web analytics

Ransomeware screenA ransomware gang attacked Travelex the foreign exchange company on New Year’s Eve.

Ransomware is a kind of online attack where criminals take control of data, usually company data, and demand payment to return it.

There are two main types of ransomware: crypto and locker.
The first encrypts data and files so that users can no longer read anything.

In theory you will get a key to unencrypt the files after you pay a ransom to the crooks. Locker ransomware is similar, but it typical locks down the computer so it can’t be used until the ransom is paid.

Travelex lock-down

After the Travelex attack, the company closed down the websites it operates in 30 countries. It said the move was designed to “contain the virus and protect data”.

That doesn’t quite sound right. After all, it emerged the criminals had been inside the company’s systems for the past six months. By the time of the attack there would little left to contain or protect.

The criminals say they have downloaded many gigabytes of sensitive customer data. This includes dates of birth, credit card information and (British) national insurance numbers.

News reports say the criminal gang asked Travelex to pay US$6 million at first, with the demand ratcheting up over time if it wasn’t paid quickly. It’s not clear if the company paid up.

New Zealand link

There is a New Zealand link. After the attack the company’s branches, which include airport currency exchanges, were still providing services but were using manual processes.

Travelex is also the issuer of Air New Zealand’s OneSmart card. The card makes it easier to deal with money when overseas. It can be loaded with money in as many as eight different foreign currencies before a trip. Users can lock-in exchange rates to avoid fluctuations while they are overseas.

Air New Zealand says the card is not affected by the attack.
The company told the NZ Herald: “OneSmart does not use the Travelex foreign exchange services affected by the attack so Onesmart cardholders are not impacted”.

Ransomware going out of fashion

The Travelex attack happened at a time when ransomware incidents are falling fast. Last year the number of attacks dropped 20 percent as online criminals turned to more lucrative alternatives.

In part the fall in ransomware attacks is because companies are doing a better job at protecting themselves.

The best approach to protection is to have data back-ups so everything ransomed can be recovered quickly. While this sounds simple, it’s something many companies struggle with and criminals know that. Among other matters companies tend to make back-ups without checking the data is recoverable.

Another problem is that a sophisticated ransomware attack can also take control of the back-ups rendering them as unusable as the main data store.

A ransomware attack amounts to a much bigger problem for the victim than the ransom demand. In many countries companies can face fines for not properly and promptly reporting an attack to the authorities.

At the same time, allowing data to be ransomed is often actionable under data protection legislation. At the least a company would need to prove it had taken due care with customer data, that’s hard to do after a ransom attack.

There’s another unpleasant twist to a ransomware attack. While the criminals often release keys after the ransom is paid, that doesn’t always happen. And in at least one reported case, the data was ransomed again by the same gang at a later date. Allowing that to happen is an open and shut case of negligence.

Responding to ransomware

If you are attacked by a ransomware gang, you may need professional help to recover data. Before you get to that stage you need to consider how to respond.

The NZ Police recommend you don’t pay the ransom. That’s understandable and makes sense if there’s a good chance of recovering the data.

Some security experts say that paying the ransom is the smartest course of action. It is often cheaper and, if you don’t have back-ups, quicker than other ways of recovering the data.

I spoke about this story with Lynn Freeman on RNZ Nine-to-Noon.

America is leaning hard on Britain to reject Huawei as a 5G network builder. Meanwhile all the parties in New Zealand have gone quiet on the subject.

US officials told British ministers using Huawei in UK 5G networks puts intelligence sharing at risk. According to a report in the Guardian, the Americans said it would be “Nothing short of madness”.

Former Australian prime minister Malcolm Turnbull also warned the UK prime minister on the matter.

He says: “The real question is not looking for a smoking gun but asking whether this is a loaded gun and whether you want to have that risk.”

Threat seen in Australia

The threat identified by Australian security agencies was not Chinese intelligence interception but potential denial of network access.

Turnbull told The South China Morning Post: “Australia banned Huawei and ZTE from its 5G network as a hedge against adverse contingencies in case relations with China soured in the future.”

Elsewhere in a video he says:

“Capability takes a long time to put in place. Intent can change in a heartbeat, so, you have got to hedge and take into account the risk that intent can change in the years ahead.”

Malcolm Turnbull – Former Australian Prime Minister

Turnbull says Australia reached this decision without pressure from the US. That may be true, but it stretches credibility to suggest there was no lobbying. Even more so when you read the stories about US officials warning British ministers.

New Zealand may have also arrived at its own conclusions, but again, there will have been lobbying on both sides. And, at the very least, our politicians will be aware of The Australian decision.

Huawei locked out

For now, Huawei remains locked out of building a 5G network in New Zealand.

That was never going to affect Vodafone who built the first serious 5G network here. Nokia has been Vodafone’s long-term partner and has most of the 5G contracts.

It’s different for Spark and 2degrees. While 2degrees has announced nothing about its 5G plans, Spark has made a lot of noise over the last two years.

Until now, Huawei has been Spark’s main partner. The two built one of the world’s first 4.5G networks. For a long time it looked as if Huawei was on track to build Spark’s 5G network.

TICSA

That now seems remote. On paper the door is still open. The two companies could still get the necessary sign-off under the Telecommunications (Interception Capability and Security) Act 2013. This is betterknown as TICSA.

The GCSB blocked Spark’s original 2018 5G upgrade proposal under the Act. At the time it said the proposal posed a “significant network security risk.”

