data leak | Business Upturn

Chinese hacking group data leak exposes global targets

Eesha Chakraborty — Fri, 23 Feb 2024 17:24:08 +0000

A massive leak of data from a state-linked hacking group in China has sent shockwaves through the cybersecurity world, offering an unprecedented glimpse into the secretive and expansive operations of the nation’s cyber espionage apparatus. The leaked files, attributed to a Shanghai-based group known as iSoon, paint a concerning picture of China’s aggressive tactics, targeting governments, companies, and individuals across the globe with a relentless pursuit of sensitive information.

The data dump, consisting of over 570 files encompassing contracts, target lists, and internal chat logs, landed on GitHub last week, sparking immediate scrutiny from cybersecurity experts worldwide. While the source of the leak remains shrouded in mystery, the authenticity of the files has been largely confirmed, raising serious questions about China’s cyber activities and their implications for international security.

The documents reveal a complex web of state-sanctioned hacking, with Chinese intelligence agencies, military, and police outsourcing their cyber operations to private contractors like iSoon. This practice, known as “offensive security,” allows the government to maintain plausible deniability while conducting aggressive cyber campaigns against foreign adversaries and domestic targets deemed threats to national security.

The leaked information exposes a vast network of targets spanning across 20 countries, including India, Taiwan, South Korea, and even close allies like Cambodia and Pakistan. The hackers sought a diverse range of data, from sensitive government road maps in Taiwan to immigration records in India and call logs from South Korean telecom giants. This insatiable appetite for intelligence highlights the strategic objectives of China’s cyber operations, which appear to go beyond mere espionage and delve into the realms of economic warfare and potential military preparedness.

Beyond the geopolitical implications, the leak also sheds light on the internal workings of China’s hacking industry. The data reveals complaints from disgruntled iSoon employees regarding low wages and demanding workloads, hinting at a culture of exploitation and pressure within the group. This glimpse into the human cost of cyber warfare adds another layer of complexity to the narrative, raising ethical questions about the individuals who are often instrumentalized in these clandestine operations.

The timing of this leak coincides with the ongoing legal battle surrounding Julian Assange, the founder of WikiLeaks, who faces extradition to the United States for his role in publishing classified information. This case has reignited debates about freedom of speech, press freedom, and the role of whistleblowers in exposing government wrongdoings. While the motivations behind the iSoon leak remain unclear, it undoubtedly raises similar questions about the ethical implications of exposing classified information, even when it pertains to potentially illegal or harmful state activities.

In conclusion, the leak of data from iSoon represents a significant development in the ongoing saga of international cyber espionage. It exposes the vast scale and sophistication of China’s hacking operations, raising concerns about the potential for cyber conflict and the erosion of trust between nations.

Leaked documents expose China’s cyber espionage network

Eesha Chakraborty — Fri, 23 Feb 2024 16:44:29 +0000

The revelation of a massive data leak from I-Soon, a Chinese tech security firm deeply intertwined with the country’s government agencies. This unprecedented breach offered a startling glimpse into the inner workings of China’s cyber espionage apparatus, raising serious concerns about global security and the extent of state-sponsored hacking activities.

The leaked data, encompassing contracts, marketing materials, product manuals, and personnel lists, painted a disturbing picture of I-Soon’s involvement in a wide range of activities. From large-scale surveillance of overseas dissidents to targeted hacking campaigns against foreign nations, the documents laid bare the methods employed by Chinese authorities to exert influence and gather intelligence.

One particularly concerning aspect of the leak was the revelation of I-Soon’s role in hacking networks across Central and Southeast Asia, as well as Hong Kong and Taiwan. The leaked documents detailed sophisticated tools used to unmask users on social media platforms, infiltrate email accounts, and mask the online activities of Chinese agents operating abroad. This ability to operate with near impunity highlights the sophistication and reach of China’s cyber capabilities.

Furthermore, the leak shed light on the competitive landscape of state-sponsored hacking. Documents revealed how government targeting requirements fueled a marketplace of independent contractor hackers-for-hire, with I-Soon acting as a key player in this ecosystem. This revelation underscores the potential for such activities to become increasingly decentralized and difficult to track, posing a significant challenge for international efforts to combat cybercrime.

The impact of this leak is multifaceted. On one hand, it has severely damaged I-Soon’s reputation, exposing the company’s close ties to the Chinese government and raising ethical questions about its activities. On another hand, it has provided invaluable insights for the cybersecurity community, offering a rare opportunity to understand the inner workings of a state-affiliated hacking contractor. This knowledge can be used to improve attribution efforts, develop more effective defence strategies, and raise awareness of the evolving threat landscape.

