A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.
The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons.
The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.
Lionel Messi and Sergio Aguero data leaked on Twitter
The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities.
This included details for the country’s president Alberto Fernández, multiple journalists and political figures, and even data for soccer superstars Lionel Messi and Sergio Aguero.
A day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.
Image: The Record
Faced with a media fallback following the Twitter leaks, the Argentinian government confirmed a security breach three days later.
In an October 13 press release, the Ministry of Interior said its security team discovered that a VPN account assigned to the Ministry of Health was used to query the RENAPER database for 19 photos “in the exact moment in which they were published on the social network Twitter.”
Officials added that “the [RENAPER] database did not suffer any data breach or leak,” and authorities are now currently investigating eight government employees about having a possible role in the leak.
Hacker has a copy of the data, plans to sell and leak it
However, The Record contacted the individual who was renting access to the RENAPER database on hacking forums.
In a conversation earlier today, the hacker said they have a copy of the RENAPER data, contradicting the government’s official statement.
The individual proved their statement by providing the personal details, including the highly sensitive Trámite number, of an Argentinian citizen of our choosing.
Yet again we see how centralised databases are such a good idea. And if countries are so terrible at protecting extremely sensitive data, how do you think weakening protections by allowing countries master key type access to encrypted data is going to make anything better for anyone?
[…]A hacker gang, […] has been infiltrating telecoms throughout the world to steal phone records, text messages, and associated metadata directly from carrier users.
That’s according to a new report from cybersecurity firm CrowdStrike, which published a technical analysis of the mysterious group’s hacking campaign on Tuesday. The report, which goes into a significant amount of detail, shows that the hackers behind the campaign have managed to infiltrate 13 different global telecoms in the span of just two years.
Researchers say that the group, which has been active since 2016, uses highly sophisticated hacking techniques and customized malware to infiltrate and embed within networks. Reuters reports that this has included exfiltrating “calling records and text messages” directly from carriers. Earlier research on the group suggests it has also been known to target managed service providers as an entry point into specific industries—such as finance and consulting.[…]
The UK’s Competition and Markets Authority (CMA) has smacked Facebook with a £50m ($68.7m) fine for “deliberately” not giving it the full picture about its ongoing $400m acquisition of gif-slinger Giphy.
The move – fingered by the CMA as a “major breach” – comes just weeks after the antisocial network dismissed the UK’s regulator’s initial findings as being based on “fundamental errors” and just hours after the US Dept of Justice and its Department of Labor announced separate agreements with the firm in which it will fork over $14.25m to settle allegations of discriminatory hiring practices.
Facebook first announced its intention to buy the image platform, which hosts a searchable database of short looping soundless animated GIFs – many of which are sourced from reality TV and films – in May last year. Giphy also hosts MP4 looped video clips (so users can “enjoy” audio), which it also unaccountably calls gifs. Pinterest, Reddit and Salesforce’s comms firm Slack have all integrated Giphy into their platforms so you can “react” to friends and colleagues. Facebook’s acquisition values the company at $400m.
[…]
Bamford said companies were not required to seek the CMA’s approval before they completed an acquisition but noted that “if they decide to go ahead with a merger, we can stop the companies from integrating further if we think consumers might be affected and an investigation is needed.”
He added: “We warned Facebook that its refusal to provide us with important information was a breach of the order but, even after losing its appeal in two separate courts, Facebook continued to disregard its legal obligations.
“This should serve as a warning to any company that thinks it is above the law.”
The Party for the Animals (PvdD) wants clarity from outgoing minister Dekker for Legal Protection about a camera on Albert Heijn’s self-scanner.It concerns the PS20 from manufacturer Zebra.According to this company, the camera on the self-scanner supports facial recognition to automatically identify customers.PvdD MPs Van Raan and Wassenberg want to know whether facial recognition is used in Albert Heijn stores in any way.The minister must also explain what legal basis Albert Heijn or other supermarket chains can rely on if they decide to use facial recognition.Finally, the PvdD MPs want to know what Minister Dekker can do to prevent supermarkets from using facial recognition now or in the future.
Consumer printer makers have long used the razor blade business model—so named after companies who sell razor handles for cheap, but the compatible replacement blades at much higher prices.
[…]
The advent of devices like smartphones and even social media have made sharing photos digitally much easier, which means consumers are printing photos less and less. That has had an effect on the profitability of home printers
[…]
Leacraft, who is named as the plaintiff in a class-action complaint against Canon filed in a U.S. federal court in New York last week, found that their Canon Pixma MG6320 all-in-one printer would no longer scan or fax documents when it was out of ink, despite neither of those functions requiring any printing at all. According to Bleeping Computer, it’s an issue that dates back to at least 2016 when other customers reported the same problem to Canon through the company’s online forums, and were told by the company’s support people that all the ink cartridges must be installed and contain ink to use all of the printer’s features.
[…]
The complaint points out that Canon promotes its all-in-one printers as having multiple distinct features, including printing, copying, scanning, and sometimes even faxing, but without any warnings that those features are dependent on sufficient levels of ink being available.
There are two classes of merchant on Amazon.com: those who get special protection from counterfeiters and those who don’t. From a report: The first category includes sellers of some big-name brands, such as Adidas, Apple and even Amazon itself. They benefit from digital fortifications that prevent unauthorized sellers from listing certain products — an iPhone, say, or eero router — for sale. Many lesser-known brands belong to the second group and have no such shield. Fred Ruckel, inventor of a popular cat toy called the Ripple Rug, is one of those sellers. A few months ago, knockoff artists began selling versions of his product, siphoning off tens of thousands of dollars in sales and forcing him to spend weeks trying have the interlopers booted off the site.
Amazon’s marketplace has long been plagued with fakes, a scourge that has made household names like Nike leery of putting their products there. While most items can be uploaded freely to the site, Amazon by 2016 had begun requiring would-be sellers of a select group of products to get permission to list them. The company doesn’t publicize the program, but in the merchant community it has become known as “brand gating.” Of the millions of products sold on Amazon, perhaps thousands are afforded this kind of protection, people who advise sellers say. Most merchants, many of them small businesses, rely on Amazon’s algorithms to ferret out fakes before they appear — an automated process that dedicated scammers have managed to evade.
