Balancing between data’s potential and its security

IN an era where data is king, the launch of Malaysia’s Central Database Hub (Padu) marks a significant milestone.

For the first time, the government will be collecting personal data on an unprecedented scale – everything from IC numbers and addresses to bank details and property ownership – into a single repository.

While revolutionary in its potential to streamline government services and target subsidies effectively, this initiative raises profound concerns about the security and privacy of our data.

Currently, we have the Personal Data Protection Act on the books. However, under Section 3(1) of the Act, this law does not apply to the government. 

Personal Data Protection Act 2010

Does this mean the extensive data collected through Padu is not afforded the same protections as it would if it was collected by private entities?

Previous data misuse and breaches in government systems only exacerbate our fear.

Cybersecurity firm Surfshark has listed Malaysia as the eighth most breached country globally in Q3 2023, with 494,699 leaked accounts. This represents a 144% increase in breach rate compared to Q2 2023.

According to its midyear threat landscape report, leaks from the government sector constituted 22% of total security breaches from January to June 2023.

The fundamental questions cannot be avoided: Can we trust the government with so much of our personal information? What assurances are there that it will be protected against misuse and theft?

The answers, according to most analysts and experts, lie in reforming the Personal Data Protection Act (PDPA) to encompass government data handling.

Amending the PDPA to include the government and all its agencies would be a significant step toward securing public confidence.

It would ensure the same rigorous data protection standards applied to private entities are also binding upon the government.

Such an amendment would not just be a legal formality; it would be the government’s commitment to the people, a reassurance that our personal information is valued and protected with the highest standards of security and privacy.

It would demonstrate a recognition of the principle that with great power comes great responsibility, especially when that power involves access to the extensive details of one’s financial and personal life.

While Padu presents an opportunity for public administration in Malaysia to take a huge leap forward, it also poses a significant risk to personal privacy if not appropriately managed.

The need to amend the PDPA to apply to data collected by the government is not just a regulatory necessity but a critical step in building trust between the citizens and the state.

Only with such legislative safeguards can the government assure its people that their data, their most personal and sensitive information, is in safe hands.

.  Source link

Related posts:

PADU to help govt identify eligible targeted subsidy

Exclusive: Report reveals how US spy agencies stole 97b global internet data, 124b phone records in just 30 days

 

Photo: headquarter of NSA in Maryland

 

The US military and government cyber agencies have remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days, which are becoming a major source of intelligence for the US and other "Five Eyes" countries, a latest cybersecurity report showed.

The report the Global Times obtained from Anzer, a cybersecurity information platform, on Monday, once again revealed the "black hand" operations of Tailored Access Operations (TAO), the cyber warfare intelligence agency under the US National Security Agency (NSA), which has been using advanced cyberattack weapons to indiscriminately "grab" data from internet users around the world.

An exclusive report published by the Global Times in May  disclosed that China captured a spy tool deployed by the NSA, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of user information. The Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.

According to internal NSA documents leaked by hacking group Shadow Brokers, "NOPEN" is one of the powerful weapons used by the TAO to attack and steal secrets.

Anzer's report revealed another weapon platform, "boundless informant," which is the NSA's exclusive big data summary analysis and data visualization tool system capable of colleting, managing and analyzing data around the world illegally obtained by NSA's remote control system.

According to terminal screenshots from the platform, the NSA has remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days.

A cybersecurity analyst told the Global Times on condition of anonymity on Monday that TAO is the largest and most important part of the intelligence division of the NSA.

Founded in 1998, the main responsibility of the TAO is to use the internet to secretly access insider information of its competitors, including secretly invading target countries' key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, steal privacy and sensitive data, and access to phone calls, emails, network communications and messages.

TAO also assumes an important role. When US president issues an order to disable or destroy communications networks or information systems in other countries, TAO will provide relevant cyberattack weapons, and the attacks will be carried out by the US Cyber Warfare Command, the report revealed.

According to the report, the various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics engineers. The entire organizational structure consists of one "center" and four "divisions."

The "center" employs more than 600 people and is responsible for receiving, sorting and summarizing account passwords and important sensitive information stolen from around the world by network information systems controlled remotely by TAO.