Ministers have been careful to avoid talking of an outright ban. They say the GCSB judges each TICSA application on its merits. Officially it just happens that the proposed application wasn’t up to the standard.

Spark and Huawei could return with a fresh proposal. At times it sounds as if the government expected this to happen. Yet the first application was more than a year ago and there has been no word of a fresh attempt.

Otherwise New Zealand’s government has said little more about the affair in public. It doesn’t need to.

White House claims Huawei spies

Other governments are making plenty of noise. The US and the White House has maintained all along that Huawei spies for the Chinese government. Huawei has been adamant that it does not.

As Turnbull makes clear, Australia remains cautious.

In Huawei’s defence there is no evidence of any wrong doing. Nor is there a Chinese law in place that obliges Huawei to act on the government’s behalf. Nor is China seen as a likely aggressor. As far as diplomats, exporters and importers are concerned we are all the best of friends.

Yet, as Turnbull makes clear, there doesn’t need to be evidence of spying for there to be a potential future risk. Nor does there need to be a change in Chinese law. If tensions between the West and China ramp up, China could put Huawei under pressure.

As Turnbull points out, circumstances can change fast. Building a network, or an alternative network takes a lot of time and money. His point is not choosing Huawei is prudent.

Decision time in London

It’s not clear yet which way the UK will jump. It could still decide to go ahead with Huawei. Huawei’s prices are cheaper than rival network hardware companies.1 Huawei hardware is often the better choice for reasons other than money.

The problem the UK faces is much the same as the one facing New Zealand. Allow Huawei and there will be a diplomatic fall-out with the US. Shut Huawei out and China will take offence. There’s no fence sitting, nations are being forced to choose one or the other.

China has not helped matters. Since the question first arose, it has flexed its muscle in ways that alarm overseas observers. Hong Kong is the most obvious example.

One way or another New Zealand appears to have made a decision. Spark is pushing ahead with alternatives to Huawei with its 5G projects.

It will be interesting to see if New Zealand’s position changes if the UK give Huawei the green light. It may not. Yet a decision in Huawei’s favour will give the company ammunition in future New Zealand discussions.

A story unfolding on the other side of the world could yet have implications here.


  1. Some argue the Chinese government subsidises the business. If true, that is more, not less, reason to be wary. ↩︎

Many computer users don’t need to spend extra money on security software. Others do. This helps you decide where you fit.

Windows users can get Microsoft Defender1 for free. MacOS has built-in security features2.

For many people these free OS tools are more than enough protection.

That doesn’t mean there are no risks. The online world is as dangerous as ever. Yet, for many people there’s little value in paying for protection. Spend the money elsewhere.

Paid-for computer security won’t be foolproof even if you buy the best on the market. A clever social engineering attack can shimmy past the smartest defence.

A common example is when a crook persuades a victim to hand over a password or let them behind the defences.

Perhaps the most powerful way of defending your computer and data is making frequent encrypted backups. You can automate this in Windows and MacOS.

Given a choice between spending on security software or backup, I’d pick the latter every time.

You should make more than one kind of back-up. Perhaps use a cloud service and a local hard drive or network server. Ideally back up to a removable hard drive that you can store away from your computer.

Always test back-ups to make sure they are usable.

With back-up you can recover from most attacks, even ransomware . Some security products and services include back-up as part of their deal.

Who needs extra security?

  • If you deal with customer data or anyone’s personal data the law says you must protect it from attack. Security software goes some way towards meeting your obligations. It will reduce the likelihood of attack, criminals often find enough low hanging fruit elsewhere to leave your protected data alone.
  • If you have valuable data including material you want to stay secret. This includes things like business plans or product designs.
  • If you are a potential target for online criminals. This can include having valuable IP that crooks or foreign governments might want. It also includes things like working for political parties or campaigns where there are people who would be only too happy to embarrass or expose your data.
  • If you indulge in risky behaviour online. This can mean activity like illegal downloads or visiting dodgy streaming sites. Some sites at the dark end of the web are fronts to help find victims.
  • If you run a small business where employees are on a local network or you have a home system with teenagers. Sure, you can trust the people you know, but you can never be certain that others might make mistakes, either by indulging in risky behaviour or being susceptible to scams. Spending a couple of hundred dollars on security is easier and less stressful than attempting to monitor and police other people’s activity.

  1. Microsoft Defender isn’t perfect, but it does a good job and doesn’t get in the way, unlike some paid-for security software. ↩︎
  2. In six years I’ve never had the slightest security scare on my Macs ↩︎

Beijing wants people to use only real identities online but there is concern over data collection.

Source: China due to introduce face scans for mobile users – BBC News

People in China are now required to have their faces scanned when registering new mobile phone services, as the authorities seek to verify the identities of the country’s hundreds of millions of internet users.

It’s creepy. Another step on a path to a terrifying totalitarian state that is starting to make George Orwell’s 1984 nightmare look mild in comparison.

Two things worry me abut this development. First, China could be paving the way for other governments to do something similar. In the West this may be pitched as some kind of protection from terrorism or crime, but that doesn’t mean it won’t be abused.

Second, it may not be secure. It’s bad enough for abusive totalitarian or even nominally democratic governments to use this technology to keep tabs on people, but what if criminals get their hands on it? Say if violent men use it to stalk women. We know that already happens with technologies like police car registration plate databases.