Carphone Warehouse victim of data breach

News broke just a few short hours ago that mobile phone giant, Carphone Warehouse, has been victim of a data breach where hackers gained access to the bank details of 2.4 million customers. Customers with accounts at, and may also be affected.

Commenting on this, Mike Spykerman, VP at OPSWAT, said: 

“The reality is that data breaches are no longer a question of if, but when. At least some of the information at Carphone Warehouse was encrypted, but still a lot of personal data was not. Data breaches often start with a spear phishing attack that evades detection from regular spam filters and single anti-virus engines. By using multiple anti-virus engines, the possibility that a spear phishing attack is detected is considerably higher. To avoid cyber attacks being successful, companies should prepare their defences by deploying several cyber security layers including device monitoring and management, scanning with multiple anti-malware engines, and advanced threat protection.”

Mark Bower, Global Director at HP Security Voltage further stated that:

“It’s a clear signal that contemporary data encryption and tokenization for all sensitive fields, not disk or column level encryption for credit cards, is necessary to thwart advanced attacks that scrape sensitive data from memory, data is use, as well as storage and transmission. Disk encryption protects data at rest, but it’s an all or nothing approach that leaves exploitable gaps: applications needing data have to decrypt it every time. Yet advanced attacks steal data in use and in motion. Another problem is that, while firms may focus on credit card data to meet basic PCI compliance, attackers will steal any sensitive data like account data, contact information and so on as they can repurpose it for theft. There are effective defences to this. Today’s new-breed of encryption and tokenization techniques can render data itself useless to attackers, yet functional to business needs. This technology, such as Format-Preserving Encryption, is proven in leading banks, retailers and payment processors who are constantly bombarded and probed by attackers. By securing customer and card data from capture over the data’s journey through stores, branches, databases and analytic systems, businesses can avoid unnecessary decryption required by older generation disk or database encryption techniques. Data can stay protected in use, at rest, and in motion, and stays secure even if stolen. Modern vetted and peer reviewed data encryption is infeasible to break on any realistic basis. Its a win-win for business, as it can be retrofitted to existing systems without complications and business change. Attackers who steal useless data they can’t monetize quickly move on to other targets.”



How can cloud data accelerate forensic investigations?

Shahaf Rozanski, Director of Forensic Products at Cellebrite

Cloud data represents a virtual goldmine of potential evidence for forensic investigators. Together with mobile device data, cloud data sources often present critical connections investigators need to solve crimes. However, there are a number of challenges that investigators face when it comes to data retrieval from the cloud.

The overarching challenge is private data in the cloud. Private data in the cloud, as the term suggests, is private user data (i.e. data that the user has actively chosen to refrain from sharing publically) and there is, for good reason, a significant amount of ‘red tape’ that surrounds private user data. But what happens when the user in question is suspected of committing a crime?

To add to this, more and more data is being stored in the cloud as many companies, and indeed individuals, look to virtual methods of data storage, with enhanced flexibility and ease of access. This also correlates with the amount of users now on social media and with 38 million social media users in the UK – a staggering 59 per cent of the population – it is evident that during a criminal case, investigators simply cannot afford to neglect social data that is inevitably stored in the cloud.

Out of the 38 million UK social media users, 30 million of them (79 per cent) are using social media on their mobiles, which further highlights the importance of mobile phones in the retrieval of crucial evidence in criminal investigations.

Investigators need to be able to access this data when it is of paramount importance to a criminal investigation. The problem is that investigators may need to go to the service provider if they don’t have the permissions or capabilities to access the username and password to request this data, which can take time.

If you’re an investigative force requesting private data in the cloud from a company located in the same country as the investigation is taking place then it can take a few weeks to a few months to obtain this data. However, if you’re requesting the data from another country, bearing in mind the investigation is taking place in Europe, when most of the world’s major service providers are based in the US, then it can take up to a year to retrieve the data.

The time that it takes to request data relevant to a particular criminal case is a challenge in the sense that the actual timeline of an investigation is extremely important to the outcome of the case. The retrieval of evidence needs to be executed in the shortest possible time to ensure that nothing is missed in the evidence gathering process, and to ensure that the investigative team doesn’t run out of time when retrieving evidence.

There is also an issue with the records production rate of the cloud service providers due to the limited resources that these companies have to handle the large number of requests from law enforcement. In the UK, during the first half of 2014, Facebook and Google’s response rate was 70 per cent, while Twitter’s response rate was only at 40 per cent.

Another challenge is that of forensic data preservation. It is of vital importance that the case team retrieves and handles all private data sources with the upmost care and consideration. In the case of extracting evidential data from the cloud, investigators should feel confident that the information that was extracted from the cloud service provider is authentic, traceable and thus defensible in court.

However, the problem of accessing private cloud data in a timely manner for criminal investigations can be rectified with the use of mobile forensic technology. When a mobile phone is seized in criminal investigations, law enforcement can use technology such as the UFED Cloud Analyser, to access private-user cloud data by utilising login details that have been extracted from the mobile device of the suspect or victim. This private-user cloud data is extracted under the appropriate legal authority, be it a search warrant, written consent, or other authority as defined by legal counsel in the relevant jurisdiction.

The investigative process when using such technology to retrieve private-user cloud data involves a five step process:

1.     Seize the mobile device and begin a forensic extraction of data

2.     Decode cloud services login information from the extracted forensic copy of the device

3.     Forensically preserve private user data using login information from the mobile device or manually provided credentials

4.     Analyse and report data from different cloud data sources in a unified format

5.     Deliver data to additional relevant law enforcement and justice officials

The analysis and reporting of retrieved data in a unified format is a very significant step in this process. The data that is retrieved has to be understood by a range of investigators and legal personnel, many of who may not be well-versed in mobile forensic data retrieval.

This data may also have to be presented in a courtroom, where a jury might be present that will have to understand and digest the data that is being put in front of them. Again, the data must be in a format that can be understood easily so that people with little or no understanding of mobile data forensics can easily make a decision based on the evidential data that has been displayed to them.

The importance of cloud data in so many areas of everyday life means that law enforcement agencies simply must consider the pool of evidence that is stored in the cloud during criminal investigations. A failure to contemplate this data could easily result in missed opportunities to convict, and during live investigations the consequences could be far worse.

The ever-increasing use of mobile phones to conduct criminal activity in correlation with the vast numbers of social media users worldwide, is a clear indication that criminal investigators must be equipped with the latest technology to timely retrieve cloud data and react to all types of criminal; who use and abuse different channels to exercise their criminal activity.



Last month in DDoS attacks – Protest and Activism

On the evening of July 26th, New York Magazine published what some may believe to be a controversial article regarding the alleged sexual assault victims of Bill Cosby. This particular piece included interviews from 35 women who have stepped forward with their allegations against the actor.  A few hours after the article was published online, DDoS attacks rendered the publication’s website unavailable for about a 12 hour time period. 

New York Magazine resorted to social media outlets to share the story in wake of their website inaccessibility.  The magazine is guessing to have lost about 500,000 unique visitors to their site due to the take down.

For those familiar with the world of digital media this is a major blow to traffic, clicks and ultimately online advertiser revenues. 

Also this last month we’ve seen reports that has also fallen victim to a DDoS attack, stemming from controversial videos published by anti-abortion hactivists. Today, visitors to are met with a static page with a message that reads: “our site is not available to due a hack by extremists.” Visitors looking for additional information and resources are directed to visit other Planned Parenthood web properties, including their official facebook page as an alternative. 

DDoS attacks are in no way a ‘new’ cyber threat that organizations should be wary of. In fact DDoS has been utilized as an attack tool for a decade or more for a wide range of motivations.  Ramifications of the damage are just as wide ranging as the attacks themselves: 

Revenue loss – Downtime affects the bottom line, directly and indirectly, and in principle, all types of damage could be rolled into this one. Effects vary widely across industries, and among firms within industries. 

Operational/Productivity loss – Network problems impact IT staff directly, and may impact some or all of the non-IT divisions. During full outages, workforce productivity comes to a halt. Troubleshooting, mitigation, and disaster recovery procedures are notoriously resource-intensive.  

Reputation damage – Your brand suffers if customers and business partners cannot access your site, become casualties of a breach, or simply experience diminished function or performance when interacting with your digital properties or online tools and assets. 



Russia allegedly launches “sophisticated” attack against the Pentagon

NBC broke the news last night that Russia launched a “sophisticated cyberattack” against the Pentagon’s Joint Staff unclassified email system, which has been shut down and taken offline for nearly two weeks.