"The NSA's global indiscriminate intrusion has long been supported by a vast and sophisticated network of weapons platforms, of which TAO is an important weapon maker. Some of these weapons are dedicated to the products of US internet giants such as Apple, Cisco and Dell, and have been developed with the support and full participation of these internet giants," the expert said.

Media reports showed some US internet giants have set up a special government affairs department to cooperate with the NSA in developing cyber attack weapons and provide the NSA with special backdoors and vulnerabilities. Internal information leaked by Edward Snowden showed these weapons could be used to conduct mass traffic monitoring and hacking on any internet user around the world.

According to publicly available information, most of the cyber attack weapons have already been handed over to the US and other "Five Eyes" countries.

The report also showed more than 500 code names for cyber attacks and data theft operations conducted by TAO have been disclosed, which proves that the US is a developed internet country in the world, as well as a major country in cyber intelligence collection and data theft.

In 2013, the US spent $52.6 billion on global intelligence gathering programs, of which two-thirds went to cyber security operations to carry out cyber attacks on foreign countries and domestic targets in the US.

A large number of TAO's cyber attack weapons have also been shared with some allied countries. Media reports showed that GCHQ, the UK's security and intelligence agency, has used NSA's cyberattack weapons to conduct long-term attack control and communications monitoring in the European Union.

"The US is taking highly engineered cyber weapons as the winning advantage in future cyber warfare, and is investing resources and increasing chips regardless of cost, bringing endless hidden dangers to global cyber security," the expert said. 

 Source link

RELATED ARTICLES

US-address attackers scapegoat Chinese computers to attack Russia, Ukraine: cybersecurity center

China has been under continuous cyber attacks since late February where attackers with internet addresses in the US ...

Build a digital shield against COVID-19 together at the Beijing Olympics, not hype ‘cybersecurity’ for political show

The Winter Olympic Games should never be a stage for political shows. Getting in the way of the ...

It's a threat to national security | The Star

 https://www.thestar.com.my/opinion/letters/2022/06/14/its-a-threat-to-national-security

Related posts:

China captures powerful US NSA cyberspy tool

 

 

 

 

SOURCE: Data protection dept not doing its job

Act swiftly to prevent data breaches

 

 

 

 

Remain vigilant against financial fraud

 

Watch out for WhatsApp scammers

MCMC: Beware of scammers trying to take over your WhatsApp account 

 MCMC issued a warning to alert the public to increasing reports of WhatsApp accounts being hijacked

MCMC said scammers often pose as friends or family members, using accounts that scammers had already successfully hacked into, to try to trick them into revealing their six-digit WhatsApp verification codes. — Bloomberg

The Malaysian Communications and Multimedia Commission (MCMC) has issued a  statement warning the public to be wary of increasingly inventive tactics employed by scammers trying to hijack a user’s WhatsApp account, due to increasing reports of fraud cases being committed through the app.

MCMC said scammers usually manage to take over victims’ WhatsApp accounts by tricking them into divulging their six-digit verification codes, which users will usually receive when there is an attempt to change the phone number associated to their account.

To do this, scammers have been known to contact potential victims while posing as a hapless individual or business claiming to have mistakenly keyed in the victim’s phone number while trying to complete an online transaction, explaining that as a result the authorisation code for the transaction had been sent to the victim’s phone and imploring them for help retrieving the code.

These appeals could even come from the victim’s family members or friends via accounts that scammers had already hijacked, said MCMC.

This tactic commonly misleads the victim into thinking they would be sending the scammer an unrelated TAC (transaction authorisation code) when in fact they would be handing over the six-digit verification code to the victim’s own WhatsApp account.

Those who have been duped into giving up their codes could end up having their accounts stolen by scammers, added MCMC.

MCMC said scammers have also impersonated WhatsApp employees to fool users into sharing their verification code, adding that there have also been instances where the scammer would deliberately fail at keying in the code several times in order to force an automated system by WhatsApp to call the user about their verification code.

In this instance, the scammer would also contact the user to ask for the code while pretending to be someone else. If the user did not answer the automated call by WhatsApp and it goes into the user’s voice mailbox, then the scammer would try to randomly guess at or ask for the user’s voice mailbox PIN code to access the recording, according to MCMC.

The regulatory body advised WhatsApp users to be suspicious of any attempts to procure their six-digit verification code, adding that it is absolutely imperative that users never reveal the code to anyone else to prevent their accounts from being hijacked.

