Cybercrime and security

Online attackers with clear links to China are behind a vast cyber espionage campaign targeting government agencies of interest to Beijing, Google subsidiary Mandiant says.

"This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021," says Mandiant chief technology officer Charles Carmakal.

The cyberattackers compromised the computer defenses of hundreds of organizations, in some cases stealing "emails of prominent employees dealing in matters of interest to the Chinese government," Carmakal adds. — AFP

Leading mobile wallet GCash will forge stronger partnerships with law enforcement agencies after its efforts, in collaboration with the National Bureau of Investigation, led to a major bust of suspected fraudsters preying on its customers.

GCash worked closely with the NBI Cybercrime Division to arrest a gang allegedly defrauding users of the digital wallet, among them two Nigerians and three Filipinos arrested in separate operations last week.

Their scheme reportedly involved selling scam pages, including an imitation of the GCash webpage to dupe users via phishing to get sensitive data.

GCash helped report detected phishing sites, promptly responded to subpoenas issued by the court on disclosure of computer data, assisted victims in filing complaints with law enforcement authorities, and properly endorsed fraud cases.

Hackers have stolen data on about 4.5 million Air India passengers around the world in the latest breach reported by a major airline.

Names, credit card numbers and passport information were among the data stolen, Air India says in a statement released late Friday.

The state-owned giant says it was "securing the compromised servers" and using "external specialists" on data security as well as working with credit card companies. — AFP

The Department of Information and Communications Technology says they support the Securities and Exchange Commission in their advocacy for strengthened cybersecurity and data privacy protection in the corporate sector amid the COVID-19 pandemic.

“We recognize cybersecurity as a vital component of digital transformation. As we increase our usage of ICT during our transition to the new normal, it is important to ensure that our institutions, whether in the public or the private sector, are safe from cyber threats and risks,” says DICT Secretary Gregorio Honasan II.

“The DICT supports SEC’s initiative in promoting better cybersecurity practices in the private sector. And to do that, your DICT continues to extend its cybersecurity services to everyone – with the guidance of President Rodrigo Roa Duterte and in support of the Inter-Agency Task Force for the Management of Emerging Infectious Diseases (IATF-MEID),” he adds.

New York state's top prosecutor announces that the company Zoom would improve security measures, after flaws were detected as the video conferencing platform soared in popularity amid the coronavirus pandemic.

The agreement wraps an investigation launched in March by New York Attorney General Letitia James into vulnerabilities in the California-based company's software. — AFP

Photo credit: AFP/Oliver Douliery

The National Intelligence Coordinating Agency identified the so-called Philippines International Development Agency as a bogus agency disguising itself as a legitimate government body under the National Economic and Development Authority and engages in fraudulent activities.

In a post that NEDA shared on its Facebook page, the agency says PIDA "accepts tender offers for development projects and asks money for payment."

"PIDA's webpage, www.pida-ph.org, is listed as a fake procurement scam by the Stop 419 Scams and Scammers, a website which exposes scammers and fights advance free frauds," the post reads.

"The public is advised to disregard any communication from PIDA."

Google security experts uncover an "indiscriminate" hacking operation that targeted iPhones over a period of at least two years and used websites to implant malicious software to access photos, user locations and other data.

In a post Thursday on the blog of Google's Project Zero security taskforce, cyber experts did not name the hacked websites hosting the attacks, but estimated they received thousands of visitors a week.  

"Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant," says Project Zero's Ian Beer. — AFP

Taiwan urges China and Hong Kong to work together to investigate a spate of financial love scams that have caused over US$30 million in losses to Taiwanese targets.

Fighting this new type of cross-border fraud will require the cooperation of all three administrations, and sits in contrast to mounting recent tensions over Beijing's desire for closer political links.

According to the Criminal Investigation Bureau, suspects based in China and Hong Kong used social media to start romantic relationships with victims in Taiwan, and then coaxed them to invest in fake financial companies. — AFP

Britain has shared with 16 NATO allies details of malicious Russian cyber activity in their countries over the last 18 months, foreign minister Jeremy Hunt was to say.

He will accuse Russia's intelligence services of mounting a "global campaign" targeting critical infrastructure, during a speech at the NATO Cyber Defence Pledge Conference in London, to be attended by the alliance's head Jens Stoltenberg. — AFP

Consumer advocates and the data-hungry technology industry are drawing early battle lines in advance of an expected fight this year over what kind of federal privacy law the U.S. should have.

More than a dozen privacy organizations has unveiled a plan that would create a new federal data-protection agency focused on regulating the way businesses and other organizations collect and make use of personal data, even if aggregated or anonymized. — AP

Vietnam has accused Facebook of violating a new cybersecurity law by refusing to scrub anti-government content from its site, the first reprimand since the controversial bill came into effect days ago.

The law, which went live January 1 and has drawn criticism from the US, the EU and web freedom groups, requires internet companies to remove "toxic content" and hand over user data when requested by authorities. — AFP

The National Privacy Commission has issued an order on Cathay Pacific Airways in relation to a notification it submitted last October 25 about a data breach involving over 100,000 affected Filipino data subjects.

Roughly 35,700 passport numbers from the Philippines were exposed due to the  breach, while over 100 credit card numbers were compromised, the Hong Kong flag carrier told the NPC.

The NPC has ordered Cathay Pacific to:

• Explain within ten days why Cathay should have the NPC overcome the presumption that there has been a failure to timely notify the commission about the occurrence of a data breach
• Submit within five days further information on the measures taken to address the breach

Vietnam may give internet companies like Google and Facebook one year to comply with a controversial cybersecurity law, according to a draft decree that outlines how the draconian bill could be implemented.

The cybersecurity bill, which observers say mimic China's repressive web control tools, is set to come into effect in January despite drawing sharp criticism from the US, the EU and internet freedom advocates.

The bill would require tech companies to store data in the country, and remove "toxic content" from websites and hand over user information if asked by the government to do so. — AFP

The Dutch defense minister says Russia's military intelligence unit attempted cybercrimes targeting the U.N. chemical weapons watchdog and the investigation into the 2014 Malaysian Airlines crash over Ukraine.

Defense Minister Ank Bijleveld said the GRU's hacking attempts on the Organization for the Prohibition of Chemical Weapons, which she said took place in April, were disrupted by authorities. Four Russian intelligence officers were immediately expelled from the Netherlands, she said. 

Speaking about Russia's hacking attempts into the MH17 crash investigation Thursday, she said: "We have been aware of the interest of Russian intelligence services in this investigation and have taken appropriate measures." She added that "We remain very alert about this." — AP

British Foreign Secretary Jeremy Hunt has accused Russia's military intelligence service of conducting a campaign of "indiscriminate and reckless" online attacks targeting political institutions, businesses, media and sport around the world. — AFP

European Union lawmakers appear set this month to demand audits of Facebook by Europe's cybersecurity agency and data protection authority in the wake of the Cambridge Analytica scandal. 

A draft resolution submitted to the EU Parliament's civil liberties and justice committee urged Facebook to accept "a full and independent audit of its platform investigating data protection and security of personal data." — AP

 Vietnamese legislators pass a contentious cybersecurity law, which critics say will hurt the economy and further restrict freedom of expression.

The law requires service providers such as Google and Facebook to store user data in Vietnam, open offices in the country and remove offending contents within 24 hours at the request of the Ministry of Information and Communications and the specialized cybersecurity task-force under the Ministry of Public Security. — AP

Iranian President Hassan Rouhani is criticizing the blocking of the popular Telegram messaging app in the Islamic Republic, suggesting those "at the highest level" in the country shut off access.

Rouhani, a relatively moderate cleric within Iran's Shiite theocracy, did not elaborate in his online comments but they seem aimed at redirecting domestic anger over the blocking of the app, believed to be used by half of Iran's 80 million people. The app was crucial in fanning nationwide protests in December and January. — AP

Starting Monday, all 2.2 billion Facebook users will receive a notice on their feeds, titled "Protecting Your Information," with a link to see what apps they use and what information they have shared with those apps. If they want, they can shut off apps individually or turn off third-party access to their apps completely.

In addition, the 87 million users who might have had their data shared with Cambridge Analytica will get a more detailed message informing them of this. Facebook says most of the affected users (more than 70 million) are in the U.S., though there are over a million each in the Philippines, Indonesia and the U.K. — AP

France has flagged more than 78,000 people as security threats in a database intended to let European police share information on the continent's most dangerous residents — more than all other European countries put together — according to an analysis by The Associated Press.

A German parliamentarian, Andrej Hunko, was the first to raise the alarm about potential misuse of the Schengen Information System database in a question to his country's Interior Ministry about "discreet checks" — secret international checks on people considered a threat to national security or public safety. He questioned whether and why different countries seemed to apply very different criteria. — AP

An Iranian news site is reporting the country will block the Telegram messenger service for reasons of national security.

The Saturday report by Mashreghnews.ir quotes the head of the parliamentary committee on national security and foreign policy, Alaeddin Boroujerdi. He says the decision was made "at the highest level" and the app would be replaced by a similar local system.

Boroujerdi said the decision was a response to what he called Telegram's destructive role in anti-government protests that began in late December in which at least 25 people were killed and nearly 5,000 reportedly arrested.

The app, with some 40 million users in Iran, was temporarily shut down during the protests in early January. However, some 10 percent of users reached it through proxies and VPN services. — AP

A Russian man has pleaded not guilty to hacking computers at LinkedIn, Dropbox and other American companies.

Yevgeniy Nikulin pleaded not guilty to computer intrusion, aggravated identity theft and other charges in federal court in San Francisco.

Prosecutors say Nikulin penetrated the computers of Silicon Valley firms in 2012 and potentially gained access to the personal information of millions of Americans. — AP