Held to ransom by cyber attacks – Trinidad & Tobago Express Newspapers

held-to-ransom-by-cyber-attacks-–-trinidad-&-tobago-express-newspapers

As you well know !

The sectors most hit by cyber attacks in Trinidad and Tobago are Government, finance and manufacturing.

In an interview with the Sunday Express last Friday, manager of the T&T Cyber Security Incident Response Team (TT-CSIRT) of the Ministry of National Security, Angus Smith, said over 2,600 Government e-mail accounts have been found in third party data breaches from 2008 to 2021.

“Our unit is Government-focused and protecting them. We are also a national service. Once a request comes, we will assist. Cyber security is a dynamic thing. It is our responsibility to ensure a number of things, including updating software and hardware. Individuals need to be vigilant when accessing data. As part of our public education drive we started an exercise called the T&T National Risk Assessment exercise for both the public and private sectors,” he said.

The Ministry of National Security established the TT-CSIRT in November 2015 with the assistance of the Organisation of American States (OAS) and the International Telecommunications Union (ITU).

The implementation of the TT-CSIRT is a strategic objective of this country’s 2015 National Cyber Security Strategy.

The unit’s services include, but are not limited to, alerts and warnings, incident response, awareness building, education/training, risk analysis, security audits or assessments, business continuity and disaster recovery planning, vulnerability handling, analysis and response co-ordination.

The unit has formed partnerships with the TTPS Cyber Unit, Caricom IMPACS, CSIRT Commonwealth, Organisation of American States Cyber, GetSafeOnlineTT and CSIRT of the Member States of the Organisation of American States (OAS).

Cyber Crime Bill needs to be enacted

Smith said generally, when citizens see attacks and threat campaigns, they mostly originate from groups outside the region, such as in the Middle East and ­Russia.

The observance, he said, is based on the online traffic activity.

Based on the attacks seen, Smith said, “the claim of responsibility has come from foreign groups mostly. We have had a claim from the Latin America region which I believe to be an individual. Last year a hacktivist from Brazil (Vanda da God) perpetrated hacks against the (T&T) Government. He is the only one known from the region. Apart from T&T, he also hacked other countries and was arrested and charged. His arrest came based on an amalgamation of law enforcement”.

He further explained that T&T could not go down the prosecutorial road since in order for that to happen, “you need the required legislation stating what happened was a crime within your jurisdiction”.

Smith explained that a number of things need to be in place for such prosecution to take place.

“We need to have the Cyber Crime Bill passed. It is very important, and passing it is fundamental in moving forward,” he said.

The Cybercrime Bill, 2017 was referred to a Joint Select Committee for its consideration and report, after its First Reading pursuant to resolutions of the House of Representatives on Friday, May 5, 2017, and Senate on Tuesday, May 9, 2017.

The purpose of the Cybercrime Bill, 2017, is to provide for the creation of offences related to cybercrime in T&T.

Some of these offences include illegal access to computers, illegal data interference, computer-related forgery and fraud, violation of privacy and causing damage by communications via the Internet.

Clause 5 of the bill seeks to create the offence of illegally accessing a computer system. This offence would carry a fine of $300,000 and three years’ imprisonment on summary conviction or a fine of $500,000 and five years’ imprisonment on conviction on indictment.

Clause 6 seeks to create the offence of illegally remaining in a computer system which would carry a fine of $100,000 and two years’ imprisonment on summary conviction, or a fine of $200,000 and three years’ imprisonment on conviction on indictment.

Noting the cybercrime legislation needs to be in line with the Budapest Convention, Smith said there are other conventions in which this country can become signatories, which will result in the synchronisation of legislation across countries in the world which have similar legislation.

“So a crime in another country will be a crime here because of the cross-border nature of cyber crimi­nal activities. If passed, we will be aligned with those across the world, since cybercrime is a cross-border activity,” Smith said.

Officially known as the Council of Europe Convention on Cybercrime, the Budapest Convention—which opened for signatures in 2001 and entered into force in 2004—was the first international treaty to focus explicitly on cybercrime. The treaty’s objectives are three-fold:

1. harmonising national laws related to cyber-related crime;

2. supporting the investigation of these crimes;

3. increasing international cooperation in the fight against cybercrime.

The purpose of the Cybercrime Bill, 2017, is to provide for the creation of offences related to cybercrime and for other related matters in Trinidad and Tobago. The bill would be inconsistent with Sections 4 and 5 of the Constitution and is therefore required to be passed by a special majority of three-fifths of the members of each House.

Ransomware on the rise

Ransomware based on national statistics provided by TT-CSIRT is on the rise. Thus far, from 2017 to present there have been eight official reports—three in the public sector and five in the private sector.

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid.

More modern ransomware fami­lies, collectively categorised as crypto ransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.

Ransom prices vary, depending on the ransomware variant and the price or exchange rates of digital currencies.

Ransomware operators commonly specify ransom payments in bitcoin.

Smith said based on the unit’s work, they have heard of local businesses paying not to have their files released in the public domain.

In several other instances, he said businesses and institutions opt not to report what happened and cyber attacks are under-reported.

This lack of reporting is a dangerous practice, Smith said.

“It is in the national interest that reports should be made for us to alert and advise the country on measures they need to take, and for us to accurately have an account of the type of cybercrime taking place,” he added.

At the time of this interview last Friday, Smith said Massy Stores had not reported their cyber attack. Therefore, the unit has no idea what took place, which cannot be in the national interest, he said.

“Ransomware tends to affect businesses. When it happens, individuals can ask for cash to release the files, and numerous times bitcoin payments are requested. We have heard of businesses paying and, despite this, their data have been released on the dark web,” he said.

Referring to a conglomerate which was hacked last year, Smith said the company’s documents were released on the dark web. “We knew about it and contacted them, having found their data had been published,” he said.

Other national statistical data from 2017 to present included a total of 42 reported incidents of phishing—18 within the public sector and 24, the private sector.

Data breach accounted for 31 reports—five within the public sector, and 26 in the private sector. Website defacement saw 16 reports within the public sector alone.

There were nine reports of ­business e-mail compromise—seven within the Government, and two in the private sector.

Malicious insider only accounted for one in the public sector. This is when someone maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives.

Now let's stop for a moment and consider that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer and I know your friends would agree!