Connect with us

Cyber Security

Arron Banks’ private messages leaked by hacker

Published

on

Image copyright PA

The Twitter account of Arron Banks, the founder of the pro-Brexit campaign Leave.EU, has been hacked.

The perpetrator has leaked thousands of his private messages to and from dozens of other people spanning several years.

In a statement, Mr Banks accused Twitter of taking too long to tackle the issue and said the social network had “deliberately chosen” to leave his personal information online.

Twitter said it had “taken steps to secure the compromised account”.

“We will continue to take firm enforcement action in line with our policy which strictly prohibits the distribution on our service of materials obtained through hacking,” Twitter said in a statement.

 

It is not known who carried out the attack.

The data was made available by the hackers in the form of a link to a download. The original file is no longer online.

One expert said the hacker, if caught, could be prosecuted under the Computer Misuse Act, and that others who made use of the material would be walking into a legal minefield.

“Even if Arron Banks was using Twitter in a private capacity rather than as Leave.EU, the data was misappropriated from Twitter and that likely engages the Data Protection Act,” commented Tim Turner, a data protection consultant.

“There are public interest defences for using unlawfully obtained data, but that requires a journalist or other person to gamble that they can successfully argue that the public interest supports whatever use they make of it.

“You cannot know for certain that the public interest will back up any particular course of action; a person would have to act first, and see what follows.”

Avon and Somerset Police has confirmed that it is investigating the matter.

“We’re investigating whether any offences have been committed under the Computer Misuse Act after we received a report a Twitter account was compromised,” said a spokesman.

In February 2019, Leave.EU and an insurance company owned by Mr Banks were fined £120,000 by the Information Commissioner’s Office for breaching data protection laws.

“Arron Banks has shown extraordinary contempt for the ICO and British data laws and so this is a moment for him to reflect on the need for those laws and a regulator to enforce them,” said the journalist Carole Cadwalladr.

Ms Cadwalladr and Mr Banks have had many battles over her investigations into his affairs.

She said in a tweet that she had been sent some direct messages, said to be from the hacked account.

They were “pretty explosive” she tweeted.

Ms Cadwalladr told the BBC she had not downloaded any data.

Mr Banks’ Twitter account was suspended following the breach but is now working again.

Related Topics

Read more: https://www.bbc.co.uk/news/technology-50474626

Cyber Security

Detectify raises additional 21M for its ethical hacker network

Published

on

By

Detectify, the Sweden-born cybersecurity startup that offers a website vulnerability scanner powered by the crowd, has raised €21 million in further funding.

Leading the round is London-based VC firm Balderton Capital, with participation from existing investors Paua Ventures, Inventure and Insight Partners.

Detectify says the new funding will be used to continue to hire “world-class” talent to further accelerate the company’s growth and deliver on its mission to reduce internet security vulnerabilities.

Founded in late 2013 by a self-described group of “elite hackers” from Sweden, the company offers a website security tool that uses automation to scan websites for vulnerabilities to help customers (i.e. developers) stay on top of security. The more unique part of the service, however, is that it is in part maintained — or, rather, kept up to date — via the crowd in the form of Detectify’s “ethical hacker network.”

As we explained when the startup raised its €5 million Series A round, this sees top-ranked security researchers submit vulnerabilities that are then built into the Detectify scanner and used in customers’ security tests. The clever part is that researchers get paid every time their submitted module identifies a vulnerability on a customer’s website. In other words, incentives are kept aligned, giving Detectify a potential advantage and greater scale compared to similar website security automation tools.

Detectify co-founder and CEO Rickard Carlsson tells me the company has made a lot of progress in the past 12 months, including building out the crowdsourcing part of its proposition in order to grow the number of known vulnerabilities.

“Modules from crowdsourcing hackers have now generated 110,000 plus vulnerabilities in our customer base,” he says. “And the community is about 2.5 times as large now”.

In the last year, Detectify has also expanded its client base in the U.S, and says it now counts leading software companies such as Trello, Spotify and King as customers.

The young startup seems to be scoring well on the gender diversity front, too. It says that almost half (45%) of its 83 employees are female, including 50% at C-level. In addition, there are close to 30 nationalities across Detectify’s Stockholm and Boston offices.

Adds James Wise, partner at Balderton Capital, in a statement: “Detectify brings together the power of human ingenuity, the immense scalability of software, and a strong culture of transparency and integrity to provide world-class security to everyone. This is a fundamentally new approach to protecting businesses from new cyber security threats, and alongside our other cyber security investments, including Darktrace, Recorded Future & Tessian, we see Detectify as part of a new wave of solutions to make the web safer for everyone.”

Read more: https://techcrunch.com/2019/11/25/detectify-raises-additional-21m/

Continue Reading

Cyber Security News

‘Cyber-attack’ on Labour digital platforms

Published

on

By

Media playback is unsupported on your device
 
Media captionJeremy Corbyn: “A cyber attack against a political party in an election is suspicious”

The Labour Party says it has successfully defeated a cyber-attack targeted at its digital platforms.

Labour said the attack “failed” because of the party’s “robust” security system and no data breach had occurred.

The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline.

A Labour source said that attacks came from computers in Russia and Brazil but the BBC’s Gordon Corera has been told the attack was not linked to a state.

Our security correspondent said he had been told the attack was a low-level incident – not a large-scale and sophisticated attack.

 

A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly, adding: “The attack was not successful and the incident is now closed.”

Meanwhile, Labour has denied that there has been a data breach or a security flaw in its systems after the Times reported the party’s website had exposed the names of online donors.

DDoS attacks direct huge amounts of internet traffic at a target in an effort to overwhelm computer servers, causing their software to crash.

They are often carried out via a network of hijacked computers and other internet-connected devices known as a botnet.

The owners of which may be unaware their equipment is involved.

DDoS attacks are not normally recognised as being a hack as they do not involve breaking into a target’s systems to insert malware.

They can vary in sophistication and size, and are sometimes used as a diversionary tactic to carry out a more damaging attack under the radar.

Several companies provide services to repel DDoS attacks, but they can be costly.

The BBC has confirmed that Labour is using software by the technology company Cloudflare to protect its systems.

The US-based company boasts it has 15 times the network capacity of the biggest DDoS attack ever recorded, meaning it should be able to absorb any deluge of data directed at one of its clients.

BBC political correspondent Jessica Parker said “Labour Connects”, a tool for campaigners to design and print materials was disrupted and remains “closed for maintenance”.

A message on the site on Monday said it was experiencing issues “due to the large volume of users”.

Media playback is unsupported on your device
 
Media captionEXPLAINED: What is a DDoS attack?

Labour leader Jeremy Corbyn said the cyber-attack was “very serious” and also “suspicious” because it took place during an election campaign.

“If this is a sign of things to come, I feel very nervous about it,” he said.

In a letter sent to Labour campaigners, Niall Sookoo, the party’s executive director of elections and campaigns, said: “Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour Party platforms which had the intention of taking our systems entirely offline.

“Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained.”

Labour’s general secretary Jennie Formby said on Twitter the attack was a “real concern” but she added she was proud of the party’s staff who “took immediate action to ensure our systems and data are all safe “.

Emily Orton, from Darktrace, an AI company for cyber-security, told BBC Radio 4’s The World at One: “Really this is the tip of the iceberg in terms of the types of threats that, not just the Labour Party, but all political parties are going to be without a doubt experiencing on a daily basis.”

“I think anyone involved in politics and in government need to be preparing themselves for a lot more stealthy, sophisticated attacks than this,” she added.

Donors leak

Image copyright Labour Party

By Leo Kelion, Technology desk editor

The Times has revealed that Labour exposed the names of people who had donated money via an online tool.

The details could be found via an RSS web feed generated by the site’s code, which most browsers provide a way to inspect.

In most cases the information was limited to the donors’ first names and the sums given.

But because some people had mistakenly added their surname to the first name input box, this too was disclosed.

Labour denies this represented a security flaw or that a reportable data breach had occurred. It also believes that only a small number of full names were exposed.

However, it made changes to shut down the RSS feed last night.

“The Labour Party takes its responsibilities for data protection extremely seriously,” a spokesman said.

“If any concerns are raised, we assess them in line with our responsibilities under GDPR [General Data Protection Regulation ] and the Data Protection Act.”

The Information Commissioner’s Office told the BBC: “We will not be commenting publicly on every issue raised during the general election.

“We will, however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities.”

Over the next five weeks, we want to help you understand the issues behind the headlines.

Keep up to date with the big questions in our newsletter, Outside The Box.

Sign up to our 2019 election newsletter here.

Related Topics

Read more: https://www.bbc.co.uk/news/election-2019-50388879

Continue Reading

Cyber Security News

Capital One replaces security chief after data breach

Published

on

By

Capital One has replaced its cybersecurity chief four months after the company disclosed a massive data breach involving the theft of sensitive data on more than 100 million customers.

A spokesperson for Capital One confirmed the news in an email to TechCrunch.

“Michael Johnson is moving from his role as chief information security officer to serve as senior vice president and special advisor dedicated to cyber security,” said the spokesperson.

Mike Eason, who served as chief information officer for the company’s commercial banking division, has replaced Johnson as interim cybersecurity chief while a permanent replacement is found.

The Wall Street Journal first reported the news.

Capital One continues to assess the aftermath from its July data breach, which saw a hacker take millions of credit card application data between 2005 and 2019 from customers applying for credit cards. The data leaked also included names, addresses, postal addresses, phone numbers, email addresses, dates of birth and self-reported income, as well as credit scores and credit limits.

Paige Thompson, a Seattle resident, was taken into custody by the FBI following the disclosure, accused of breaking into the banking giant’s cloud-based environment. Subsequent research showed that the alleged hacker and former Amazon Web Services employee may have obtained sensitive corporate data on other companies, including Vodafone, Ford and Ohio’s Department of Transportation.

It was reported this week that Thompson would be released from custody, pending trial.

Read more: https://techcrunch.com/2019/11/07/capital-one-security-chief-shuffle/

Continue Reading

Trending