The source of the leak remains unknown. Regardless of its origin, the leak has sparked a global conversation about the ethical implications of state-sponsored hacking and the need for international cooperation to address this growing threat. While the investigation into the leak’s authenticity continues, its credibility has been widely acknowledged by cybersecurity experts, further amplifying its significance.

Here’s why there still may be a data breach risk for more than 2 million Toyota owners

Avinash Ram — Fri, 12 May 2023 16:28:34 +0000

Toyota has disclosed that owing to human mistake, the data of 2.15 million Japanese users who registered for its cloud service platforms since 2012 was made available to the public for ten years. Almost all of the consumer base is included in this, according to a Reuters report.

A Toyota representative claimed that a mistake made by a person resulted in an issue that persisted from November 2013 to mid-April. They unintentionally changed a cloud system from private to public, potentially disclosing information such as the whereabouts of automobiles and their licence plates. The business asserts that it has no proof that this information was misused inadvertently.

Customers of Toyota, particularly those of its upscale Lexus brand, have been compromised. The biggest automaker in the world is now concentrating on cloud-based data management and vehicle connectivity, which are necessary for providing autonomous driving and other AI-powered capabilities.

Customers who subscribed to the T-Connect service, which provides a range of services including AI voice-enabled driving assistance, automatic connection to call centres for vehicle management, and emergency support for situations like traffic accidents or sudden illness, were impacted. Additionally, G-Link subscribers who own Lexus vehicles were also impacted.

Toyota claimed that after the problem was identified, it prevented outside access to the data. Additionally, an investigation is being conducted into every cloud environment that the corporation manages.

The representative claimed that there were not enough “active detection mechanisms, and activities to detect the presence or absence of things that became public.” Toyota stated that it intends to put in place a system for checking cloud settings, create continuing monitoring protocols, and offer thorough employee training on data handling policies.

A representative of the Personal Information Protection Commission of Japan has stated that they were made aware of the event.

Koji Sato, the CEO of Toyota, is dealing with issues like testing issues with an affiliate and a shareholder demand for more transparency on lobbying efforts relating to climate change.

Meta and Tiktok acquire user data through web forms without their consent: Report

Aryan Jakhar — Tue, 17 May 2022 09:40:08 +0000

Researchers discovered that when a user clicks any button or link after filling out a form, user data may be leaked to Meta.

According to a study, Meta Platforms and TikTok capture hashed personal information from web forms even when the user does not submit the form or grant authorization.

According to researchers from KU Leuven, Radboud University, and the University of Lausanne, both Meta Pixel and TikTok Pixel offer a feature called Automatic Advanced Matching (AAM) that captures hashed personal IDs from web forms in an automated manner.

Pixels are a type of code that allows platforms to track visitor behaviour. This data can be used to serve adverts to consumers based on their interests, preferences, and online behaviour. It can also track the effectiveness of advertisements.

The hashed personal identifiers are then used to target adverts on the platforms in question, track conversions, and develop new custom audiences.

Meta and Tiktok acquire user data

According to Meta’s and TikTok’s instructions, AAM should collect data when a user submits a form.

Researchers discovered that when a user clicks links. Or buttons that don’t look like submit buttons, both platforms capture hashed personal data.

The scripts in Meta and TikTok don’t even try to recognise submit buttons. According to the researchers. These sites capture hashed personal information. Even when a user abandons a form and clicks a button or link to go away from the website.

The researchers also looked at 1 lakh websites to see. Whether there were any data leaks caused by unrelated button or link hits.

They discovered that when a user clicks any button or link. After filling out a form, 8,438 US and 7,379 EU sites may leak user data to Meta. They also discovered 154 US and 147 EU websites that were leaking user data to TikTok.

According to the researchers. Users’ email addresses are transmitted to tracking, marketing, and analytics domains. Before submitting forms and giving consent.

Data of around 92% of LinkedIn users exposed

Diya S. — Wed, 30 Jun 2021 15:14:38 +0000

Employment-oriented online service LinkedIn has experienced a massive data expose for the second time in the year 2021. Reportedly, data of over 700 million users has been put up for an online sale by a hacker. As the social networking site has around 756 million users, data of 92 per cent of such users has been exposed.

According to Privacy Sharks, the data consists of the personal details of LinkedIn users like phone numbers, physical addresses, geolocation data along with inferred salaries. On 22nd June, the hacker had uploaded a sample of data of a million users on a hacker forum.

LinkedIn has acknowledged that as a matter of fact, the breach was an “accumulation of data obtained from numerous sources, including some data scraped from LinkedIn.”

