technology groups including Facebook and Amazon. Concerns over the US’ laissez-faire approach to privacy, exemplified by recent NSA whistle-blower Edward Snowden, have elevated the sustainability of this agreement to the highest court in the EU. The ruling could give national data protection authorities the power to challenge data transfers or even void the agreement altogether. Those outcomes would have massive implications for international technology companies, and some fear it may contribute to the widening cyber policy gap across the Atlantic.
The personal details of roughly 15 million T-Mobile customers have been compromised in a massive data breach this week. Names, addresses, birthdates, encrypted social security numbers, drivers’ license and passport numbers have been stolen from Experian, a vendor T-Mobile uses to process its customer credit applications. Fortunately the compromised data contained no credit card or banking information, however the details could be used to commit identity theft. CEO John Legere has said he will undertake a ‘thorough review’ of T-Mobile’s relationship with Experian and is offering affected customers two years of free credit monitoring.
Ironically for T-Mobile, the first week of October marked the beginning of America’s National Cybersecurity Awareness Month. President Obama designated the tenth month of every year as a time to ‘engage and educate public and private sector partners’ of the importance of cybersecurity. Sponsored by the Department of Homeland Security, this month-long awareness campaign promotes cybersecurity as a ‘shared responsibility’. Stay tuned for related events, speeches and weekly themes.