Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Government Database. Show all posts

Critical Vulnerabilities in GovQA Platform Expose Sensitive Government Records

 

In a significant cybersecurity revelation, critical vulnerabilities were discovered in the GovQA platform, a tool extensively used by state and local governments across the U.S. to manage public records requests. 

Independent researcher Jason Parker uncovered flaws that, if exploited, could have allowed hackers to access and download troves of unsecured files connected to public records inquiries. These files often contain highly sensitive personal information, including IDs, fingerprints, child welfare documentation, and medical reports. 

The vulnerabilities in the GovQA platform, designed by IT services provider Granicus, have since been addressed with a patch deployed on Monday. However, the potential consequences of these flaws were severe. If exploited, hackers could have gained access to personally identifiable information submitted by individuals making public records requests. 

This information, often including driver's licenses and other verification documents, could be linked to the subjects of the requests, posing a significant privacy and security risk. Granicus, responding to the findings, emphasized that the vulnerabilities did not constitute a breach of Granicus systems, GovQA, or any other part of applications or infrastructure. 

The company classified the vulnerabilities as "low severity" but acknowledged the need to work with customers to minimize the information collected and disclosed. However, cybersecurity experts who reviewed the findings disputed this classification, considering the flaws to be more severe than labeled. The GovQA platform is a crucial tool used by hundreds of government management centers in at least 37 states and the District of Columbia.

Its purpose is to assist offices in sorting and delivering records to requesters through official public access channels. The flaws in the platform, discovered by Parker, could have allowed bad actors not only to access sensitive personal information but also to trick the system into letting individuals edit or change the metadata of records requests without detection by administrators. 

By modifying the webpage's code, a skilled hacker could have accessed more information than intended, potentially leading to the exposure of highly sensitive data. The GovQA platform, used for managing records requests, often involves individuals submitting personal information for verification purposes. This information is stored alongside the requested files and could be exposed in the event of a cyberattack. 

The vulnerabilities were particularly concerning as they could be exploited to access records tied to both the requestor and the subject of their request, even in cases where requests were denied. The findings by Jason Parker underscore the broader challenges faced by state and local governments in safeguarding sensitive information. With cyber incidents targeting government entities becoming more common, the need for robust security measures and a culture of responsibility around code security is paramount. 

As President Joe Biden recently signed an executive order focused on preventing sensitive data from falling into the hands of foreign adversaries, the vulnerabilities in the GovQA platform highlight the urgency of addressing security risks in widely used records systems. The incident serves as a reminder of the potential consequences when cybersecurity vulnerabilities are present in critical tools that manage sensitive government data.

CERT-In Publishes Security Norms for Government Data Safety

 

The usage of remote desktop applications like Anydesk and Teamviewer in government departments is now prohibited under new security rules issued last week by the Indian cyber security body CERTin. 

According to the regulations, government agencies must enable multi-factor authentication (MFA) for VPN accounts and use virtual private networks (VPN) to access network resources from remote locations. 

"Ensure to block access to any remote desktop applications, such as Anydesk, Teamviewer, Ammyy admin etc," Guidelines on Information Security Practices for Government Entities explained.

The goal of these standards, according to CERT-In (Indian Computer Emergency Response Team), is to create a priority baseline for cyber security procedures and controls within government organisations and their affiliated organisations. 

In an official statement, Minister of State for Electronics and IT Rajeev Chandrasekhar stated the government has taken a number of steps to guarantee an open, safe, trusted, and responsible digital world. 

"We are expanding and accelerating on Cyber Security with focus on capabilities, system, human resources and awareness. The guidelines are an important part of our larger cybersecurity framework being built under the leadership of our PM Narendra Modi ji, as India takes rapid strides towards USD 1 trillion Digital Economy," Chandrasekhar stated. 

The guidelines state that essential servers should either be made stand-alone or part of a specific secure zone. Servers are not required to connect with one another unless they are a part of the same application with dedicated ports and authenticated apps.

It's encouraging that CERT-In has released standard operating procedures in the aftermath of several claims and hypotheses that AIIMS systems were infected with ransomware and exposed to data leaks from government agencies. These will harmonise cyber security practises throughout India. Jiten Jain, director of the Voyager Infosec Digital Lab, predicted that it will lessen the amount of cyber security assaults in the nation.

Additionally, the guidelines include security measures for social media accounts associated with government departments in addition to protection for computer and network infrastructure. Before anything is put on an official social media account, the guidelines require clearance from the relevant authorities.

WhatsApp Allows Communication Amid Internet Outages

On January 5, WhatsApp revealed a new feature that enables users to connect via proxy servers so they may continue using the service even when the internet is restricted or disrupted by shutdowns.

Concept of Whatsapp proxy 

When selecting a proxy, users can connect to WhatsApp via servers run by individuals and groups devoted to promoting free speech throughout the world. According to WhatsApp, using a proxy connection preserves the app's privacy and security settings, and end-to-end encryption will continue to secure private conversations. As per the firm, neither the proxy servers, WhatsApp, nor Meta will be able to see the communications that are sent between them.

When it comes to assisting users when WhatsApp is prohibited in a country, the messaging service stated, "If WhatsApp is restricted in your nation, you can utilize a proxy to connect and communicate with loved ones. End-to-end encryption will still be used to protect private communications while using a proxy connection to WhatsApp."

In accordance with the new rules, internet service providers had to remove anything that law enforcement regarded to be illegal and cooperate with police investigations, which included locating the authors of malicious materials.WhatsApp countered this claim by saying that it will continue to secure users' private messages and would not compromise their security for any government.

