Tag: Frontier | SpinSafe

Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers

April 19, 2024/in Internet Security

US telecom provider Frontier Communications was forced to shut down a number of its internal systems after detecting an unauthorized third party in its IT environment, shuttering internet access for millions.

Frontier Communications said it first detected the unauthorized access on 14 April 2024, before reporting the incident to the SEC on 15 April. The company said it had taken its systems down as part of its incident response protocols in an effort to contain the breach.

Frontier reported it believes it has contained the incident, with its core IT environment already restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.

Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target critical national infrastructure organizations to maximize the impact of their attacks.

Frontier says the third party, which it believes was likely a cyber crime group, was able to gain access to personally identifiable information (PII), among other information.

The telecom provider was unable to provide any further information on the specific types of sensitive information accessed by the attackers, or whether the PII pertained to customers or employees.

Some customers took to social media to voice their concern after being without internet for three days since Frontier took its systems down, reporting they cannot access technical support through Frontier’s app, website chat, or their phone line.

Frontier announced it was experiencing technical issues with its internal support systems and provided a phone number for those who require assistance.

Hackers target telecoms industry as ISPs become increasingly viewed as critical-national infrastructure

This incident comes hot on the heels of a series of high-profile cyber incident affecting telecom companies.

A huge cache of AT&T customer data was published on the dark web on 30 March 2024, with the personal…

Source…

The new frontier in online security: Quantum-safe cryptography

November 14, 2023/in Internet Security

A team of experts led by Monash University researchers, in collaboration with Australia’s national science agency CSIRO, has created an algorithm that can help strengthen online transactions that use end-to-end encryption against powerful attacks from quantum computers.

Cryptography researchers from Monash University’s Faculty of Information Technology and CSIRO’s data and digital specialist arm Data61 have developed the most efficient quantum-secure cryptography algorithm, called “LaV,” to enhance the security of end-to-end encryption, with potential application across instant messaging services, data privacy, cryptocurrency and blockchain systems.

End-to-end encryption is a way to secure digital communication between a sender and receiver using encryption keys. Mobile messaging services like WhatsApp and Signal use end-to-end encryption so that no one, including the communication system provider, telecom providers, internet providers or hackers can access the information being transmitted between the sender and the receiver.

It would take millions of years for a normal computer or even a supercomputer to hack into and gain access to data protected by end-to-end encryption. But a large-scale quantum computer could break current encryption within minutes and gain access to encrypted information more easily.

Lead researcher of the collaborative quantum security project, Dr. Muhammed Esgin, said the new cryptography tool will help make end-to-end encryption more secure, so online services can withstand hacks or interference from the most powerful quantum computers in the future.

“While end-to-end encryption protocols are quite well established and are used to secure data and messaging in some of the most popular instant messaging applications across the world, currently they are still vulnerable to more sophisticated attacks by quantum computers,” Dr. Esgin said.

“This new cryptographic tool can be applied to various mobile…

Source…

Privacy International and the Electronic Frontier Foundation’s Statement on Unauthorized Access to Data

July 21, 2022/in Computer Security

Statement to the second session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes on Agenda Item 4: [illegal/unlawful/unauthorized] access

Addressing some of the first group of questions, we believe that any future Treaty should ensure that [illegal/unlawful/unauthorized] access does not criminalize security research, whistleblowers, and other novel and interoperable uses of technology that ultimately benefit all of us. In particular, the [unauthorized] access to a computer system provision should explicitly require the intention to access a computer system and the person’s intent to cause damage or defraud (malicious intent or mens rea). Without malicious intent, this future treaty risks harshly criminalizing “breaking security,” potentially without any need for harm or damage and seemingly without regard to whether the purpose was beneficial.

Some States have also interpreted unauthorized access laws so broadly as to put computer security researchers at risk of prosecution for engaging in socially beneficial security testing through standard security research practices. “Without authorization” should be defined more clearly to require the circumvention of a technical barrier like a password or other authentication stage.

When it comes to whistleblowing, the 2015 report of the UN Special Rapporteur of freedom of expression noted that prosecution of whistleblowers generally deters whistle-blowing and recommended that States avoid it, reserving it, if at all, only for exceptional cases of the most serious demonstrable harm to a specific legitimate interest.

The report states that “in such situations, the State should bear the burden of proving an intent to cause harm, and defendants should be granted (a) the ability to present a defense of an overriding public interest in the information, and (b) access to all information necessary to mount a full defense… Penalties should take into account the intent of the whistle-blower to disclose information of public interest and meet international standards of legality, due process, and proportionality.”…

Source…

The next frontier of warfare is online

May 11, 2021/in Internet Security

Sometime in mid-2009 or early 2010 — no one really knows for sure — a brand new weapon of war burst into the world at the Natanz nuclear research facility in Iran. Unlike the debut of previous paradigm-shattering weapons such as the machine gun, airplane, or atomic bomb, however, this one wasn’t accompanied by a lot of noise and destruction. No one was killed or even wounded. But the weapon achieved its objective to temporarily cripple the Iranian nuclear weapon program, by destroying gas centrifuges used for uranium enrichment. Unfortunately, like those previous weapons, this one soon caused unanticipated consequences.

The use of that weapon, a piece of software called Stuxnet widely concluded to have been jointly developed by the United States and Israel, was arguably the first publicly known instance of full-scale cyberwarfare. The attack deployed a software vulnerability or exploit, called a zero-day, buried so deeply in computer code that it remains undetected until someone — a team of hackers, a criminal, an intelligence or law enforcement agency — activates it. We’ve all heard of, and perhaps even been victimized by, criminal hacks that may have pilfered our credit card numbers and passwords, or been spammed by suspicious emails that invite us to claim supposed Nigerian fortunes. But zero-days operate on a different level entirely.

“Zero-days offer digital superpowers,” New York Times cybersecurity reporter Nicole Perlroth writes in “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race.”

“Exploiting a zero-day, hackers can break into any system — any company, government agency, or bank — that relies on the affected software or hardware and drop a payload to achieve their goal, whether it be espionage, financial theft, or sabotage. There are no patches for zero-days, until they are uncovered. It’s a little like having the spare key to a locked building.”

Such capabilities, says Perlroth, make zero-days “one of the most coveted tools in a spy or cybercriminal’s arsenal.”

As with any other highly coveted commodity, a vast covert global market has sprung up to meet the demand for zero-days. Perlroth explains that this invisible digital trade was…

Source…

Tag Archive for: Frontier