Red Cross Breach | UK Government – Privacy vs. Safety | Updated Guidance from NCSC

January 24th

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group

Red Cross Breach

To begin, we focus on the International Committee of the Red Cross (ICRC) who revealed a major data breach which compromised the personal details of over 500,000 “highly vulnerable” victims. The Red Cross is imploring the attackers to show mercy and asking them to not leak the data. The data was stolen from the servers of a Swiss contractor that stores data on behalf of the Red Cross and included information of some of the most vulnerable members of society – including individuals separated from their families by war, disasters, migration, missing persons, and people in detention.

Robert Mardini, Director-General of the ICRC said:

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.”

The attack has forced the ICRC, as well as the wider Red Cross and the Red Crescent network to shut down the systems responsible for the Restoring Family Links website. This has hampered the organisations’ ability to reunite separated family members.

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering”.

At the time of writing, the websites are still down with the ICRC saying they are working as quickly as possible to identify a workaround the current issue while renewing calls on those behind the attack to “do the right thing – do not share, sell, leak or otherwise use this data”.

Source - Red Cross Breach - The Guardian

Source - Red Cross Breach - Cyber Security Hub

Source - Red Cross Breach - Threat Post

Source - Red Cross Breach - The Register

Source - Red Cross Breach - Info Security Magazine

This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk
Robert Mardini, Director-General of the ICRC

UK Government – Privacy vs. Safety

Here in the UK, the Home Office has faced enormous backlash after backing a campaign that argues against end-to-end encryption. The ‘No Place to Hide’ campaign is a multimillion-pound campaign funded by the Home Office against end-to-end encryption that is used in iMessage, WhatsApp, and other messaging platforms.

It warns social media firms over the dangers of end-to-end encryption and that child abuse could go undetected. The campaign warns that social media companies are willingly blindfolding themselves to abuse if they implement end-to-end encryption for private messaging.

Multiple organisations have spoken out against the call to remove end-to-end encryption. Responding to this campaign, Antigone Davis, the Global Head of Safety at Meta, said that “the majority of Brits rely on end-to-end encryption to protect them from fraudsters, hackers, and criminals.”

The Information Commissioner’s Office has also spoken out against the Home Office backed campaign, saying that end-to-end encryption strengthens children’s online safety and that a delay to implementing the technology on messaging platforms “leaves everyone at risk, including children”.

Meta is planning to add the technology to Facebook Messenger and Instagram direct messages in 2023.

The majority of Brits rely on end-to-end encryption to protect them from fraudsters, hackers, and criminals
Antigone Davis, Global Head of Safety at Meta

In a nutshell, end-to-end encryption scrambles the contents of messages and calls so that only the end users can understand and decrypt the contents of a message. Even the company processing the communications cannot decrypt the content which means that law enforcement is unable to access the information to potentially catch or convict criminal using the technology.

Robin Wilton, Director of Internet Trust at the Internet Society said:

“Without strong encryption, children are more vulnerable online than ever. Encryption protects personal safety and national security.… What the government is proposing puts everyone at risk.”

Computerworld writes:

“The UK government doesn’t seem to want to address the privacy-versus-security debate. Instead, it simply seeks to inflame reaction with an emotive campaign that raises public support for such a move while utterly ignoring the multitude of arguments against it.”

Source - UK Gov E2EE Campaign - Computerworld

Source - UK Gov E2EE Campaign - BBC News 1

Source - UK Gov E2EE Campaign - BBC News 2

Source - UK Gov E2EE Campaign - The Guardian

Source - UK Gov E2EE Campaign - The Register

Updated Guidance from NCSC

Finally, the National Cyber Security Centre has published new guidance for organisations to follow when communicating with customers via SMS, email, or phone calls. The aims of this new guidance are to make it more difficult for scammers to trick members of the public and lead them to phishing sites.

This comes after an increase in scams which spoofed popular brands. Of these scams, fake parcel deliveries were the most dominant.

The NCSC urged businesses to do their part to fight the rising threat of scams and argued that the best way to do this is to make legitimate and fraudulent communications easier for people to differentiate.

Full information of this new guidance can be read on the NCSC’s website linked below:

Source - NCSC New Guidance - NCSC

Source - NCSC New Guidance - Bleeping Computer

If you want to get in touch then give us a shout