According to Juras Jurnas of the proxy and online data collecting company Oxylabs, "For persons with government restrictions on internet access, such as was the situation with Iran, utilization of a proxy server can help people keep a connection to WhatsApp as well as the rest of the public, internet free."

After activists in response to the death of Mahsa Amini, 22, while in police detention, the Iranian government restricted access to Instagram and WhatsApp last year. The suspension of Article 370 of the Indian Constitution by the Indian Parliament resulted in a shutdown of the internet in the state of Jammu & Kashmir. This state-imposed lockdown was implemented as a precautionary measure. Only two districts, Ganderbal and Udampur, have 4G availability. After 552 days without internet or with slow internet, the former state was finally connected to 4G on February 6th, 2021.

The business stated it is working to ensure that internet shutdowns never occur and that individuals are not denied human rights or prevented from seeking immediate assistance as these scenarios arise in various locations throughout the world. 

Internet platforms had to comply with police investigations, including locating the authors of malicious information and destroying anything that authorities had determined to be illegal, according to the new legislation.WhatsApp countered that it would maintain the privacy of users' private messages and would not compromise its security for any government.






Documents of Indonesian President Allegedly Leaked on the BreachForums Page

 

Bjorka, a self-proclaimed hacker is back in the spotlight after announcing that he had breached Indonesian President Joko Widodo's (Jokowi) data. The hacker leaked documents on the BreachForums page last week on Friday. 

After causing a public stir by leaking the dataset containing 20 GB of information of 105 million Indonesian citizens last month, the hacker claimed that he has now managed to leak the secret documents of the President. 

In his upload, the hacker explained that he had secured access to the president’s mailing system and stole nearly 680,000 documents, including letters from the State Intelligence Agency (BIN). 

The claim was first reported by anonymous Twitter user “Darktracer” who reposted screenshots of Bjorka’s list of purported stolen president’s documents. Subjects of the “leaked” documents appear to be non-classified, such as the rehearsal for the 2019 Independence Day flag-hoisting ceremony. 

However, Heru Budi Hartono, the head of the Presidential Secretariat, dismissed the hacker claims by stating that none of the contents of the letter were hacked. 

“There is no data on the contents of any letters that have been hacked. However, these attempts to hack have violated the law,” Hartono said. I think law enforcement will take legal action. Later there will be an official statement from the relevant officials.” 

Government entities feeling the heat

Let’s face it – data breaches are everywhere. It seems like every week a new story emerges regarding government entities falling victim to yet another cyber attack. 

Last month, a combination of ransomware and DDoS attacks disrupted Montenegro’s government services and prompted the nation's electrical utility to switch to manual control. Montenegro's Agency for National Security accused Russia of being responsible for them and has said that up to €2.5mn were invested to launch cyber-attacks. 

“Coordinated Russian services are behind the cyber attack,” the National Security Agency stated. “This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.”  

In the same month, multiple Taiwanese government sites were also halted by distributed denial-of-service (DDoS) attacks following the much-publicized arrival of U.S. House Speaker Nancy Pelosi who became the first high-ranking U.S. official in 25 years to visit the democratic island nation. 

The cyber attacks caused intermittent outages across the government English portal, some websites of the presidential office, the foreign ministry, and the defense ministry. 

According to Taiwan's foreign ministry, the attacks on its website and the government's English portal were linked to Chinese and Russian IP addresses that tried to access the websites up to 8.5 million times per minute.

Taiwan has accused China of ramping up cyber assaults since the 2016 election of President Tsai Ing-wen, who views the island as a sovereign nation and not a part of China. In 2020, Taiwanese authorities said China-linked hackers breached at least 10 Taiwan government agencies and secured access to nearly 6,000 email accounts in an attempt to exfiltrate data.

Hacker Steals Private Details of Thousands of Argentine Citizens

 

An anonymous hacker has reportedly breached the Argentinian government’s IT network and put up on sale the private details of thousands of Argentineans. 

Last month, the hacker targeted Argentina’s National Registry of Persons a.k.a. RENAPER, responsible for issuing ID cards to all citizens with data stored in digital formats as a database accessible to government agencies for queries on any citizen’s private information. The agency is a crucial cog in most government queries for citizen’s personal information. 

According to a report by The Record, the first evidence of breach surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and private details for 44 Argentinian celebrities which included famous footballers Lionel Messi Sergio Aguero and Argentina’s president Alberto Fernandez. Now, the hacker is evidently looking for a buyer to sell the private details of Argentina’s entire population. 

The leaked data includes names, home addresses, birthdays, TrĂ¡mite numbers, citizen numbers, government photo IDs, labor identification codes, ID card issuance and expiration dates. There have been speculations that a VPN from someone within the Ministry of Health had been used to access the Digital Identity System right before the Twitter account leaked the initial data on the high-profile Argentines. However, the law enforcement agencies are currently investigating eight to ten employees about having a possible role in this serious cybercrime. 

“The black market for stolen data is big business, and cybercriminals will stop at nothing to find their next big payday. This attack should be a warning to governments: cybercriminals have the means to execute large-scale, sophisticated attacks, and their citizens' data is under threat," Tony Pepper, CEO of cybersecurity firm Egress Pepper said. 

"With the data of millions at risk, Argentinian citizens are now prime targets for follow-up attacks, such as financial fraud, sophisticated phishing attempts and impersonation scams, aimed at stealing further personal data, identities and even their money." 

According to security experts, this is one of the biggest breaches in the history of Argentina where the private details of 45 million Argentinian people have been put at great risk. Cybercrime is evolving and the government should strengthen their security protocols to protect its integrity.