[Security Weekly] UN Discloses Severe Data Breach, Described as “Major Meltdown”
5th Week of January 2020
1. UN reveals security breach described as “major meltdown”, an incident it’s been hiding about
As stated in an exclusive report published by The New Humanitarian (TNH) on Wednesday, the United Nations suffered a massive security breach back in July 2019, where hackers obtained access to 400 GB of sensitive data. The case was brought to the surface as TNH’s investigation team discovered a confidential report back in November about this covered up incident.
According to TNH’s investigation, attacks began in mid-July 2019, where servers and databases in the UN offices of Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights (OHCHR) were involved. The exact components of the data stolen were unclear, however, they likely included staff records, user accounts data, as well as records on human rights abuses. It was not until late August that the IT officials at the UN discovered the attack and issued a confidential alert to its technical teams.
After the report was published, the UN admitted suffering the incident. It appeared that only internal IT teams and the chiefs at the offices were aware of the situation, while most staff were only told to reset their password without knowing the cause.
According to the Associated Press, the hackers exploited a vulnerability in Microsoft’s SharePoint software. Despite the release of a patch in March 2019, the UN reportedly did not update its systems promptly.
For organizations regulated under the General Data Protection Regulation (GDPR), reporting data breaches is mandatory. However, since the UN has diplomatic immunity, it is not required to disclose such incidents. Many experts have stepped up calling for the UN to be more transparent on cybersecurity because covering up such weaknesses would only make them more vulnerable in the future.
Sources: The New Humanitarian, Threatpost
2. The UK opens its door for Huawei to participate in its 5G infrastructure
Despite facing sanctions and pressure imposed by the Trump administration, Huawei has made its way to the UK. Earlier on Tuesday, British Prime Minister Boris Johnson acted against the United States’ request for all its allies to ban the Chinese telecom giant.
Nevertheless, the UK government has classified Huawei as a “high-risk vendor”, where many restrictions would be applied. For instance, Huawei’s market share in the UK is capped at 35%, and that it would be excluded from operating the country’s sensitive networks, such as military sites and nuclear sites. The UK defended its decision by stating that they feel the need to keep up with the latest 5G infrastructure and that Huawei’s risks are totally manageable through restrictive measures, reassuring citizens that national security will not be compromised.
Following the announcement, Washington strongly condemned London’s decision, warning that allowing Huawei to develop UK’s infrastructure would leave a back door that allows Chinese intelligence to infiltrate the country, as well as posing risks to intelligence sharing between the Five Eyes.
The Five Eyes alliance, consisting of the United States, United Kingdom, Canada, Australia, and New Zealand, are five English-speaking allies who made an agreement in 1946 to share security information. The problem now is that if one of the countries has a vulnerability, all of them may be at risk. Currently, the US, Australia, and New Zealand have completely banned the Chinese firm, while Canada still hasn’t revealed its position. The UK’s decision would certainly weaken the alliance.
Sources: Business Insider, City A.M.
3. Millions of payment card information stolen from Wawa now for sale online
Last December, American convenience-store and gas-station chain Wawa suffered a security breach where a massive amount of data was compromised. This involved potentially all its customers’ debit and credit card information, including cardholder names, card numbers, and expiration dates. The breach was said to have lasted about nine months, before being discovered and contained in December 2019 (The Philadelphia Inquirer).
However, the aftermath has only begun. On Tuesday this week, it was reported that millions of payment card information stolen during that breach have been posted on “Jokers’ Stash”, a large-scale marketplace selling stolen payment information on the dark web. Wawa has notified credit card processors to stay on high alert when monitoring fraud activities and advised all customers to review their credit card statements thoroughly and to report any suspected fraud immediately.
According to Jokers’ Stash, the full collection of data posted for sale includes roughly 30 million payment card information across more than 40 U.S. states, with another one million from abroad, possibly from those who shopped at Wawa when traveling to the U.S (NJ.com). Wawa has claimed that no debit card pin number or credit card cvv2s were stolen, making it difficult for any average person to make payments using the stolen information.
Sources: The Philadelphia Inquirer, NJ.com
4. Social media accounts for NFL teams, ESPN, and UFC hijacked by a hacker group
One week before the Super Bowl game where the champion for the National Football League’s 100th season is to be determined, social media accounts of 15 teams in the NFL were hacked this Monday. These include Twitter, Instagram, and Facebook accounts. Accounts for ESPN and UFC were also compromised briefly.
Over the course of a few hours, the profile and banner pictures for these teams disappeared and strange messages were uploaded. The attacker appeared to be a hacker group called OurMine, famous for hacking online accounts of celebrities to promote their services. It is no different this time – one of the Tweets they posted stated that they are here to show people that everything is hackable, and that to contact them to improve account security, with a link to their website.
According to ZDNet, the hackers posted many Tweets through a third-party platform called Khoros, which is a social media management service used by digital marketers. However, Khoros have stated that their platform was not compromised. As of today, all the accounts have been recovered.