T-Mobile USA – Was it or wasn’t it a data breach?

June 14th, 2009 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Did a data breach occur at T-Mobile USA? According to a group of hackers it did. They claimed to have gained access to all customer information of the company and posted network scans to prove it on the Full Disclosure web site. They also said they were trying to sell all the private records to T-Mobile’s competitors, who wouldn’t take them on the offer. Yet they’re still doing their best to sell all stolen info to the highest bidder.

T-Mobile has a different view on the story though. They said, and were quoted by ChannelWeb, that there is no proof whatsoever of any breach. And although the document posted online did in fact belong to T-Mobile, it contained to sensitive date, nor was it obtained while their system had been hacked into.

“The document in question has been determined to be a T-Mobile document, though there is no customer information contained in the document,” the company said in a statement. “There is no evidence to indicate that the T-Mobile security system was hacked into nor any evidence of a breach.”

While ChannelWeb seems to incline to believe T-Mobile on this one, their security experts say large mobile carriers often fall pray to hackers who harest their confidential customer records for their own benefit, mostly because the security systems they’re using are outdated. If I were T-Mobile right now, I’d make sure to check everything 100 times and find out exactly how the harmless file get posted online. Cause you can never know, can you?

CoSoSys on the Obama Speech at Provision Security Days

June 13th, 2009 by Agent Smith (0) In The Spotlight

The CoSoSys team Obama IT security attended the Provision Security Days in Brasov, Romania over the weekend. Vendor of the most innovative and effective applications for endpoint security and portable storage devices, CoSoSys was one of the event sponsors and held a presentation on critical data security, device control and linked it to the recent Obama announcement on a White House coordinated plan to prevent cyber attacks.

I’ll reproduce here one the most significant quotes CoSoSys identified in what data loss protection is involved:

“The threat to critical data systems is among ‘the most serious economic and national-security challenges’ today”

You might wonder why economic. The answer is easy: everything translates into money. Less customers, hacked bank accounts, brand trust going down the drain, it all means loss of money. A competitor getting their hands on your prototype and producing it at a faster pace means money you’ll lose (the amount you’ve already invested) and money you’ll never get.

So what does CoSoSys offer as a solution? A best of breed endpoint security, device control and DLP solution, Endpoint Protector 2009. It effectively:

stops data loss
prevent data theft
stops data leakage
keeps data safe on the road

Speaking of data theft in the office, CoSoSys also presented a video emphasizing how easily they can be prevented. Enjoy!

Obama’s Cybersecurity Plan and the IT Security Industry

June 5th, 2009 by Agent Smith (3) In The Spotlight,security breach

US President Barack Obama has recently announced a White House coordinated security plan against cyber threats and attacks. According to the New York times that discussed the presidential speech in detail, the new plan will be carried out without any intrusions in people’s privacy. Obama promised to bar the federal government from keeping a close and permanent watch over “private-sector networks” and internet traffic.

How exactly will the plan work and how will its goals be reached? This part is unclear. What we know is that the President will appoint a new “cybersecurity coordinator”, a person with direct access to Mr. Obama and who will hopefully manage to also mediate the dissensions between the several agencies dealing with cyberthreats at the moment, such as the Pentagon, the National Security Agency, or the Homeland Security Department. According to the same article in NYTimes, this coordinator will also act as “action officer” inside the White House during cyberattacks launched on the United States by both hackers or governments.

How does this new spotlight on cybersecurity affect companies? For a lot of US companies, it’s a dream come true, as they all hoped the President will do something about the growing number of attacks.

Many computer security executives had been hoping that Mr. Obama’s announcement would represent a turning point in the nation’s unsuccessful effort to turn back a growing cybercrime epidemic. On Friday, several said that while the president’s attention sounded promising, much would depend on whom he chose to fill the role.

What I think is important to note is that the Obama announcement comes after a major shrink in IT security budgets (caused by the economic downturn), when thinks are starting to look brighter. Mixed with the major security threats and data loss cases that storm in virtual and pring newspaper and magazine pages, it will all lead to an investment increase when it comes to effective security. Which will benefit both security solution developers and companies who will no longer be exposed to significant financial losses.

Another interesting aspect of the Obama speech was his revealing information on the cyberattacks his staff had to deal with during the presidential campaign. He spoke of hackers who managed to get access to emails and campaign files, such as position papers and travel plans. The White House has finally reached a conclusion all security experts have known for quite some time, very articulately put by the US President:

“in this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”