08/01/2022
08/01/2022
Dark Web displays data on 887 sites
KUWAIT CITY, Jan 8: In what is seen as a serious incident that puts the country’s information security at stake, the Dark Web site, known for selling and trading in stolen data has taken everyone by surprise by displaying a huge set of data on Kuwaiti websites and destinations, reports Al-Qabas daily. The website revealed with proof that 887 Kuwaiti websites had fallen into the hands of vested interests and were hacked over the past days, and a huge amount of data and information, including more than 4,360 files. The hacked websites varied between government and private institution, working in the fields of various services, education, communications and online purchasing.
This electronic piracy surfaced days after the referral of the President of the Kuwait Society for Information Security, Safa’a Zaman, to the Criminal Court, against the backdrop of her Kuwait TV talk about the exposure of the state’s data and information to the risk of leakage and penetration, which was denied by the government through its spokesperson at the time, without taking any necessary measures to protect information security in the country.
The incident of 887 Kuwaiti websites being hacked by was not the first of its kind. It was preceded by what was known as ‘anthrax’ that targeted government and private websites months ago, and banking and financial websites were hacked and robbed, and with the recurrence of these incidents, it is time for a decisive pause and put in place strict measures in accordance with international standards to prevent these breaches. Commenting on what happened, a government expert specialized in the field of technical breaches informed that the losses due to hacking of files presented by the Dark Web site, which is known for selling stolen data, are invaluable noting that the matter is not limited to financial losses, as there are what is more dangerous, such as encrypting the data using ‘ransomware’ and others.
One expert stated that the breaches took place at separate times, and the data is available in a renewed form across the site, and is offered for sale for a price. The expert pointed out that the penetration and fall of the technical systems of some government and private agencies into the hands of international hackers continues, because the government has not launched a series of measures that enhance cyber security in the country and allocate departments in the state agencies whose mission is to provide the necessary protection for their electronic systems.
According to cybersecurity specialists, the data that was published on the site belongs to “secret numbers for users of government networks and their service applications,” in addition to personal information of citizens and residents, civil ID numbers, phone numbers, financial data, and others, which are offered for sale at a price ranging between 5-10 dollars for those who want to buy. They pointed out that the “hackers” were able to penetrate the devices of employees in government agencies and the private sector, and entered government portals or automated systems, obtained data and information and encrypted others. In light of the large number of government and service applications that are launched locally, the specialists warned that government agencies do not set a security policy and a strict information security system that prevents the issuance of any application without obtaining a prior license for safe operation.
The specialists revealed that some of the information and data displayed on the site contain confidential numbers of employees in government agencies and leaders responsible for networks in the automated systems of the various agencies that have been hacked. The specialists cited four objectives for cyber security tendering -- creating an isolated infrastructure to store important service data bureau and protect it from attacks; using special software that analyzes the data and changes that occur to it; protecting and isolating data in a private environment and ensure its safety and providing technical support, periodic maintenance, and consultations required for backup insulation A document -- the copy of which has been obtained by Al-Qabas daily -- reveals that one of the conditions for winning government cybersecurity tenders must be to train employees to perform tasks and provide information security.