'Utterly horrifying': ex-Facebook insider says covert data harvesting was routine
Sandy Parakilas says numerous companies deployed these techniques – likely affecting hundreds of millions of users – and that Facebook looked the other way
Hundreds of millions of Facebook users are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to Cambridge Analytica, according to a new whistleblower.
Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach.
“My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data,” he said.
Parakilas said Facebook had terms of service and settings that “people didn’t read or understand” and the company did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused.
Parakilas, whose job was to investigate data breaches by developers similar to the one later suspected of Global Science Research, which harvested tens of millions of Facebook profiles and provided the data to Cambridge Analytica, said the slew of recent disclosures had left him disappointed with his superiors for not heeding his warnings.
“It has been painful watching,” he said, “because I know that they could have prevented it.”
Ransomware’s popularity has attracted the attention of cyber criminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers. This is due to the fact that organizing such attacks is simple, while their profitability is high:
The cost of developing a ransom program is significantly lower compared to other types of malicious software.
These programs entail a clear monetization model.
There is a wide range of potential victims.
Today, an attacker (or a group) can easily create their own encryptor without making any special effort. A vivid example is the Mamba encryptor based on DiskCryptor, an open source software. Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility “out of the box.”
The model of attack looks like this:
Search for an organisation that has an unprotected server with RDP access.
Guess the password (or buy access on the black market).
Encrypt a node or server manually.
Notification about encrypting the organization’s server
The cost to organize such an attack is minimal, while the profit could reach thousands of dollars. Some partners of well-known encryptors resort to the same scheme. The only difference is the fact that, in order to encrypt the files, they use a version of a ransom program purchased from the group’s developer.
However, true professionals are also active on the playing field. They carefully select targets (major companies with a large number of network nodes), and organize attacks that can last weeks and go through several stages:
Searching for a victim
Studying the possibility of penetration
Penetrating the organization’s network by using exploits for popular software or Trojans on the infected network nodes
Gaining a foothold on the network and researching its topology
Acquiring the necessary rights to install the encryptor on all the organization’s nodes/servers
Ransomware is an extremely high risk cybersecurity threat that security industry experts worldwide, expect to grow significantly this year and beyond.
Ransomware is essentially malicious software that gives a hacker the ability to lock you out of your business by encrypting mission critical files on individual computers or across entire networks.
Cybersecurity Research on Ransomware
According to one a recent cybersecurity research report more than 8 million samples of ransomware were active in the second quarter of 2016.
It is critical now more than ever, that businesses and their staff are properly educated to mitigate this growing threat.
Ransomware can cost you a lot more than money. How long could you survive if your business was locked out of its critical systems?
The minute the attacker gains access, files and folders can be encrypted that can only be released, usually by paying huge sums of money – hence ransom.
There are a few key points to note about ransomware enterprise attacks:
The attacker typically has a list of the file extensions that they are going to encrypt. These files tend to be essential to business operations.
Reverse-engineering the encryption (“cracking”) the files, is virtually impossible without the original encryption key. The attackers are the only people who will have the original encryption key.
Unintentional human error due to a lack of cybersecurity education is one of the top reasons that hackers are able to infiltrate a network or computer.
What Precautions Can Businesses Take?
Ransomware can work its way into a computer, server, or network from practically any source. Popular modes of entry include:
Unsafe, un-validated, or fake websites.
Emails and email attachments that employees open from unknown recipients.
Clicking on malicious links that are embedded within social media posts, instant messenger chats, or emails.
One of the best tactics to avoid ransomware attacks is to ensure that your employees are educated about the potential dangers.
From teaching employees to never click on a suspicious embedded links, to showing them how to spot fake emails, or webpages. Education is paramount to protecting your business and data assets. In addition to employee education, company-sensitive, confidential, and important files should be securely backed up in an unconnected and secure storage facility.
By taking the latter precaution you can mitigate the bargaining power of a hacker using ransomware.
Ransomware can be used by domestic and international hackers at any point in time, unless businesses take the steps needed to protect their vital data and computer systems.
Education, secure data storage, and working with a top cybersecurity company can help businesses to avoid the costly repercussions of a ransomware attack.