It added that users should also enable two-factor verification on WhatsApp and utilise more complicated PIN numbers for their voice mailbox as additional security measures.

According to an  FAQ by WhatsApp, a user may be sent the verification code via SMS – even when one wasn’t requested – for a number of reasons.

WhatsApp said this could happen due to someone mistyping their own number, or a hacker attempting to take over the person’s account.

Without the code, the hacker will not be able to complete the verification process, which would prevent the account from being hijacked.

If your account has been stolen, you will have to sign into WhatsApp with your phone number and verify your phone number by entering the six-digit code you receive via SMS.

Once you enter the six-digit SMS code, the individual using your account will be automatically logged out.

You might also be asked to provide a two-step verification code. If you don’t know this code, the hijacker using your account could have enabled two-step verification.

You must wait seven days before you can sign in without the two-step verification code, according to WhatsApp.

Regardless of whether you know this verification code, the other person will be logged out of your account once you entered the six-digit code received via SMS.

In a separate FAQ about  stolen accounts, WhatsApp also advised the victim to inform family and friends if they suspect someone is impersonating them in chats.

Users whose WhatsApp accounts have been stolen are encouraged to file a complaint with MCMC or lodge a report at the nearest police station.

Source link

 

Related stories:

India asks Facebook's WhatsApp to withdraw privacy policy update

 

WhatsApp users’ phone numbers and chats exposed on Google

 

WhatsApp to delay launch of update business features after privacy backlash

How WhatsApp’s Status update escalated into fake... 

 

WhatsApp to use fingerprint and face ID authentication... 

 

Leaving WhatsApp? Telegram now lets users import chat...

 

Related post:

 

WhatsApp Tips: How to clear WhatsApp cache when you are running low on phone memory

2019 - The rise of the quantum era

US President Donald Trump discards staff like changing shirts and reverses policies without any forewarnings to staff or supporters alike. This behaviour is described by Armenian President Sarkissian, a quantum physicist-turned-politician, as quantum politics. afp -  

2019: The rise of quantum era

The Phnom Penh Post 

THE year 2018 was an exhausting one, but it marked the exhaustion of the old neo-liberal order, willingly dismantled by President Donald Trump to the aghast of friends and foes alike.

We seem to live at the edge of chaos, in which every dawn is broken by tweets that disrupt the status quo. There are no anchors of stability. Trump discarded staff like changing shirts, and reversed policies without any forewarnings to staff or supporters alike.

This behaviour was described by Armenian President Armen Vardani Sarkissian, a quantum physicist turned politician, as quantum politics.

Most of us use the term quantum to mean anything that we cannot understand. The reason why we find quantum concepts weird is that they do not conform with normal logic. As Italian physicist Carlo Rovelli explains it, “Reality is not what it seems”.

Human beings live at the macroscopic scale, which we observe from daily life. We like stability and order. But at the beginning of the 20th century, Albert Einstein and Nils Bohr changed the way physicists thought about how nature behaved. Quantum physics evolved from the study of the behaviour of atoms at the microscopic scale.

Order is only one phase in the process of evolution.

And since the 1980s, quantum science has expanded beyond physics to neuro-science, information computing, cryptography and causal modelling, with great practical success.

Like the iPhone, most people don’t know how it works, but quantum mechanics does work in practice.

The first quantum concept is that it is probablistic, not deterministic. In simple language, there is no such thing as certainty, which classical science, religion and our normal instincts teach us to believe. In the beautiful language of Rovelli, “quantum fields draw space, time, matter and light, exchanging information between one event or another. Reality is a network of granular events, the dynamic which connects them is probabilistic; between one event and another, space, time, matter and energy melt in a cloud of probability.”

Second, Bohr defined a dualistic property of quantum situations called complementarity. Light is both a particle and wave, not either/or. This concept of complementarity leads to the famous Heisenberg’s uncertainty principle, which basically says that the position and velocity of an object cannot both be measured exactly and simultaneously, even in theory. If everything in the world comprises atoms and photons moving constantly, nothing can be measured exactly – the principle of indeterminacy.

The third concept is relational, in that everything is related to something. There are no absolutes, just as there is no certainty. Everything exists relative to something else. Quantum entanglement occurs when pairs or groups of particles interact with each other so that the quantum state of each particle is somehow related to the state of the other(s), even across great distances.

This phenomenon is popularly called the butterfly effect, which dramatically says that a butterfly flapping its wings may cause a typhoon across the Pacific. Einstein called entanglement “Spooky Action at a Distance”, and he tried hard to disprove it. But these effects were empirically verified in the 1970s.

Quantum physics is moving to centre stage because quantum information theory led to the invention of quantum computing. Until recently conventional computers use binary “bits” (one and zero) as the process for calculation of information. But a quantum computer uses quantum bits, called qubits, which can exist in both states simultaneously, and in so doing, it can process information faster and more securely than conventional computers.

This breakthrough means that quantum computing will transform artificial intelligence, deep learning and advance technology at speed, scale and scope that rivals anything we have witnessed in the world of classical computing. The goldmine of quantum computing is going to make fortunes for everyone, but he who controls the infrastructure (or pipes) across which quantum computing will be conducted will be the big winner.

Information Age

In the Information Age, knowledge, technology and knowhow is more valuable than gold. Central bank monetary creation as well as cyber-currencies like bitcoin, are quantum money, because the marginal cost of production of such “money” is near zero.

We are all so dazzled by such marvellous creation that many investors moved into the alchemy of asset price bubbles. It is no coincidence that the South Sea and Tulip bubbles occurred in an era of great “displacement”, when 17th century investors (including Isaac Newton) had no clue how to price massive returns from new companies colonising the South Seas, or the technological rarity of creating a black tulip.

In qubit terms, hard assets and soft/virtual liabilities are quantumly entangled with each other. If you can generate quantum liabilities at near zero cost, you can control and increase real assets to the disadvantage of your competitors. Put crudely, with a quantum computer and deep learning, you might be able to generate a drone-sized nuclear bomb using 3D printing at very low cost.

Or even more bluntly, you can do this under quantum encryption that the incumbent powers do not even know what you are doing.

It is therefore no coincidence, that the Western Deep States moved quickly against Chinese enterprises ZTE and Huawei, because these two have been big developers and users of quantum computing. First, deprive the competitor from access to the key high-tech fast chips that enable quantum computing to perform at speed. Second, disrupt the management and key talent that would enable such quantum capacity to be operationalised. Third, prevent them acquiring market share to an entrenched level, so that you have time to bring your own technology up to speed.

All these suggest that if you think in Thucydides Trap terms (classical arms race to nuclear war), we will all end up in nuclear mutual destruction.

If quantum thinking is a more “natural” way of thinking about our physical world and human behaviour (since our brains appear to neurologically work in quantum terms), then it means that we need to get rid of old classical thinking and mental traps. The real challenges to global prosperity and survival are climate change, social injustice, corruption, crime and disruptive technology, but mostly outdated mindsets. We need to think through these challenges in quantum terms, which means very new and weird ways of thinking round these obstacles.

Discarding old mindsets is never easy. But mankind has always thrived on getting new solutions to old problems, perhaps this time through a quantum frame of mind. On that optimistic note,

Happy New Year to all!

By Andrew Sheng - Think Asian- Tan Sri Andrew Sheng writes on global issues from an Asian perspective.

Related:

TECH NEWS:  Is quantum computing a cybersecurity threat?

The photo shows electronics for use in a quantum computer in the quantum computing lab. Describing the inner workings of a quantum computer isn’t easy, even for top scholars. — AP

Related posts

China successfully launched world's first quantum communication satellite 'very exciting' !

China launches satellite for space-based free Internet broadband and free wifi worldwide

Chinese scientists make quantum leap in computing; jumbo passenger jet C919 liftoff !

China to build world-leading national laboratory for quantum information sciences

Battle for global 5G mobile phone technology the real reason for Huawei CFO arrest

Unfolding future innovation: a look ahead at 2019's tech trends

5G connectivity promises faster Internet speeds and more efficiency to run complex tasks in the cloud. — 123rf.com   https://youtu.b...

Bitcoin falls after exchange is hacked, US$72 mil stolen from Bitfinex exchange in HK

Securing the bitcoin trading platform has proved elusive.

The price of bitcoin fell sharply today exacerbating an already ongoing decline as global market participants reacted to news that one of the largest digital currency exchanges had been hacked. Bitcoin Drops Nearly 20% as Exchange Hack Amplifies Price Decline

The price of the virtual currency bitcoin fell sharply after Hong Kong-based digital-currency exchange Bitfinex said it was hacked, resulting in the possible theft of about $65 million worth of bitcoin.

