By James de Villiers for Business Insider SA

Media law experts believe WhatsApp admins in SA may be held liable for false information shared on their groups.

However, they would need to know that the information being shared is false, and do nothing about it.

Knowingly sharing fake news is a crime subject to 6 months imprisonment under SA’s Covid-19 disaster regulations.

Administrators of WhatsApp groups in South Africa may be held criminally liable if fake news is shared in the group, but only if they are aware that the information being shared is incorrect.

Under South Africa’s coronavirus disaster regulations, spreading false information, colloquially known as fake news, about the novel coronavirus and Covid-19 with intent to deceive is a crime with up to 6 months imprisonment.

PPM Attorneys communications lawyer Lucien Pierce believes Whatsapp group administrators who were aware that false information is being shared may also be held liable.

Pierce said the disaster regulations, however, make it clear that the fake news has to be spread with malicious intent, and therefore the administrator will have to know that the information being shared is false.

“Many people, like my mom, share many things during the course of a day which is false but which they do not know is false, and they, therefore, cannot be found liable,” Pierce told Business Insider South Africa.

“The same is true for an administrator: they would have to know that the information being shared is false. If they do not correct the information, or do nothing to stop it, they can then be held liable.”

Von Seidels copyright lawyer Salomé le Roux explained that a precedent has been set in South Africa where a court held a person who was tagged in a defamatory Facebook post jointly liable for the defamation in the post.

She said the ruling meant that anyone who participates in the publication or is part of the “publication chain” of defamatory material – or, under the disaster regulations, spreading of fake news – can be held liable.

A WhatsApp administrator is deemed to part of the “publication chain” as they are deemed to have created the group and has control over who is added and what is posted there, Le Roux told Business Insider South Africa.

“If someone [therefore] posts something defamatory [or false] and the WhatsApp admin sees it and does nothing, it is the same as if he was tagged on a defamatory Facebook post, but did not remove the tag and remains associated with the post,” Le Roux said.

Webber Wentzel media law expert Dario Milo said it is highly unlikely that someone will be held liable as the intent to deceive needs to be proved.

“[Only] once an administrator has knowledge that someone has posted fake news, and does not act to remove it from the group, he or she will be at risk of contravening the [disaster] regulation,” Milo said.

By James de Villiers for Business Insider SA

The North Korean connection in a brazen R300-million heist in Japan, which used stolen data from Standard Bank, has been confirmed in a new report.
The mastermind of the 2016 operation – which involved more than 100 people – fled to North Korea afterwards.
The group is believed to have used counterfeit credit cards stolen or leaked from Standard Bank to steal the money.

It has now been confirmed that the alleged mastermind behind a syndicate which stole 1.8 billion yen, or roughly R302 million at current exchange rates, in Japan by using data stolen from Standard Bank, fled to North Korea, the Japanese newswire Kyodo News reported this weekend.

In 2016, the man lead a group of people who used counterfeit credit cards stolen or leaked from Standard Bank to withdraw large amounts from convenience-store ATMs in 17 areas across the country, including Tokyo.

The Atlantic reported that more than 100 people were believed to have been involved in the operation which took place over two hours on 15 May 2016.

Around 1 700 automated teller machines at 1 600 convenience stores were targeted.

The mastermind fled to North Korea by way of China shortly after, investigators have now determined.

Last year, Nippon.com reported that United Nations Security Council panel found that North Korea may have been involved in the incident.

Standard Bank told Business Insider South Africa that they are unable to comment as investigations are ongoing, and directed enquiries to the relevant authorities.

Japanese police have been working with South African police during its investigations. It said over 260 people have been arrested in relation to the incident, the Japan Times reported.

SA sees spike in network attacks

According to Kaspersky, a major spike in network attacks took place in South Africa last week. Affected devices increased from 20,000-30,000 to about 310,000 in the period spanning from 15 – 21 March.

This has coincided with an increase in remote working in the country, after President Cyril Ramaphosa announced first a National State of Disaster and then a 21-day lockdown.

“Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said in an interview with MyBroadband.

“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances.”

Protecting your networking during lockdown

Kaspersky provided a variety of tips employees should follow when working remotely during the impending lockdown:

  • Make use of a VPN to connect securely to the corporate network
  • Use multi-factor authentication wherever possible
  • Ensure all corporate devices – including mobiles, laptops and tablets are protected with adequate security software
  • Segregate your personal devices/life from corporate computers
  • Ensure the latest available updates are installed regularly
  • Only use corporate-approved teleconferencing software
  • Practice basic cybersecurity rules

 

Beware of these corona-related scams

The South African Banking Risk Information Centre (SABRIC) has warned bank clients that cybercriminals are exploiting the current “Coronamania” panic to spread Coronavirus scams.

Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering. Social Engineering is manipulative and exploits human vulnerability because criminals know that the weakest link in the information security chain is the human being.

These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines, leading to phishing websites. These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links. Some of these websites prompt the user for personal information which ending up in the hands of cybercriminals.

Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials. Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus.

Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.

“Although some spoofed emails can be difficult to identify, we urge bank clients to think twice before clicking on any link, even if an email looks legitimate. Any suspicious emails should not be opened and are best deleted,” says SABRIC acting CEO, Susan Potgieter.

SABRIC urges bank clients to take note of the following tips to protect themselves:

Phishing and SMishing

  • Do not click on links or icons in unsolicited emails
  • Never reply to these emails. Delete them immediately
  • Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm
  • Check that you are on the authentic/real site before entering any personal information
  • Do not click on links or icons in unsolicited SMSs
  • Do not reply to these SMSs. Delete them immediately
  • Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt

SABRIC (South African Banking Risk Information Centre) has warned bank clients to protect their mobile devices.

The theft of mobile phones is not a new phenomenon; however, there is an emerging trend where mobile phones that are being snatched from owners, affording criminals the opportunity to gain access to the victim’s personal and even confidential information which can then be used to commit crime.

Mobile phones are a convenient way to stay connected. They enable easy access to family and friends, make it possible to access vast stores of online information and can provide hours of entertainment. Despite these benefits you must always remain vigilant because your mobile phone stores far more information than you may be aware of. This is even more applicable if you use your mobile device to do your banking. Remember, your phone is equal to a bank card and could even act as a gateway to your bank account

“Personal information is a valuable commodity for criminals and because so much of it is on our phones, we need to take mobile security very seriously,” says Susan Potgieter, acting CEO of SABRIC.

There are a number of ways that criminals could access information stored on your mobile phone if it is stolen, to try and defraud you:

  • Criminals access all open applications on your unlocked phone and view your sensitive data
  • Social engineering is used to obtain your usernames and passwords stored in the cloud
  • Vishing might occur, where criminals call you and manipulate you into believing that they are from the bank to coerce you into revealing confidential information like PIN’s or passwords
  • Phishing occurs where you are sent an email, which you believe to be from the bank or a legitimate service provider, which asks you to click on a link that requests your PIN’s or passwords. Once your password has been compromised on your snatched phone, all other credentials are available and may be exploited.
  • Your credentials could also be compromised through shoulder surfing in public places such as restaurants.

In the event that your mobile phone is lost or stolen, borrow a phone and contact your bank immediately so that they can deactivate your banking app, block cards on other apps containing your bank card details and block your bank account. Make sure you always have your banks hotline number stored somewhere other than on your mobile phone. If you have activated the ‘Find My iPhone’ or ‘Find my Device’ facility from the web to locate or wipe your device, be aware that fraudsters may attempt to Vish or Phish you. If you receive an email or SMS after doing this, don’t click on any links as these are not safe.

“When a bank client’s mobile phone is stolen, they tend to focus on protecting their photos and social media profiles, however, their highest priority should be protecting their money,” concludes Potgieter.

Tips for banking clients

PINS and passwords

  • Reset/change your passwords and PINs often
  • Set different and complex passwords for each app or service. Ensure that these are not stored on a password manager app or on the phone itself
  • Never save your banking app username and password on your device in the contacts or notes
  • Never autosave your banking app username and password on your device
  • Disable the autosave function on your smart phone
  • Ensure that you have set additional security controls on your device for adding biometrics such as fingerprint or facial recognition, for instance you can enable your device to ask for the device password to add another person’s biometric on your device.

