Archive for the ‘News’ Category

A hacker (or hackers) has stolen the identity records for 45 million Argentinians. This hack took place (last month) in Sept 2021 by targeting the “Registro Nacional de las Personas” (RENAPER). RENAPER issues all national ID cards to the citizens of Argentina.

Where is Argentina? It’s on the southern end of South America, and very close to Antartica.

So we know this leak is real as the alleged perpetrator is publishing samples of the data on Twitter using a newly registered account @AnibalLeaks (Suspended). Anibal has started leaking details of Argentinian celebrities, the country’s president and multiple journalists, political figures, soccer stars and more.

So what is the data format?

idtramiteprincipal (Processing #) idtranmitearjetareimpresa (Processing # on card) ejemplar (Copy) vencimiento (Expiration date) emision (Data of issue) appellido (Surnames) nombres (Names) fechaNacimiento (Birthdate) cuil (Unique labor identification code)

This is how an Argentinian ID/s looks like:

https://olc.worldbank.org/system/files/Argentina-ID-Case-Study-The-Evolution-of-Identification.pdf

Estimated quantum of data leaked should be 45M records x 15 fields x 1Kb/field = ~675GB.

Insider Job?

Government authorities are investigating eight government employees about having a possible role in the leak. A VPN (Virtual Private Network) account assigned to the Ministry of Health was used to query the RENAPER database and could be a possible attack vector.

Where to now?

The hacker continues to blackmail RENAPER with a threat to trickle-publish the data including the “Trámite” numbers, and Photo IDs. This could seed the beginnings of a Facebook alternative for Argentina. Say renaperbook.com?

Read More:

https://then24.com/2021/10/13/renaper-denied-having-suffered-hacking-and-massive-data-leakage/ https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/ https://www.aviationanalysis.net/renaper-eight-employees-have-been-investigated-over-data-leaks-but-the-government-denies-a-breach/

Move aside WikiLeaks, many governments, and private wealth entities have their own view of global data. This is commonly known as “Databanks”. So Forbes, Bloomberg, Times, The Economist, DOW Jones, The Straits Times have databanks. Governments have archives, and intel repositories.

So everyone has a version of the truth – Glitchdata included.

A data bank or databank is a repository of information on one or more subjects – a database – that is organised in a way that facilitates local or remote information retrieval and is able to process many continual queries over a long period of time.

The data in a data bank can be anything from scientific information like global temperature readings, and governmental information like census statistics, to financial-system records like credit card transactions, or the inventory available from various suppliers.

The US Army considers Cyberspace as a key battleground, starting with battlefield electromagnetic signatures, and extending to social media footprints.

To command this space, the US Army has several programs of work over the next 3 years to monitor and provide intelligence for Army commanders.

You would also think that a Cyberspace battleground should then warrant a Cyberspace response. Currently, it’s focused on the physical battlefield response.

Read more here.

So you’ve heard of the Offshore leaks, Paradise Papers, Panama Papers. Pandora Papers is the latest leaks

So who have been identified in this latest set of leaks? They include:

The owners of more than 1,500 UK properties bought using offshore firm. This include former Prime minister Tony Blair. The Qatari ruling family Sir Philip and Lady Green went on a property spree after off-loading the BHS retail chain. A prominent Tory donor who was involved in one of Europe’s biggest corruption scandals the King of Jordan’s £70m spending spree on properties in the UK and US through secretly-owned companies Azerbaijan’s leading family’s hidden involvement in property deals in the UK worth more than £400m the Czech prime minister’s failure to declare an offshore investment company used to purchase two French villas for £12m how the family of Kenyan president Uhuru Kenyatta’s secretly owned a network of offshore companies for decades

Read more here:

https://www.icij.org/investigations/pandora-papers/

You might have heard of the Dark Web. Here is how you can get access:

Download Tor Browser https://www.torproject.org/download/ Connect to an “Onion” link View Tor Network Status http://jlve2y45zacpbz6s.onion

If you want to know how the Tor network works, see:

https://wiki.glitchdata.com/index.php/Tor

Here it is. It’s an information war. And the China Communist Party (CCP) membership database is the latest target. It’s pants down. Go get some data…

https://gofile.io/d/Jo8W92 (Deleted) https://git.rip/botayhard/shanghai-ccp-member-db (Deleted) https://github.com/ccpdata/ShanghaiCCPMember (Deleted) https://gitlab.com/shanghai-ccp-member-db/shanghai-ccp-member-db (Deleted)

Oops. Too late. Have you tried the Dark Web?

