21 January 2022

RED CROSS HACK...

A reasonable person is entitled to ask why the Red Cross was snagging all this biometric data anyway -- all in the pretense of what they call "humanitarian aid" obviously used for other suspicious purposes.
A report from Dan Goodin:

Red Cross implores hackers not to leak data for 515k “highly vulnerable people”

Hack on Red Cross storage contractor follows a separate hacking incident last year.

What Could Go Wrong? (@CouldWrong) | Twitter

"The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster, or migration.

"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."

NOTE: Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no "immediate indications as to who carried out this cyber-attack" and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.

The release provided few details about the attack. It’s not clear if it was done by profit-motivated ransomware criminals, nation-state hackers, or others. . .

[...] Last September, the ICRC confirmed it was on the receiving end of a hack the previous April that compromised login credentials and other data that could be used to target agencies within the intergovernmental organization. The earliest known date the hackers obtained access to the UN's systems, Bloomberg News reported, was April 5, and the hackers remained active through at least August. The breach came to light when private researchers noticed login credentials for sale on the dark web."

READ >>

reader comments

77 with 61 posters participating

 

 

No comments: