Tag Archives: Computer Weekly

Travel by Ransomware

On Tuesday an interesting article was given by the guardian (at https://www.theguardian.com/technology/2020/jan/07/travelex-being-held-ransom-hackers-said-demanding-3m#maincontent), the title ‘Travelex ‘being held to ransom’ by hackers said to be demanding $3m‘ almost said it all and then I noticed something. First we get “Criminals are thought to be demanding about $3m (£2.3m) – to give the firm access to its computer systems after they attacked using the Sodinokibi ransomware on 31 December“, the price is not set without quarter, this we get from “They are reportedly threatening to release 5GB of customers’ personal data – including social security numbers, dates of birth and payment card information – into the public domain unless the company pays up” as well as “banks who use Travelex’s foreign exchange services to stop taking online orders for currency, affecting Sainsbury’s Bank, Tesco Bank, Virgin Money and First Direct.” You see Travelex, based in London, has a presence in more than 70 countries with more than 1,200 branches and 1,000 ATMs worldwide. It processes more than 5,000 currency transactions every hour yet, even as we see that it is on the London Stock Exchange, however the group is based in the United Arab Emirates. As for the actions we see “On Thursday 2 January, the Met’s cyber crime team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Inquiries into the circumstances are ongoing” here is the snag, what are the chances that US actions are impeded as it impacts 70 countries? Is there a reason why the FBI is not equally involved? You see, Sodinokibi is a spin off from Gandcrab and as we see (at https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/) the FBI got those keys. Now the keys will not be compatible, but if they get one solution, they might get another solution. The fact that corporations are hit and we see “the developers behind the wildly successful GandCrab Ransomware announced that they were closing shop after allegedly amassing $2 billion in ransom payments and personally earning $150 million“, we would want to think that the FBI is on top of this and get some pay-back (I had to use that pun).

We also learn from Acronis “Sodinokibi ransomware exploits an Oracle WebLogic vulnerability (CVE-2019-2725) to gain access to the victim’s machine“, and when we go to the Oracle page we see that there had been a solution from last May onwards. there is also the part “Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions” the question becomes did Travelex forget to do a few things? the article does not pan out on that.

Yet in all this IT News (at https://www.itnews.com.au/news/ransomware-shuts-down-travelex-systems-536191) gives us ‘Unpatched systems could be attack vector, say researchers‘, and they also give us “No evidence has surfaced so far that structured personal customer data has been encrypted, or exfiltrated. This is in contrast with a report in Computer Weekly that alleged the criminals deploying the Revil/Sodinokibi ransomware had attacked servers storing sensitive, confidential information that included customer names and their bank account and transaction details” and it does not stop there. They also give us “Troy Mursch, chief research officer at security vendor Bad Packets said it notified the forex multinational in September of a serious vulnerability in its Pulse Virtual Private Networking servers. The vulnerability went unpatched until November” which sets a much larger question mark on the entire issue as the news give us that the attack came almost a month after that. They curtiously also give us “Prior to that, security researcher Kevin Beaumont noted that Travelex was operating cloud instances of Windows Server on Amazon Web Services that had Remote Desktop Protocol (RDP) enabled and exposed to the internet, but with Network Level Access (NLA) control disabled. An RDP flaw, known as BlueKeep, allows for full remote compromise of Windows without user interaction” and these issues are not asked about? At least the Guardian article does not stop on them. 

The most hilarious response is seen at the very end of the IT News article with “Despite the attack closing down online systems, Travelex said it does not currently anticipate any material financial impact for its parent Finablr” Travelex might have numerous issues to consider, but the customer does not make the high point of that, or as I would mildly put it, who cares about Finablr? Well I reckon that the London Stock Exchange cares as the value of Finablr made a crashing 17% loss, that is almost one in five pounds that is lost too those bright young lads (ladies also). They advertise (on their website) ‘Finablr is a global platform for Payments and Foreign Exchange solutions underpinned by modern and proprietary technology‘ instead of ‘Finablr is a global platform for Payments and Foreign Exchange solutions underpinned by modern and proprietary hackable technology‘. It is a small difference, but a distinct one, especially as Oracle had placed a solution for months and the second message by Kevion Beaumont does not help any I reckon. In support a source gave the BBC that they feel let down, complaining that their travel money is “in limbo”, which is interesting, as the Guardian article gives us “Travelex first revealed the New Year’s Eve attack on 2 January, when it sought to assure that no customer data had yet been compromised” and as the article came 5 days after, the absence of victim mentioning is an interesting one, it seems that Travelex is not handling this situation well on a few levels, optionally also in arrear of making mantion towards the customers, all in opposition to the text on Travelex.com, which gives (among more data) “Tony D’Souza, Chief Executive of Travelex, said “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customer’s data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused. Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.”” 

As such we get Travelex giving us one part and the BBC giving quite the opposite, and at this point my question becomes, exactly how much money is ‘in limbo‘?

