InfoSec Round-Up: September 20th 2020

Leaking Databases, Social Media Oversharing & NCSC Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are discussing the NCSC’s warning, exposed and leaky databases and the hacker who stolen Tony Abbott’s passport details.   

Possible Chinese Intelligence Database Discovered

A database containing the personal information belonging to a variety of politicians, diplomats and academics, including Boris Johnson and members of the royal family, has been discovered by security researchers, who describe the breadth of the data as “staggering”.

The database, which is believed to belong to Chinese company Zhenhua Data, contains information relating to around 2.4 million significant non-domestic individuals; around 10% to 20% of which comes from unknown sources.

Referred to as the ‘Overseas Key Information Database’, the cache is believed to be for the purpose of “information warfare”, with Zhenhau Data publicly acknowledging its work with military and intelligence agencies, though denying the databases purported significance.

In a blog post, security researcher Chris Balding stated, “the information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.

It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.”

370 Million Dating Site Records Exposed

Due to a misconfiguration, users of around 70 dating and e-commerce sites have had their personal information exposed online.

Initially discovered by an ethical hacker, around 882GB of data were found, including full names, ages, dates of birth and email addresses belonging to hundreds of thousands of individuals.

The unsecured and unencrypted Elasticsearch database is managed by email marketing company Mailfire, the creators of a software common to the affected services.

When notified of the issue, the servers were secured by Mailfire within hours, though upon inspection, researchers at vpnMentor have suggested that many of the accounts relating to dating sites are less than genuine.

“We found throughout several websites that disingenuous accounts were a huge issue. Many profile photos used were registered on scam databases or reused across accounts. Some were simply photos of celebrities found online.”

As with all leaks, the exposure of personal information can increase the chances of users being targeted for information security attacks, with extortion being of particular concern when it comes to highly personal data.

Ex-Aussie PM’s Details Stolen

Former Australian Prime Minister Tony Abbott has had his personal information pinched by a hacker, following him posting a picture of a boarding pass on social media.

Having shared the picture back in March of 2020, Mr Abbott’s details were obtained by hacker, Alex Hope, after having used the unobscured reference number to log into the national airline carrier’s website (Quantus) and inspected unsecure HTML.

In possession of the former Prime Minister’s passport number and phone number, the helpful hacker did his best to inform the Australian government about what he had done, as well as contacting the operators of the website to fix the issue.

Once the issues had been amended, the ex-PM, wishing to better understand how his details were stolen, spoke to Alex Hope and according to the hacker’s blog humorously stated of his IT skills:

“You could drop me in the bush and I’d feel perfectly confident navigating my way out, looking at the sun and direction of rivers and figuring out where to go, but this!”

NCSC Warns UK Universities

The UK’s National Cyber Security Centre has issued a warning to universities and colleges following a rising number of cyber-attacks, in particular ransomware attacks, that could threaten to disrupt the beginning of the new academic year.

With both the recent Newcastle University ransomware attack, as well as the Blackbaud hack earlier this year, it has been reported that UK universities face up to a thousand attacks per year.

As the coronavirus continues to challenge a return to normality for institutions, the agency warned that following a spate of attacks, such security issues have the potential to “de-rail their preparations for the new term”

Read More: Newcastle University Held to Ransom

Paul Chichester, Director of Operations at the NCSC, said on the matter: “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.

We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.