A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts, writes RUDI DICKS, Head of Cyber Security at BDO Cyber and Forensics Lab
A new set of data taken from an offshore law firm again threatens to expose the hidden wealth of individuals and show how corporations, hedge funds and others may have skirted taxes. A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts.
1. What are your views / interpretation on / of the ‘Paradise Papers’ data leaks?
Appleby publicly stated that it was not the subject of a leak but of an illegal computer hack. Their systems were accessed by an intruder who deployed the tactics of a professional hacker and covered his/her tracks to the extent that the forensic investigation concluded that there was no definitive evidence that any data had left their systems. While the mechanics of the breach itself have yet to be revealed, this was clearly a targeted attack. Law firms are particularly susceptible to hacking as they house a treasure trove of sensitive data that, when compromised, can result in sometimes irrecoverable damage.
The paradise papers, like the panama papers is an excellent example of the reputational harm that attackers can cause, rather than financial. Here we saw many wealthy people shown to have offshore accounts in tax havens. Most of these transactions are perfectly legal but the implication is that these wealthy and often famous people are skirting their tax obligations. For the company that these documents were stolen from, this leak will most likely destroy the business.
This class of events demonstrates why law firms must protect their clients’ confidential information. No amount of cyber insurance, data backup strategies, nor business continuity planning can ever put this genie back in the bottle.
2. In your opinion, should we concentrate on the content aspect of these leaks or the security aspect?
For Appleby, the concern is with the content because their clients will be far less likely to conduct sensitive business with them in the future. By releasing the Paradise Papers, the aim of the International Consortium of Investigative Journalists (ICIJ) was to expose significant failures and weaknesses inside the offshore industry. As per ICIJ, “those stories and others they are pursuing serve the public interest by bringing accountability to the offshore industry, its users and operators. Other parts of the data are of a private nature and of no interest to the public. ICIJ will not release personal data en masse but will continue to mine the full data with its media partners.” The content released will certainly have far-reaching impacts for those affected.
For security specialists, the concern is with how this happened, and making sure we do everything possible to ensure that the same attack vectors cannot be used against our clients. This event, allegedly conducted by external hackers, could likely have been detected and mitigated. What ends in a business disrupting event often begins with the ‘click’ on a harmless looking link. Sometimes it involves complex social engineering, credential harvesting and clandestine operations inside the network to locate and slowly exfiltrate valuable data. Thus, considering heightened cyber risks, organisations have to make sure that they are taking reasonable steps to protect their clients’ confidential data. These include:
· Ensuring that software used is up-to-date and that available patches are implemented as soon as reasonably practical.
· Configuring Intrusion Prevention Systems and Firewalls policies to reject information gathering events
· Reviewing access controls regularly to ensure that they are up to date and that they restrict electronic data users to their necessary business functions.
· Utilising antivirus and malware detection software.
· Conducting periodic cybersecurity audits and penetration testing.
· Requiring multi-factor authentication for remote access into computer systems and for very sensitive internal access points.
· Requiring rotating complex passwords.
· Monitoring the activity of authorised users to detect any unauthorised file access, as well as, any large-scale downloading, copying or tampering with confidential information.
· Conducting regular cybersecurity awareness training together with phishing attacks.
3. With ‘Offshore Leaks’, ‘Panama Leaks’, ‘Paradise Papers’ – what should we be aware of / conclude?
We are living in an age of internet activism or hacktivism, which is the subversive use of computers and computer networks to promote a political agenda or a social change. With roots in hacker culture and hacker ethics, its ends are often related to the free speech, human rights, or freedom of information movements. Hacktivists seek to expose social injustice. The hack is a reminder that cybercrime is sometimes motivated by loftier aspirations than making money.
4. How come hackers can still obtain sensitive information when security conscious companies invest so much in safeguarding their data?
No matter how much a company invests in latest security technologies, the human factor remains the weakness link. The lack of effective cybersecurity training for all employees is the root cause of companies failing to keep their data safe. It is extremely pertinent to every organisation to protect its reputation, competitive advantage and operational stability against social engineering with effective company-wide security awareness. BDO’s cybersecurity education program sets employees up for success by instilling cutting edge knowledge and practical know-how into the workplace. Through integrated communication and hacker-led training, BDO helps organisation fight cybercrime strategically and beyond the scope of technology.
Low-cost wireless sport earphones get a kickstart
Wireless earphone brands are common, but not crowdfunded brands. BRYAN TURNER takes the K Sport Wireless for a run.
As wireless technology becomes better, Bluetooth earphones have become popular in the consumer market. KuaiFit aspires to make them even more accessible to more people through a cheaper, quality product, by selling the K Sport Wireless Earphones directly from its Kickstarter page
KuaiFit has an app by the same name which offers voice-guided personal training services in almost every type of exercise, from cardio to weight-lifting. A vast range of connectivity to third-party sensors is available, like heart rate sensors and GPS devices, which work well with guided coaching.
The app starts off with selecting a fitness level: beginner, intermediate and advanced. Thereafter, one has the ability to connect with real personal trainers via a subscription to its paid service. The subscription comes free for 6 months with the earphones, and R30 per month thereafter.
The box includes a manual, a USB to two USB Type B connectors, different sized soft plastic eartips and the two earphone units. Each earphone is wireless and connects to the other independently of wires. This puts the K Sport Wireless in the realm of the Apple Earpods in terms of connection style.
The earphones are just over 2cm wide and 2cm high. The set is black with a light blue KuaiFit logo on the earphone’s button.
The button functions as an on/off switch when long-pressed and a play/pause button when quick-pressed. The dual-button set-up is convenient in everyday use, allowing for playback control depending on which hand is free. Two connectivity modes are available, single earphone mode or dual earphone mode. The dual earphone mode intelligently connects the second earphone and syncs stereo audio a few seconds after powering on.
In terms of connectivity, the earphones are Bluetooth 4.1 with a massive 10-meter range, provided there are no obstacles between the device and the earphones. While it’s not Bluetooth 5, it still falls into the Bluetooth Low Energy connection category, meaning that the smartphone’s battery won’t be drastically affected by a consistent connection to the earphones. The batteries within the earphones aren’t specifically listed but last anywhere between 3 and 6 hours, depending on the mode.
Audio quality is surprisingly good for earphones at this price point. The headset style is restricted to in-ear due to its small design and probable usage in movement-intensive activities. As a result, one has to be very careful how one puts these earphones, in because bass has the potential of getting reduced from an incorrect in-ear placement. In-ear earphones are usually notorious for ear discomfort and suction pain after extended usage. These earphones are one of the very few in this price range that are comfortable and don’t cause discomfort. The good quality of the soft plastic ear tip is definitely a factor in the high level of comfort of the in-ear earphone experience.
Overall, the K Sport Wireless earphones are great considering the sound quality and the low price: US$30 on Kickstarter.
Find them on Kickstarter here.
Taxify enters Google Maps
A recent update to Taxify now uses Google Maps which allows users to identify their drivers, find public transport and search for billing options.
People planning their travel routes using Google Maps will now see a Taxify icon in the app, in addition to the familiar car, public transport, walking and billing options.
Taxify started operating in South Africa in 2016 and as of October 2018 operates in seven South African cities – Johannesburg, Ekurhuleni, Tshwane, Cape Town, Durban, Port Elizabeth and Polokwane.
Once riders have searched for their destination and asked the app for directions, Google Maps shares the proximity of cars on the Taxify platform, as well as an estimated fare for the trip.
If users see that taking the Taxify option is their best bet, they can simply tap on the ‘Open app’ icon, to complete the process of booking the ride. Customers without the app on their device will be prompted to install Taxify first.
This integration makes it possible for users to evaluate which of the private, public or e-hailing modes of transport are most time-efficient and cost-effective.
“This integration with Google Maps makes it so much easier for users to choose the best way to move around their city,” says Gareth Taylor, Taxify’s country manager for South Africa. “They’ll have quick comparisons between estimated arrival times for the different modes of transport, as well as fares they can expect to pay, which will help save both time and money,” he added.
Taxify rides in Google Maps are rolling out globally today and will be available in more than 15 countries, with South Africa being one of the first countries to benefit from this convenient service.