A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts, writes RUDI DICKS, Head of Cyber Security at BDO Cyber and Forensics Lab
A new set of data taken from an offshore law firm again threatens to expose the hidden wealth of individuals and show how corporations, hedge funds and others may have skirted taxes. A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts.
1. What are your views / interpretation on / of the ‘Paradise Papers’ data leaks?
Appleby publicly stated that it was not the subject of a leak but of an illegal computer hack. Their systems were accessed by an intruder who deployed the tactics of a professional hacker and covered his/her tracks to the extent that the forensic investigation concluded that there was no definitive evidence that any data had left their systems. While the mechanics of the breach itself have yet to be revealed, this was clearly a targeted attack. Law firms are particularly susceptible to hacking as they house a treasure trove of sensitive data that, when compromised, can result in sometimes irrecoverable damage.
The paradise papers, like the panama papers is an excellent example of the reputational harm that attackers can cause, rather than financial. Here we saw many wealthy people shown to have offshore accounts in tax havens. Most of these transactions are perfectly legal but the implication is that these wealthy and often famous people are skirting their tax obligations. For the company that these documents were stolen from, this leak will most likely destroy the business.
This class of events demonstrates why law firms must protect their clients’ confidential information. No amount of cyber insurance, data backup strategies, nor business continuity planning can ever put this genie back in the bottle.
2. In your opinion, should we concentrate on the content aspect of these leaks or the security aspect?
For Appleby, the concern is with the content because their clients will be far less likely to conduct sensitive business with them in the future. By releasing the Paradise Papers, the aim of the International Consortium of Investigative Journalists (ICIJ) was to expose significant failures and weaknesses inside the offshore industry. As per ICIJ, “those stories and others they are pursuing serve the public interest by bringing accountability to the offshore industry, its users and operators. Other parts of the data are of a private nature and of no interest to the public. ICIJ will not release personal data en masse but will continue to mine the full data with its media partners.” The content released will certainly have far-reaching impacts for those affected.
For security specialists, the concern is with how this happened, and making sure we do everything possible to ensure that the same attack vectors cannot be used against our clients. This event, allegedly conducted by external hackers, could likely have been detected and mitigated. What ends in a business disrupting event often begins with the ‘click’ on a harmless looking link. Sometimes it involves complex social engineering, credential harvesting and clandestine operations inside the network to locate and slowly exfiltrate valuable data. Thus, considering heightened cyber risks, organisations have to make sure that they are taking reasonable steps to protect their clients’ confidential data. These include:
· Ensuring that software used is up-to-date and that available patches are implemented as soon as reasonably practical.
· Configuring Intrusion Prevention Systems and Firewalls policies to reject information gathering events
· Reviewing access controls regularly to ensure that they are up to date and that they restrict electronic data users to their necessary business functions.
· Utilising antivirus and malware detection software.
· Conducting periodic cybersecurity audits and penetration testing.
· Requiring multi-factor authentication for remote access into computer systems and for very sensitive internal access points.
· Requiring rotating complex passwords.
· Monitoring the activity of authorised users to detect any unauthorised file access, as well as, any large-scale downloading, copying or tampering with confidential information.
· Conducting regular cybersecurity awareness training together with phishing attacks.
3. With ‘Offshore Leaks’, ‘Panama Leaks’, ‘Paradise Papers’ – what should we be aware of / conclude?
We are living in an age of internet activism or hacktivism, which is the subversive use of computers and computer networks to promote a political agenda or a social change. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information movements. Hacktivists seek to expose social injustice. The hack is a reminder that cybercrime is sometimes motivated by loftier aspirations than making money.
4. How come hackers can still obtain sensitive information when security conscious companies invest so much in safeguarding their data?
No matter how much a company invests in latest security technologies, the human factor remains the weakness link. The lack of effective cybersecurity training for all employees is the root cause of companies failing to keep their data safe. It is extremely pertinent to every organisation to protect its reputation, competitive advantage and operational stability against social engineering with effective company-wide security awareness. BDO’s cybersecurity education program sets employees up for success by instilling cutting edge knowledge and practical know-how into the workplace. Through integrated communication and hacker-led training, BDO helps organisation fight cybercrime strategically and beyond the scope of technology.
CES: Most useless gadgets of all
Choosing the best of show is a popular pastime, but the worst gadgets of CES also deserve their moment of infamy, writes ARTHUR GOLDSTUCK.
It’s fairly easy to choose the best new gadgets launched at the Consumer Electronics Show (CES) in Las Vegas last week. Most lists – and there are many – highlight the LG roll-up TV, the Samsung modular TV, the Royole foldable phone, the impossible burger, and the walking car.
But what about the voice assisted bed, the smart baby dining table, the self-driving suitcase and the robot that does nothing? In their current renditions, they sum up what is not only bad about technology, but how technology for its own sake quickly leads us down the rabbit hole of waste and futility.
The following pick of the worst of CES may well be a thinly veneered attempt at mockery, but it is also intended as a caution against getting caught up in hype and justification of pointless technology.
1. DUX voice-assisted bed
The single most useless product launched at CES this year must surely be a bed with Alexa voice control built in. No, not to control the bed itself, but to manage the smart home features with which Alexa and other smart speakers are associated. Or that any smartphone with Siri or Google Assistant could handle. Swedish luxury bedmaker DUX thinks it’s a good idea to manage smart lights, TV, security and air conditioning through the bed itself. Just don’t say Alexa’s “wake word” in your sleep.
2. Smart Baby Dining Table
Ironically, the runner-up comes from a brand that also makes smart beds: China’s 37 Degree Smart Home. Self-described as “the world’s first smart furniture brand that is transforming technology into furniture”, it outdid itself with a Smart Baby Dining Table. This isa baby feeding table with a removable dining chair that contains a weight detector and adjustable camera, to make children’s weight and temperature visible to parents via the brand’s app. Score one for hands-off parenting.
Click here to read about smart diapers, self-driving suitcases, laundry folders, and bad robot companions.
CES: Tech means no more “lost in translation”
Talking to strangers in foreign countries just got a lot easier with recent advancements in translation technology. Last week, major companies and small startups alike showed the CES technology expo in Las Vegas how well their translation worked at live translation.
Most existing translation apps, like Bixby and Siri Translate, are still in their infancy with live speech translation, which brings about the need for dedicated solutions like these technologies:
Babel’s AIcorrect pocket translator
The AIcorrect Translator, developed by Beijing-based Babel Technology, attracted attention as the linguistic king of the show. As an advanced application of AI technology in consumer technology, the pocket translator deals with problems in cross-linguistic communication.
It supports real-time mutual translation in multiple situations between Chinese/English and 30 other languages, including Japanese, Korean, Thai, French, Russian and Spanish. A significant differentiator is that major languages like English being further divided into accents. The translation quality reaches as high as 96%.
It has a touch screen, where transcription and audio translation are shown at the same time. Lei Guan, CEO of Babel Technology, said: “As a Chinese pathfinder in the field of AI, we designed the device in hoping that hundreds of millions of people can have access to it and carry out cross-linguistic communication all barrier-free.”
Click here to read about the Pilot, Travis, Pocketalk, Google and Zoi translators.