News of the Bitfinex hack hit the price of bitcoin hard in heavy trading on Tuesday. It fell to $540 by late in the day, down about 12% from its level near $613 early Tuesday, according to CoinDesk. At one point, it traded as low as $480, down about 22%, though it recovered to about $548 by late morning in New York on Wednesday.

The hack marks one of the largest thefts in bitcoin’s short history and follows a separate alleged theft of an estimated $60 million worth of ethereum, a rival virtual currency, in June. In 2014, investor confidence in bitcoin also was dented by another larger cybersecurity breach, at the Japanese exchange Mt. Gox.

Hacking and thefts of investor property stand as two of the biggest issues that may prevent the fast-growing digital currency from gaining more widespread use. Bitcoin trades on an open ledger known as the blockchain that has excited technologists for its ability to cut out expensive layers of bureaucracy in various areas of commerce.

But securing the bitcoin trading platform has proved elusive. Tuesday, Bitfinex acknowledged the latest theft in a statement on its website and said it was halting all trading on Bitfinex as well as the deposits and withdrawals of digital tokens.

“The theft is being reported to—and we are co-operating with—law enforcement,” the statement said. “We are deeply concerned about this issue and we are committing every resource to try to resolve it.”

Zane Tackett, Bitfinex’s director of community and product development, confirmed that 119,756 bitcoins were stolen and said the company knows “exactly how relevant systems were compromised.” At Tuesday’s value, the amount of bitcoin stolen was worth about $65 million. Mr. Tackett said the company is working with law enforcement and analytics companies to try to track down the stolen coins and is working to get its platform back up so customers can check their accounts.

It wasn’t clear what percentage of Bitfinex’s overall assets were stolen or whether or not the company had adequate insurance to cover the theft.

“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the statement added. “We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.”

In 2014, the Tokyo-based exchange Mt. Gox collapsed after a yearslong series of attacks resulted in the theft of about 850,000 bitcoins, at the time worth about $450 million. About 200,000 were later recovered. In June, Mt. Gox Chief Executive Mark Karpales was released from a Japanese prison on bail, after serving 10 months. The company’s liquidation is ongoing.

Bitcoin rallied earlier this year but had been selling off lately after an anticipated event known as a “halving” in early July lowered the subsidy paid to bitcoin miners supporting the network.

In 2015, Bitfinex switched to a system protected by what is known as “multiple signature” security, a feature that requires multiple “keys” to access bitcoin in a virtual wallet, and keeps the customers’ money in separate accounts, rather than pooling them into one larger account.

The exchange was fined $75,000 by the U.S. Commodity Futures Trading Commission in June for offering illegal off-exchange commodity transactions financed in bitcoin and other cryptocurrencies and for failing to register as a futures commission merchant. The CFTC said at the time that Bitfinex cooperated with its investigation and voluntarily made changes to its business practices to comply with regulations.

- The Wall Street Journal BY PAUL VIGNA AND GREGOR STUART HUNTER

Bitcoin worth US$72 mil stolen from Bitfinex exchange in Hong Kong

A Bitcoin (virtual currency) paper wallet with QR codes and a coin are seen in an illustration picture taken at La Maison du Bitcoin in Paris, France, May 27, 2015. Reuters/Benoit Tessier/File Photo

HONG KONG (Aug 3): Nearly 120,000 units of digital currency bitcoin worth about US$72 million was stolen from the exchange platform Bitfinex in Hong Kong, rattling the global bitcoin community in the second-biggest security breach ever of such an exchange.

Bitfinex is the world's largest dollar-based exchange for bitcoin, and is known in the digital currency community for having deep liquidity in the US dollar/bitcoin currency pair.

Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoin had been stolen from users' accounts and that the exchange had not yet decided how to address customer losses.

"The bitcoin was stolen from users' segregated wallets," he said.

The company said it had reported the theft to law enforcement and was cooperating with top blockchain analytic companies to track the stolen coins.

Last year, Bitfinex announced a tie-up with Palo Alto-based BitGo, which uses multiple-signature security to store user deposits online, allowing for faster withdrawals.

"Our investigation has found no evidence of a breach to any BitGo servers," BitGo said in a Tweet.