Andy Heather, VP EMEA at HP Security Voltage, commented:
“Cyber attacks are a real and present danger, whatever the source. The sophistication in advanced malware renders traditional security virtually impotent.
Current, traditional security technologies are ineffective, and both businesses and government agencies have to do more to protect sensitive information.These traditional technologies, including access and authorisation, AV and endpoint protection technologies, are not enough to protect information across its entire life-cycle, from the moment it’s created to the moment is consumed and deleted.  These current technologies are not providing the necessary means to actually protect data as the data moves throughout and across an organisation.
The only way that companies and government agencies can ensure that any sensitive data is comprehensively protected, is through a data-centric security program. This protects the actual data levels, rather than these traditional security technologies which focus on protecting the perimeter, which has long since failed to exist.
Organisations should be using data encryption as a means to protect their information.  Encryption should be used as a key mechanism within a data-centric approach, but encryption needs to be applied at the data level itself – not only on the database, or disk level, which are again simply point solutions.
Public and private sector organisations are leveraging cloud-based services, mobility and big data initiatives to manage, move and analyse sensitive data like never before.  Protecting the data itself through a data-centric strategy is the only way that these organisations can leverage these initiatives in a secure and protected way. 
The ongoing use of only traditional security technologies will simply lead to more data breaches, especially as cyber attacks increase in volume and malware sophistication A data-centric approach including encryption and, tokenization, is the only way for any organisation to secure the data from these continued attacks.”



The number of pirated assets is set to rise by 22%

New research on the ecosystem for pirated software and digital assets has been conducted by Arxan and iThreat Cyber Group (ICG). The report reveals that illegal reproduction and distribution of copyrighted material on the Web is booming as a result of security breaches in both mobile and desktop software applications.

Arxan and ICG analyzed data collected over the past three years that examined the distribution of unauthorized digital assets on the Dark Web and indexed sites that are focused on distributing pirated releases. Thousands of sites were analyzed, including over 50 in the sole business of distributing pirate releases. The report focuses on the areas of software, gaming and digital media. The analysis revealed:

6M releases were pirated in 2014.
The extent of digital media piracy is far more extensive than commonly perceived.
-In 2013 and 2014, on average nearly 1 million pirated releases were found.
– In 2015, Videos (TV, Movies, etc., excluding Adult Content) accounted for about 50 percent, and Adult content accounted for roughly 25 percent of releases found.
The cost or un-monetized value of copyright infringing releases in 2014 is estimated to be more than $800 billion.
Piracy of software and digital assets is on the rise.
96M pirated assets are expected by the end of 2015 – an increase of 22 percent over the last three years.
If distribution of pirated games continues at the current rate, over 31,000 unauthorized releases will be active in 2015 – double the number of pirated releases just three years ago. Malware linked to pirated software is an enormous cost to both businesses and consumers. Enterprises will spend $491 billion, due to malware associated with pirated software.

“The findings in Arxan’s State of Application Security prove that piracy is one of the greatest threats to intellectual property and creative content, highlighting the enabling role pirated releases play in spreading extremely harmful malware across a range of industries – where the challenges of defending against it – are complex, but not insurmountable,” said Patrick Kehoe, Chief Marketing Officer of Arxan.

The report found that piracy is on the rise due to poorly protected applications and a rapidly evolving distribution system for pirated releases. Few applications, for example, are deployed with protected binary code. An adversary can directly access unprotected application binary code, analyze and reverse-engineer it back to source-code. With the revealed source-code, pirates are able to copy and/or maliciously modify and then redistribute software quite easily. MetaIntelli’s June 2015 analysis of 96,000 Android apps from the Google Play store found that less than 10% of them had protected binary code.

Hackers are gaining access to digital media using a number of techniques outlined in the report. Most are stealing cryptographic keys that govern access to digital media and using these keys to decrypt encrypted digital media files, and illegally distribute them.

Hundreds of millions of Internet users worldwide are accessing pirate distribution sites. Many of these sites survive based on Ad revenue (i.e., advertisers are paying to promote their products and services on these sites), while others charge users a fee or request donations from their users. The largest content theft sites generated more than $200 million in advertising-driven revenues in 2014.

“The threat posed by piracy cannot be limited to its effects on one company, one industry or one country. The sheer number of cases in the US and abroad, dictates software, digital media and mobile gaming industries become savvier with regards to techniques for combatting pirated releases across national boundaries,” said Jeff Bedser, CEO of iThreat Cyber Group. “The best thing content owners can do is continually monitor the marketplace and equip themselves with intelligence tools and leverage data and application protection techniques to fight piracy head on.”

To view the info graphic and access the full report, visit: