Another exciting week in the cyberverse: this one covering continents and telecommunications, major entrepreneurs and boy wonders. Here’s your week in review.
Cloud storage has been a hot topic since its inception. The undeniable convenience of instant back-ups and multiple-device-accessibility, coupled with certain vulnerability: it’s a user dream and a security nightmare. To list the cloud services that have been hacked is to read a “who’s who” of the cloud: Googledrive, Dropbox, iCloud, and Box are on there.
You may have already had Mega.nz on the list. MEGA was founded by Kim Dotcom, self-described “Entrepreneur, Innovator, Gamer, Artist, Internet Freedom Fighter & Father of 5” after the US Department of Justice seized previous incarnation Megaupload, and quickly grew to a reported 35 million registered users. In 2015 Dotcom claimed the New Zealand government was controlling the site, possibly even eavesdropping on stored files.
Now a hacker group known as Amn3s1a tells ZDNet they’ve obtained source code and admin accounts for MEGA. ZDNet was able to verify some of the hacked code. MEGA, on the other hand, has devalued the attack (claiming it only affected a contracted developer’s machine) and stated that access is secure.
So to cloud store, or not to cloud store? That is your question. MEGA’s claim to fame was onsite encryption before upload. They’re hackable, so aren’t they all?
Hackers Start Young
This time last year the BBC and other news outlets were covering a hack at telecom company TalkTalk. Approximately 157,000 customers’ personal information got hacked, and TalkTalk shares plummeted, losing about 1/3 of their value! (Though things improved. You can track the share prices here).
The hacker? Breaking news this week: a teenage boy from Norwich. At the time just 16 years-old, the young man was reportedly hacking just for fun and also attacked other websites such as Manchester University, Cambridge University and Merit Badges (a small, family company).
The young hacker apparently used SQL map to identify website vulnerabilities, created numerous online personas, and engaged in tests of skill online, but was not intending to damage or harm any of the companies he hacked.
If he doesn’t go to jail, perhaps one of those Universities will enroll him in computers.
Number Three: Three Mobile
In other telecom news, UK mobile provider Three mobile appears to have suffered a more malicious attack at the hands of decidedly older hackers: the National Crime Agency (NCA) has arrested three people in connection with an attack.
Approximately two-thirds of Three’s nine million customers may be affected by the hack. Data was stolen, including names and addresses. In particular, the hackers targeted individuals eligible for phone upgrades: requesting upgrades and intercepting the devices for themselves. Hundreds of devices, from handsets to phones, have been illegally obtained through this hack.
Last year Three experienced another cyber attack, when personal information was stolen for approximately 160,000 users. Three was fined for inadequately protecting customer data. How this latest breach will impact Three remains to be seen.
Lessons Learned, Wisdom Gained
As we report on major hacks each week we ask ourselves, what lessons were learned or wisdom gained? Will Kim Dotcom ever escape US persecution (or prosecution, depending on how you look at it)? Will cloud storage survive the onslaught of cloud hacks? Will the boy wonder from Norwich pursue a career in cyber security or as a white hat hacker or end up in a white collar prison?
We can ask, but we cannot say.
Tune in next week for the next round of Life’s Big Questions (or cyber news, anyway).