Behaviour

  • Do not click links in SMSes or emails stating that your lost or stolen device has been located as criminals use this as a way to get your banking app credentials
  • Always be vigilant by being aware of who is around you when using your phone in public

Your device

  • Treat your mobile device the same way you would treat your bank card
  • Pickpocketing is prevalent so ensure that your handbag or and backpacks are properly closed or zipped
  • If your mobile device is lost or stolen notify your Bank immediately to freeze your banking profile and prevent the perpetrators from using your banking app
  • In addition, contact your mobile service provider to block/stop your SIM card and handset to prevent criminals from getting any One Time PINs for fraudulent transactions
  • If your Apple device is stolen, log onto to your iCloud account to restore all factory settings so that all your personal data is wiped from the device
  • Avoid using Public WiFi “hotspots”. It is risky to connect your smartphone to just any available WiFi hotspot. Savvy hackers can spoof a WiFi connection and gain access to usernames and passwords stored on your smartphone
  • Consider keeping your banking app on two devices – this will enable you to block the stolen mobile from the other device and also change the log in credentials at a moment’s notice. Most banks will still ask you to call them to report the theft to ensure that all access is blocked for the stolen phone. Your bank can also advise how to get passwords changed
  • When calling the bank to report the phone as stolen, request that they place a temporary hold on your entire account to allow you the time to change, replace and update all of your info

Banking app

  • Always log out of your banking app manually once you have finished transacting
  • Keep your daily EFT and ATM limits low as some banking apps and internet banking profiles will require that contact be made with the bank before the limit can be increased on your profile

By Jenna Etheridge for News24

The cellphones of State Security Minister Ayanda Dlodlo, her deputy, Zizi Kodwa, and several officials in the minister’s office have been cloned, the department confirmed on Wednesday.

“It looks like the operation is happening around Gauteng, hence the matter was reported to Gauteng police who have assured us that they have allocated high-profile investigators to look into the matter,” said department spokesperson Mava Scott.

“We are hoping it will be resolved as speedily as possible.”

Scott said the department became aware of the cloning this week and was awaiting further feedback from the investigation, adding it would then take it from there.

Earlier this month, the Hawks confirmed they were investigating the theft of money out of the State Security Agency’s offices in Pretoria.

At the time, IOL reported the perpetrators had walked into a safe at the office in Lyttelton, Gauteng, at the end of January and left with classified documents, an undisclosed amount of money in local and foreign currency, as well as CCTV cameras.

By Lameez Omarjee for News24

An owner of eight Spar grocery stores has been ordered to pay over R11-million to staff for not complying with labour laws.

The Department of Employment and Labour on Monday issued a statement indicating that the Commission for Conciliation Mediation and Arbitration had granted it eight arbitration awards – against the owner, cited only as a “Mr. Giannacoupolous” in the department’s statement.

The CCMA’s decision comes following inspections at outlets conducted in May 2019 by the department, this after it had received a “series of complaints of alleged gross violations of labour laws”.

The Spar stores inspected were the Spar Orchards, Dely Road, Doornport Spar, Montana Spar, Wierda Spar, Silverton Spar, Zambezi Super Spar, Rietfontein Spar, Silverplace Spar and Safari Spar in Rustenburg. Collectively, the stores employ 565 workers.

“On investigation, all the stores which happened to be violating the labour laws were found to be owned by Mr Giannacoupolous. Ten stores were affected, with nine based in Gauteng and one in the North West,” the department said.

The issues raised in terms of violations to the labour laws include: failure to issue employment contracts, long working hours for staff without overtime compensation, pay for Sunday work and public holidays not granted according to the law, illegal deductions and complaints related to the hiring of illegal foreign nationals, according to the department.

In October last year Business Insider reported that the Spar head office had terminated the membership of the 23 stores which had fallen under the Giannacoupolous Group, with the intention to run them directly – as the group had brought the Spar brand into disrepute. A spokesperson of the Spar Group on Monday told Fin24 that the stores have since been returned to the Giannacouplous Group.

The Spar Group would not comment on the latest developments between the Department of Employment and Labour and the Giannacoupolous Group. The Spar Group is currently engaged in a legal battle with the Giannacoupolous Group, which is set down to be heard by the court in early March, making all matters between the two sub judice, the spokesperson said.

The Spar owner has to comply with the CCMA award within 14 days, or pay an amount with accrued interest.

Spar’s share price opened at R177.3 on Monday and was trading 2.26% lower at at R168.51 by 15:55.

Nedbank’s client data hacked

Source: Xinhuanet

Nedbank service provider’s IT systems have been breached, exposing the personal information of up to 1.7 million clients, said the bank last Thursday.

Computer Facilities, which does direct marketing for Nedbank by sending short messages and email marketing information on behalf of the bank, was breached.
The bank said there was some “potentially compromised data” which included names, identity cards numbers, telephone numbers, physical and/or email addresses.

“We regret the incident … and the matter is receiving our urgent attention. The safety and security of our clients’ information is a top priority,” said Nedbank CEO Mike Brown, adding that the bank systems or client accounts were not impacted.

“We are communicating directly with affected clients. We are also taking the necessary actions in close cooperation with the relevant regulators and authorities,” said Brown.

Nedbank group Chief Information Officer Fred Swanepoel said they have secured and destroyed all their client information held by Computer Facilities.

Last year the City of Johannesburg’s system was hacked and some payment in bitcoins were demanded. In 2017 South Africa’s insurance company Liberty was hacked and demanded ransom.

Source: KrebsOnSecurity 

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

Earlier this month, KrebsOnSecurity heard from a reader who maintains several sites that receive a fair amount of traffic. The message this reader shared began by quoting from an automated email Google’s systems might send if they detect your site is seeking to benefit from automated clicks. The message continues:

“Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher. More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.”

The message goes on to warn that while the targeted site’s ad revenue will be briefly increased, “AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent.”

“Next an ad serving limit will be placed on your publisher account and all the revenue will be refunded to advertisers. This means that the main source of profit for your site will be temporarily suspended. It will take some time, usually a month, for the AdSense to lift your ad ban, but if this happens we will have all the resources needed to flood your site again with bad quality web traffic which will lead to second AdSense ban that could be permanent!”

The message demands $5,000 worth of bitcoin to forestall the attack. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate.

The reader who shared this email said while he considered the message likely to be a baseless threat, a review of his recent AdSense traffic statistics showed that detections in his “AdSense invalid traffic report” from the past month had increased substantially.

The reader, who asked not to be identified in this story, also pointed to articles about a recent AdSense crackdown in which Google announced it was enhancing its defenses by improving the systems that identify potentially invalid traffic or high risk activities before ads are served.

Google defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” as well as “automated clicking tools or traffic sources.”

“Pretty concerning, thought it seems this group is only saying they’re planning their attack,” the reader wrote.

Google declined to discuss this reader’s account, saying its contracts prevent the company from commenting publicly on a specific partner’s status or enforcement actions. But in a statement shared with KrebsOnSecurity, the company said the message appears to be a classic threat of sabotage, wherein an actor attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory.

“We hear a lot about the potential for sabotage, it’s extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding,” the statement explained. “For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.”

Google said it has extensive tools and processes to protect against invalid traffic across its products, and that most invalid traffic is filtered from its systems before advertisers and publishers are ever impacted.

“We have a help center on our website with tips for AdSense publishers on sabotage,” the statement continues. “There’s also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed.”

Hackers could shut down satellites

By William Akoto for The Conversation

Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, U.K.-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.

These new satellites have the potential to revolutionise many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the U.S. and internationally. As a scholar who studies cyber conflict, I’m keenly aware that this, coupled with satellites’ complex supply chains and layers of stakeholders, leaves them highly vulnerable to cyberattacks.

If hackers were to take control of these satellites, the consequences could be dire. On the mundane end of scale, hackers could simply shut satellites down, denying access to their services. Hackers could also jam or spoof the signals from satellites, creating havoc for critical infrastructure. This includes electric grids, water networks and transportation systems.

Some of these new satellites have thrusters that allow them to speed up, slow down and change direction in space. If hackers took control of these steerable satellites, the consequences could be catastrophic. Hackers could alter the satellites’ orbits and crash them into other satellites or even the International Space Station.