That and a few more parts all rise to the surface when I look into this matter, the entire time gap on the side of Travelex being the most prevalent one. The one part that Acronis made me wonder about was the exemption list, the fact that It will try not to infect computers from countries based on the locale setting of the computer, which gives us “Romania, Russia, Ukraine, Belarus, Estonia, Latvia, Lithuanian, Tajikistan, Iran, Armenia, Azerbaijan, Georgia, Kazakhstan, Kyrgyzstan, Turkmenistan, Uzbekistan, Tatarstan“, the reason is unknown to me, perhaps they fear those countries and their ‘justice system’?

By the way, the entire Finablr website mention was essential, they are so for the ‘future’ yet security is seemingly not among it. That part is seen when we consider “In April 2019, the Cybereason Nocturnus team analyzed a new type of evasive ransomware dubbed Sodinokibi“, as such it took the Oracle team months to get a solution made (which makes perfect sense) yet the lack of implementation by Travelex is less normal. From all information it seems to me that Travelex should have made larger steps to be secure no later than Halloween, so the issue is a little larger than we consider, and the fact that Sodinokibi is a much larger field that goes back a few billion dollars. This is a contemplated speculation when we look at CSO Online where we get “While Sodinokibi is not necessarily a direct continuation of GandCrab, researchers have found code and other similarities between the two, indicating a likely connection” implying that for at least one person $150 million was not enough. 

As such, the entire Travelex issue will be around much longer than the ransomware will be, there will need to be a larger amount of questions to its mother organisation Finablr as well. From my speculative side it seems that some players are lacking certain IT skills, or/and a larger shortage of it, that is the initial feeling I got when I saw the information that Troy Mursch and Kevin Beaumont handed over to the press, and so far the information as seen supports a larger failing in Travelex and optionally Finablr as well. There is support for my way of thinking, no matter who is on the board of directors, none of them are IT experts and that is fine, yet by not having a visionary IT expert leading the charge we see a larger failing coming their way. It is not merely having an IT department and a security department, someone needs to spearhead and protect IT issues in the Board of Directors and there is no evidence that this is happening, actually the Travelex issue gives rise that it is not happening at all. More important, the issue with the website is that it is highly sales oriented, and when I had a look there (I reckon the Sodinokibi members as well), I wondered how secure are Unimoni, Xpress Money, Remit2India, Ditto and Swych? When one of these points get attacked, will the board of directors act appropriately? It is optionally a little ironic that they are hit whilst they advertised a paper on their site on November 20th (a month before the attack) ‘Why data protection is your new strategic priority‘, my initial thought? ‘Sarcasm, when it backfires it becomes irony!‘ Yes it seems like a cheap ride from my side, but we forget that Common Cyber Sense is a real thing and corporations need a much larger vested interest in being safe than ever before, GandCrab showed that part months before this event took place and I reckon that Financial corporations need to take a much larger vested interest in that matter, or so I am led to believe, I could (of course) be wrong.

What do you think?

 

Leave a comment

Filed under Finance, IT, Law, Media

A linguistic joke

The British Metro came with a hilarious article a mere 12 hours ago. The quote is not enough; it already starts with the title. With: ‘British children aren’t learning foreign languages after the Brexit vote‘ is just too funny. We can clearly state that they were not learning foreign languages before Brexit either. To be more precise, not for decades! And, why should they? Now, let’s be fair, there is a benefit to learning languages. For the Dutch it is essential, because only the Dutch (and perhaps the Flemish) can understand the Dutch. So they (me in my youth) got to learn German, French and English in our first year of secondary school. I dropped French in favour of Physics and continued. In the years that followed I learned a few more languages, and as such I can get by across the planet. It was only in Asia where I learned that English is not a language that was used much, yet until that moment, I had learned that nearly everyone spoke English (except the Americans, they have a weird variation on it). So from that point of view, and when you see “The council claims the lack of language skills is holding back international trade performance by nearly £50 billion each year and worries there could be a gulf once the UK leaves the EU“, I merely reply that I want to see evidence here! I want that the British council to show actual data proving this, because at present, the British council is showing to be a joke. This joke is personified in Schools advisor Vicky Gough who stated “At a time when the UK is preparing to leave the European Union, I think it’s worrying that we’re facing a language deficit“, well Vicky, for your information the Brits have always been language deficit since before World War 1, so we can agree that your logic is faulty at best. This is followed by “And I think without tackling that, we stand to lose out both economically, but also culturally. So I think it’s really important that we have a push for the value of languages“, I will agree that she has a case on the cultural side. There has always been a cultural benefit to knowing languages that much we can all agree on. But in this day and age, should we focus on the local languages (German, French and Spanish), or should we concentrate on the global economic area languages (Hindu, Chinese, Arabic and Japanese)? That is a much harder consideration to make. You see do you cater to your local setting or are you catering to a workforce to become global. This is not an easy question to answer, because the planet is in flux and what is now wisdom might be folly in 5 years, so after 6 years to truly have linguistic skills in some areas; those areas are no longer viable as international players, so how does that pan out? So when we see “A report by the British Council claims Spanish, Mandarin, French, Arabic and German are the top five languages the UK will need post-Brexit“, my view seems to be correct, yet in what setting? The Spanish only speak Spanish (for the most), so why adhere to that side? So why would the UK need German and French? Most of them speak English and hiring a foreign national in your company is likely cheaper and more productive, that is if you have quality business with that nation, if not, why bother? At that point, the article comes with an interesting view “One pupil studying Mandarin at London’s Alexandra Park School said: ‘We can’t just presume that countries are going to learn our language, because if we don’t do the work why should they?’” It is a good point, but those people also realise that Mandarin is one of the most complex languages in the world and if you are not born in that environment you start with a large disadvantage. Now, there are plenty of reasons to study Mandarin and learn the language, but on the premise that it might lead to a job is long term folly, taking the language up when you are to be in China, perhaps even after you arrive makes a lot of sense, perhaps more sense. Now, we can see that the only way to do business in Saudi Arabia is to learn Arabic and plenty of brits trying to make quick bucks are up to the challenge, but that nation has its own set of rules, customs and culture and those all need to be taken in, merely learning the language will not get you there, so in my view, not only is the article to some part a joke, it is merely another jab at giving stress in relation to Brexit. So, until Metro publishes clear evidence from the British council that the UK is missing out on 50 billion, the entire matter is hilarious and folly at best.

And it is merely one of several articles. the Guardian with ‘Britain’s tired old economy isn’t strong enough for Brexit‘, Computer Weekly with ‘We must avoid the Brexit risks to London’s tech community‘, and Clean Technica with ‘Current State Of Brexit Likely To Leave UK Environment Worse Off‘, all fearmongering, and Social Europe is giving the people: ‘Reversing Brexit: Legal Route Via Vienna Convention‘. Social Europe is actually setting the premise to protect bankers and the IMF. I have not seen such levels of what I regard to be deceptive and naive conduct since the British Prime Minister, Neville Chamberlain, who stated on September 30th 1938 that the British people would have “Peace in our Time“. Do you remember what happened after that? In the end, on the Allied side alone, up to 3.7% of a population of 2.3 billion ended up dead, both military and civilian, excluding 7 million Germans and 26 million Russians. I think that fearmongering and the naive approach to all this needs to stop.

It was never said that there was not going to be a hard time, but it seems to me that the financial sector has now become so afraid of losing the ability to fulfil their greed driven needs that they are using every media outlet to spread the fear and see if they can get a recount whilst getting at least 4% into the Bremain group.

In all this, the Guardian article makes a decent point, but does so by keeping certain parts unmentioned. With: “Manufacturers were unable to make things cheaply, reliably or efficiently enough against the headwind of a high-value currency, forcing many to give up. An economy that boasted 20% of its income coming from manufacturing in the 1980s found it was the source of barely 10% at the beginning of this decade” they are telling you the truth, but they do not tell you that opposing this were China, India and Japan, with almost no labour laws, whilst both India and China had no protection for child labour, so these nations made goods with 90% less costs, giving them a large advantage. Even now, in 2000 some sources gave us that there were approximately 11,500,000 children at work between the ages of 10 to 14 in China. This violates article 32 of the Convention of Rights of The Child. So if the Guardian article was being fair, why not mention these parts that clearly impact it all in a negative way?

So as we see the linguistical joke that Metro brought and the additional articles that raises questions as they go overboard not mentioning things, we need to consider why such presentations are not clearly shown by the media. Even the IMF is involved in all this, whilst their prediction have been wrong regarding the UK three times, so should they be given any level of reliability as they try to downgrade the UK, whilst upgrading the other European Nations for 2018? I know that this might be a hard year for the UK, yet as the stimulus train called ‘the Draghi Disaster‘ is running its final stage, the moment that ends, will spell even harsher environments for Europe and particularly France who could see a downturn of their economy for 0.5%-0.75%, this implies that they will barely be above 0% for the three years that follow. In this I might be equally wrong. Even as France24 (at http://www.france24.com/en/20180122-macron-hosts-140-business-leaders-versailles-investment-france-economy), predicts “Economic growth has been forecast to rise to 1.9 percent in 2018 by the central bank”, which is already slightly too positive. Even as it books the Toyota move into the positive, France will soon realise that at this point Toyota is likely to push for additional rebates beyond the 25% corporation tax (as is Microsoft for 4 new data centres), which will closer to the end of this tax year will show up in the news as ‘unfortunate bad news on the economy due to a miscalculation’, it is not the first time and the French are not the first to do this. Yet in that, we can see that the IMF boast is overly positive towards Europe, implying that the view from that point shows the UK economy as stated to be overly negative. I personally see it as another ploy to undermine Brexit that could bite them in much harsher ways down the track, if the media is actually able to show some balls standing up to large corporations.

So even if I see the linguistic joke as a large one, there is no denying that France is clearly opening its doors to certain people and in only that moment there is a sense of truth in the words Vicky Gough, yet what is equally not given is that this is the first time since I started my first job in 1979 that such a view is given by France. With the graying population they are not the only ones doing that and as such the working population will make a drastic change, I cannot predict how it will filter out for France, but at least Emmanuel Macron is making active changes to an ancient unyielding protocol and that might be the best news of all for France, that alone could spell my realistic numbers to be slightly less positive than the actual numbers will turn out to be.

 

Leave a comment

Filed under Finance, Law, Media, Politics