The Good, the Bad and the Ugly in Cybersecurity – Week 46

The Good

U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) – in collaboration with the Brazil Ministry of Justice and the Public Security (MJSP) Secretariat for Integrated Operation (SEOPI) Cyber Laboratory – have arrested over a hundred child predators in an operation that lasted 6 days and spanned across the U.S. and South America.

“This collaborative effort by ICE’s Homeland Security Investigations and its foreign law enforcement partners has put dangerous criminals behind bars and, most importantly, has led to the rescue of innocent children,” said ICE Attaché for Brazil and Bolivia, Robert Fuentes Jr.

This was part of an ongoing activity named ”Operation Protected Childhood” (OPC) that simultaneously targets the distributors and producers of child sexual abuse material throughout the Americas (in Brazil, Argentina, Paraguay, and Panama).

It seems that the perpetrators are extremely prolific in utilizing innocent applications for communicating with their peers and clients and for distributing their “merchandise”. The operation discovered that suspects were using the anonymous messaging application “Kik”, Facebook Messenger app, peer to peer file sharing software, Twitter direct messaging and of course darknet forums. It appears that both Kik and Twitter have aided the investigation.

The Bad

Cyber attacks against courts and even live trials are not new, but a cyber attack that disables a country’s highest court of appeals is both novel and very disturbing.

Brazil’s Superior Court of Justice was hit by a ransomware attack which disabled IT systems for at least 3 days. Superior Court of Justice President Humberto Martins announced that “the court’s information technology network suffered a cyber attack on Tuesday afternoon, when the judgment sessions were taking place”.

Initially, the attack caused the cancellation of ongoing sessions, as well as rendering email and telephones unavailable. However, all the SCJs systems’ and their website were down for at least two days after the attack, which was rumored to have hit other federal entities as well.

Reportedly, the attack was caused by the RansomExx gang, and has not affected all but the most urgent court proceedings over video conferencing but also encrypted backups and quite possibly syphoned off data for subsequent extortion attempts.

Brazilian president Jair Bolsonaro said on a live broadcast that a ransom demand had been made and that the hackers behind the attack had been identified, but it is unclear if this is accurate as federal police have not formally commented on the matter. Other agencies impacted by (possibly related) cyber attacks are the Ministry of Health, Federal District Department of Economics and Federal District Government.

The Ugly

While we can’t travel abroad at the moment, we can all reminisce about our last vacation, one that we have likely booked a hotel room online, for. Unfortunately, if you had done so in the past 7 years your details might have been leaked. Researchers from websiteplanet found a misconfigured AWS S3 bucket belonging to Spanish software company Prestige Software, which sells a cloud-based software to hotels to automate their communicate with online booking sites (as to present rooms availability), including Hotels.com, Agoda, Expedia, Booking.com, Amadeus, Hotelbeds, and Omnibees.

It appears that Prestige Software had been storing personal identification data of guests and at least 100,000 credit cards on a misconfigured S3 bucket, dating back to 2013. The amount of leaked data is said to be around ten million records. Many of these records represent family reservations, so the number of individuals whose details may be exposed could easily be double or quadruple that number. The researchers have notified Amazon and ensured the repo was secured from further exposure. However, as is often the case with these discoveries, it is unknown whether any malicious actors may have accessed and utilized the data prior to the researchers discovery. If indeed data was leaked, and customers’ information wass compromised, than Prestige Software could be facing a fine from the EU regulator under GDPR law.

In a similar case, Marriott International was recently fined 18.4m for a 2014 data breach that affected 339 million guest records worldwide, a fine that has been significantly reduced from the initial £99 million notice due to the strain the company is under. It is difficult enough for the travel industry to survive the ongoing Covid-19 crisis, and recovery isn’t helped if travelers cannot be confident that online bookings are left insecure. Let’s hope that such incidents serve as a wake up call to the industry to improve security standards and allow us all to book our travels with peace of mind.