"With users' funds secured using multi-signature technology in partnership with BitGo, a lot more is at stake for the backbone of the bitcoin industry, with its stalwarts and prided tech under fire," said Charles Hayter, chief executive and founder of digital currency website CryptoCompare.

The security breach comes two months after Bitfinex was ordered to pay a US$75,000 fine by the US Commodity and Futures Trading Commission in part for offering illegal off-exchange financed commodity transactions in bitcoin and other digital currencies.

BITCOIN SLUMP

Tuesday's breach triggered a slump in bitcoin prices and was reminiscent of events that led to the 2014 collapse of Tokyo-based exchange Mt Gox, which said it had lost about US$500 million worth of customers' Bitcoins in a hacking attack.

Bitcoin plunged just over 23% on Tuesday after the news broke. On Wednesday it was up 1% at US$545.20 on the BitStamp platform.

Tackett added that the breach did not "expose any weaknesses in the security of a blockchain", the technology that generates and processes bitcoin, a web-based "cryptocurrency" that can move across the globe anonymously without the need for a central authority.

A bitcoin expert said the scandal highlighted the risks of companies using cryptography for their ledgers.

"The more you rely on its benefits, the greater the potential for damage when keys are stolen. We still have some way to go to create highly secure but convenient systems," said Singapore-based Antony Lewis.

The volume of bitcoin stolen amounts to about 0.75% of all bitcoin in circulation.

It is not yet clear whether the theft was an inside job or whether hackers were able to gain access to the system externally. On an online forum, Bitfinex's Tackett said he was "nearly 100% certain" it was no one in the company.

Bitfinex suspended trading on Tuesday after it discovered the breach. It said on its website that it was investigating and cooperating with the authorities.

The security breach is the latest scandal to hit Hong Kong's bitcoin market after MyCoin became embroiled in a scam last year that media estimated could have duped investors of up to US$387 million. The bitcoin trading company closed after the scandal.

The president of the Hong Kong Bitcoin Association said the only way to protect information is to disperse it in so many small pieces that the reward for hacking is too small.

"For an attacker, the cost-benefit strategy is quite easy: How much is in the pot and how likely is it that I'm getting the pot?" said Leonhard Weese.

The attack on Bitfinex was reminiscent of a similar breach at Mt. Gox, a Tokyo-based bitcoin exchange forced to file for bankruptcy in early 2014 after hackers stole an estimated $650 million worth of customer bitcoins.  - Reuters

Related posts:

 Bitcoin CEO arrest leaves long trail of unanswered ...

Aug 25, 2015 ... Tokyo (AFP) - The arrest of MtGox boss Mark Karpeles has begun to shed light on the defunct Bitcoin exchange after hundreds of millions of ...

 Brexit boosts bitcoin price, Is bitcoin a safe haven?

Jun 27, 2016 ... Despite the increase in the price of bitcoin amid the UK's recent EU referendum, a new research note from Needham & Company asserts it ...

 

 Bitcoin creator mystery, who is the Face Behind the ...

Mar 30, 2014 ... It seemed ludicrous that the man credited with inventing Bitcoin - the world's most wildly successful digital currency, with transactions of nearly ...

Bitcoin: cryptocurrency rising, money talks, mining boom ...

Apr 14, 2014 ... The Internet has spawned a new form of currency that's purely digital called Bitcoin. Picture this — a high speed car chase with a slew of ...

Take precautions on public wifi, hackers are watching you, travellers !

http://www.thestar.com.my/news/nation/2016/08/01/take-precautions-on-public-wifi-cybersecurity-firm-hackers-can-gather-sensitive-data-via-unsecure-co/

KUALA LUMPUR: If you are surfing the Internet on a public Wi-Fi, always assume someone is watching you out there.

Better yet, do not connect to any public Wi-Fi at all, said LE Global Services (LGMS) executive director Fong Choong Fook, whose private cybersecurity firm employs hackers to test the network security of the country’s major banks.

“I would never use a public Wi-Fi,” he said.

“Even an IT person may not be able to tell if the access point he is connected to is safe or if the activities are being watched.

“There may be signs like your Internet is slowing down but hackers can make it so elegant that you won’t even notice,” he said in an interview.