Commodity parts open a door
Makers of these satellites, particularly small CubeSats, use off-the-shelf technology to keep costs low. The wide availability of these components means hackers can analyse them for vulnerabilities. In addition, many of the components draw on open-source technology. The danger here is that hackers could insert back doors and other vulnerabilities into satellites’ software.

The highly technical nature of these satellites also means multiple manufacturers are involved in building the various components. The process of getting these satellites into space is also complicated, involving multiple companies. Even once they are in space, the organisations that own the satellites often outsource their day-to-day management to other companies. With each additional vendor, the vulnerabilities increase as hackers have multiple opportunities to infiltrate the system.

Hacking some of these CubeSats may be as simple as waiting for one of them to pass overhead and then sending malicious commands using specialised ground antennas. Hacking more sophisticated satellites might not be that hard either.

Satellites are typically controlled from ground stations. These stations run computers with software vulnerabilities that can be exploited by hackers. If hackers were to infiltrate these computers, they could send malicious commands to the satellites.

A history of hacks
This scenario played out in 1998 when hackers took control of the U.S.-German ROSAT X-Ray satellite. They did it by hacking into computers at the Goddard Space Flight Center in Maryland. The hackers then instructed the satellite to aim its solar panels directly at the sun. This effectively fried its batteries and rendered the satellite useless. The defunct satellite eventually crashed back to Earth in 2011. Hackers could also hold satellites for ransom, as happened in 1999 when hackers took control of the U.K.‘s SkyNet satellites.

Over the years, the threat of cyberattacks on satellites has gotten more dire. In 2008, hackers, possibly from China, reportedly took full control of two NASA satellites, one for about two minutes and the other for about nine minutes. In 2018, another group of Chinese state-backed hackers reportedly launched a sophisticated hacking campaign aimed at satellite operators and defence contractors. Iranian hacking groups have also attempted similar attacks.

Although the U.S. Department of Defence and National Security Agency have made some efforts to address space cybersecurity, the pace has been slow. There are currently no cybersecurity standards for satellites and no governing body to regulate and ensure their cybersecurity. Even if common standards could be developed, there are no mechanisms in place to enforce them. This means responsibility for satellite cybersecurity falls to the individual companies that build and operate them.

Market forces work against space cybersecurity
SpaceX, headquartered in Hawthorne, Calif., plans to launch 42,000 satellites over the next decade. Bruno Sanchez-Andrade Nuño/Wikimedia Commons, CC BY
As they compete to be the dominant satellite operator, SpaceX and rival companies are under increasing pressure to cut costs. There is also pressure to speed up development and production. This makes it tempting for the companies to cut corners in areas like cybersecurity that are secondary to actually getting these satellites in space.

Even for companies that make a high priority of cybersecurity, the costs associated with guaranteeing the security of each component could be prohibitive. This problem is even more acute for low-cost space missions, where the cost of ensuring cybersecurity could exceed the cost of the satellite itself.

To compound matters, the complex supply chain of these satellites and the multiple parties involved in their management means it’s often not clear who bears responsibility and liability for cyber breaches. This lack of clarity has bred complacency and hindered efforts to secure these important systems.

Regulation is required
Some analysts have begun to advocate for strong government involvement in the development and regulation of cybersecurity standards for satellites and other space assets. Congress could work to adopt a comprehensive regulatory framework for the commercial space sector. For instance, they could pass legislation that requires satellites manufacturers to develop a common cybersecurity architecture.

They could also mandate the reporting of all cyber breaches involving satellites. There also needs to be clarity on which space-based assets are deemed critical in order to prioritize cybersecurity efforts. Clear legal guidance on who bears responsibility for cyberattacks on satellites will also go a long way to ensuring that the responsible parties take the necessary measures to secure these systems.

Given the traditionally slow pace of congressional action, a multi-stakeholder approach involving public-private cooperation may be warranted to ensure cybersecurity standards. Whatever steps government and industry take, it is imperative to act now. It would be a profound mistake to wait for hackers to gain control of a commercial satellite and use it to threaten life, limb and property – here on Earth or in space – before addressing this issue.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top