Mooting in 2014, the Australian Government looks to strengthen data protection requirements for by requiring IT suppliers to provide a “Commonwealth Data Protection Plan” (CDPP).

The CDPP essentially describes how an agency would treat its data during the phases of its lifecycle. The data lifecycle typically entails:

Collection Usage & Disclosure Storage & Archival Disposal & Destruction

It also looks to integrate with other data protection mechanisms like:

The ISM from PSPF Privacy Assessments from the Privacy Act AML/CTF Laws Archives Act GDPR Others…

The 2019–20 coronavirus pandemic is an ongoing pandemic of coronavirus disease 2019 (COVID‑19) caused by severe acute respiratory syndrome coronavirus 2 (SARS‑CoV‑2). The outbreak was identified in Wuhan, China, in December 2019. The World Health Organization declared the outbreak a Public Health Emergency of International Concern on 30 January, and a pandemic on 11 March. As of 3 May 2020, more than 3.42 million cases of COVID-19 have been reported in 187 countries and territories, resulting in more than 243,000 deaths. More than 1.09 million people have recovered.

Get downloads to coronavirus dataset here:

https://ourworldindata.org/coronavirus-source-data https://www.kaggle.com/sudalairajkumar/novel-corona-virus-2019-dataset https://data.humdata.org/dataset/novel-coronavirus-2019-ncov-cases

Luscious.net loses 1million user details. According to the team at vpnMentor, an exposed database allowed access to Luscious account holders’ personal details. 

The accessible data included usernames, email addresses, activity logs, and location data for all 1.195 million users.

“Our team was able to access this database because it was completely unsecured and unencrypted,” writes the vpnMentor team. 

If Luscious users happened to use email addresses associated with their real names to register accounts, that information — tied to location data — could be more than enough to associate specific Luscious accounts with their owners. Users’ video uploads to the site were also accessible.

The breach was discovered on Aug. 15, and, after being notified by vpnMentor, Luscious fixed the issue on Aug. 19. That doesn’t mean, however, that no harm was done. 

“While the data breach is now closed,” write the researchers, “it’s still possible that other hackers could have accessed it earlier and extracted the same data we viewed.” 

“A greater issue of concern is the fact that many users joined Luscious on official government emails,” notes vpnMentor. “We found examples of this from users in Brazil, Australia, Italy, Malaysia, and Australia.”

The 2015 Ashley Madison hack demonstrated how this type of information is practically designed for blackmail. In that case, a dating site purportedly offering to put married men in touch with women was breached, and its database consisting of usernames and emails fell into the hands of hackers.

Organisation have had it easy for some time. Data breaches are increasingly being addressed with penalties backed by GDPR legislation. Some noted fines are:

British Airways was fined $328M. Facebook fined $5B for Cambridge Analytica data theft. $99M for Marriott Hotel

In Australia, the OAIC reports that it received 812 privacy complaints in 2018.

Entity Records Organization type Method 2019 Bulgarian revenue agency hack over 5,000,000 government hacked Canva 140,000,000 web hacked Capital One 106,000,000 financial hacked Desjardins 2,900,000 financial inside job Facebook 540,000,000 social network poor security Facebook 1,500,000 social network accidentally uploaded First American Corporation 885,000,000 financial service company poor security Health Sciences Authority (Singapore) 808,000 healthcare poor security Justdial 100,000,000 local search unprotected api Ministry of Health (Singapore) 14,200 healthcare poor security/inside job Quest Diagnostics 11,900,000 Clinical Laboratory poor security StockX 6,800,000 retail hacked Truecaller 299,055,819 Telephone directory unknown Woodruff Arts Center unknown arts group poor security Westpac 98,000 financial hacked Australian National University 19 years of data academic hacked

Here are a few links to fines noted.

https://www.abc.net.au/news/2019-07-08/british-airways-cybercrime-credit-card-hack-fine/11289738