Malaysia’s national cybersecurity agency CyberSecurity Malaysia (CSM) said hackers could position themselves between a person’s device and the Wi-Fi router and are able to record sensitive data that the surfer is keying into his device.

Hackers can also “create” their own Wi-Fi and trick people into thinking they are connected to a credible public access point like the one from a restaurant, airport or office – when in actual fact these devices are connected to the criminals’ hardware.

Thus, they would be able to remotely watch everything a person is sending out on the Wi-Fi like passwords, e-mails or credit card information.

As frightening as these attacks may sound, Fong said this had been going as early as the 1990s.

Demonstrating to The Star how a hacker could steal information, LGMS set up an “evil twin” Wi-Fi using a laptop and named it after a famous franchise restaurant just below its office in Puchong, Selangor.

Fong connected two devices to this Wi-Fi and proceeded to log into social media, e-mail and Government websites.

Within seconds of logging in, the hacker’s computer began recording the activities in both devices in the experiment – recording every e-mail address, username and password that was keyed in.

Though the demonstration was only meant for the devices in the controlled environment of the LGMS office, three other users got connected to the dummy Wi-Fi, thinking they were linked to the franchise restaurant’s Internet, during the experiment.

“Hackers can target one specific person or they can target everyone in a cafe to get their devices to send all their data through their dummy Wi-Fi

“When they have your information, they can steal your identity. They can pose as you on Facebook, or send out e-mails to your contacts under your account,” he said.

Fong advised users to avoid connecting to public Wi-Fi or to only limit their browsing to Internet searches if they must connect to one.

The firm also suggested users to subscribe to VPN (virtual private network) technologies to secure their traffic.

VPN encrypts data on devices, making it hard for hackers to spy on the user’s online activities. Most VPNs are available on a subscription basis, much like an anti-virus programme.

So far this year, CSM has recorded eight instances where private Wi-Fi networks were hacked and 1,462 cases of online intrusions have been reported, which is nearly double the number of incidents compared to the same period in 2015.

It advised users to keep their Internet browsers up to date and to disable the feature which automatically saves password in the cache –as it makes it easier for criminals to steal.

by Nicholas Cheng The Star/Asia News Network

82% of travellers would use public Wi-Fi

KUALA LUMPUR: You are on a holiday in a foreign country. Naturally, you want to upload pictures to your Facebook or send messages to your friends back home or trawl the Internet for places to visit.

Chances are there is no Internet data connection where you are and you would search for whatever free Wi-Fi there is at the airport, hotel or cafe to stay connected.

An estimated 82% of travellers would choose to connect with unsecured public Wi-Fi, a practice which could up risks of cyberattacks, said Kasper­sky Lab.

The cybersecurity company surveyed 11,850 people worldwide and found that people on holiday would be carefree when it comes to their personal data protection.

The study found that 42% of travellers said they were less likely to care about the credibility of the Wi-Fi when they were on holiday compared to on business travels.

A third (33%) admitted to visiting websites of sensitive nature using foreign Wi-Fi, while almost half of the respondents conducted online banking (48%), shopped online (46%) and made private calls (35%) when they were abroad.

In a separate study, it found that at least 22% of travellers who conducted transactions online had experienced money loss while 8% had had a credit card compromised while in a foreign country.

Most of the time, victims do not even know they are being watched.

CSM advised users to keep an eye on their devices’ firewall alerts. Any trigger may indicate that a third party may be trying to access their devices illegally.

A report by MasterCard estimates that 10.9 million Malaysians travelled for overseas holidays in 2014, with the numbers expecting to hit 15.2 million by 2020.

The Kaspersky study also found that people were more likely to throw caution to the wind while on holiday with respondents saying they were 18% more likely to let strangers handle their smartphones to take pictures, 28% more likely to leave their devices unsupervised, 18% more likely to contact strangers online and 6% more likely to engage in “sexting”.

Related posts:

 Malaysian Internet users to become victims of Evidence ...

Jun 14, 2012 ... Hackers may cause Internet users to become victims of Evidence Act ... According to Cybersecurity Malaysia, an average of eight personal accounts ... special devices in the market that enabled anyone to “sniff” WiFi networks.

 2015 Hack of a year ahead!

Dec 21, 2014 ... 2014 has seen a tsunami of epic hacks and identity thefts, including the ... said the prominent data leaks of 2014 would keep cyber security in ...