It responded saying that LinkedIn’s teams have investigated a set of alleged LinkedIn data that were posted on sale while assuring that there was no data breach and no data of private LinkedIn member had been exposed.

Linkedln further added, “Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.” It continued with signifying how LinkedIn members trust the site with their data and therefore, any misuse of their data like scraping violates the terms of service of LinkedIn.

The online service assured, “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”

Cambridge Analytica booked by CBI for Facebook data theft

Sanah Shah — Fri, 22 Jan 2021 08:18:42 +0000

The CBI has filed a case against Cambridge Analytica and Global Science Research Ltd based in the UK. The cause is illegally harvesting data of Facebook users in India for commercial purposes, according to officials.

After an initial inquiry, it was discovered that Global Science Research had designed an app called, “thisisyourdigitallife” which was permitted by Facebook to collect specific datasets of its users for research and academic purposes in 2014, Moneycontrol reported.

The company set foot into a criminal conspiracy with Cambridge Analytica, allowing it to utilize the data gathered for commercial purposes, said the officials.

Facebook had collected certificates from the companies in 2016-2017 that the data harvested using “thisisyourdigitallife” was attributed and destroyed. Although the CBI did not find any proof of destruction of data, according to the officials.

Citing the FIR, an official said, “The enquiry prima facie established that Global Science Research Ltd, UK dishonestly and fraudulently accessed data of app users of “thisisyourdigitallife” and their Facebook friends.”

The government commanded to have a CBI probe in the issue after US tech giant company, Facebook admitted that 5.62 lakh people in India were “potentially affected” by the global data breach by CA and contended that the consulting firm did not have its consent in hijacking the data.

The data breach is being investigated by the CBI after the government’s order. They received a reference from the ministry of information and technology.

Cognizant Data Leak: Credit card information, personal data of some employees leaked

Anushka Sharma — Mon, 22 Jun 2020 17:14:20 +0000

Due to ransomware attack, corporate credit card information, personal data of major IT company Cognizant employees leaked. This attack was from Maze ransomware.

Cognizant in a mail to employees said, “A limited amount of personal data (of associates) was compromised before the attack was contained on May 1. Vast majority of the information consisted of names and account numbers (and no other personal information) from some American Express cards.”

The IT major is expected to face loss of $50-$70 million in its revenue of the current quarter. The company told all its employees with corporate credit cards will be given access to credit card monitoring, dark web monitoring and restoration services for free. There are a few employees whose personal data has been compromised as well.

Becky Schmitt, chief public officer at Cognizant sent an email to the employees stating, “Out of an abundance of caution, we are giving notice to all associates who have an active corporate credit card.”

“The small number of associates who have had other kinds of personal information exposed will be notified directly by June 24, 2020, and will also receive complimentary identify theft protection,” the company reportedly said.

In this ransomware attack information like tax IDs, social security numbers, passport data, driver’s licence information, etc has been compromised.

Cyber leak: More than 1 lakh national IDs including PAN , Passport and Aadhar data for sale on dark net, reported by Cyble

Anushka Sharma — Wed, 03 Jun 2020 18:31:00 +0000

Cyble: More than 1 lakh national IDs including PAN, Passport and Aadhar for sale on the dark net
According to a cyber intelligence firm, Cyble more than 1 lakh scanned copies of national IDs like PAN card, Aadhar card and Passport have been put up for sale. This data is leaked not leaked from the government systems. It has been leaked from third party systems where people have to comply with Know Your Customers (KYC) norms.

Today Cyble said, “We came across a non-reputed actor who is currently selling over 1 lakh Indian National IDs on the darknet. With such a low reputation, ideally, we would have skipped this; however, the samples shared by the actor intrigued our interest — and also the volume. The actor is alleged to have access to over 1 lakh IDs from different places in India.”

Online data leak results in identity theft, scams and corporate espionage. This will result in numerous fraudulent activities. Cyble researchers got around 1,000 IDs from the seller and confirmed that all those IDs belonged to Indians.

“Preliminary analysis suggests that the data originated from a third party, and no indication or artefact is indicating that it came from a government system. At this point, Cyble researchers are still investigating this further — we are hoping to share an update soon,” Cyble said.

“Cyble researchers have also learned about a surge in KYC and banking scams — leaks such as this are often used by scammers to target individuals, especially elderlies,” Cyble added.

The intelligence firm has suggested people to avoid sharing personal and financial information over phones, emails and SMS. It also recommended that people should regularly monitor their financial transactions and report any kind of suspicion to the bank. In previous reports, Cyble has reported incidents where the personal data of 7.65 crore Indians have been put up for sale on the dark web.