(410) 531-6727

Blog

  2. Home
  3. Blog
  4. Michael Deskin
  5. What a Recent Bank Leak Should Tell Us About the Dark Web

Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, Bel Air and in and about Maryland since 2002.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

What a Recent Bank Leak Should Tell Us About the Dark Web

bank-400

There are a lot of ways that our language represents our collective trust of banks. Why else would we use idioms to claim that someone’s statements are trustworthy that say that one can “bank on it” or “take that to the bank”? Unfortunately, this trust isn’t always completely justified, as a recent discovery of 24 million banking documents proves.

An independent security researcher named Bob Diachenko discovered the cache online. Saved in an Elasticsearch server, these documents were a collection of OCR (or optical character recognition) files. These files had data from throughout the last decade, outlining mortgage and loan agreements, tax documents, and other sensitive financial documents.

Naturally, it should be clear that a database containing such a large collection of data should at least be password protected. This one was not.

As a result, 1.3 gigabytes were left exposed, allowing potentially anyone to peruse the 24 million documents (including names, addresses, birth dates, Social Security numbers, pretty much everything needed to commit various financial crimes), just so long as they could find the server.

These digital reproductions were ultimately linked back to a Fort Worth company that provides the financial industry with assorted data services. The company, Ascension Data & Analytics, quickly passed the buck to one of its vendors, document management startup OpticsML. However, Diachenko was also able to find the original data saved in an Amazon S3 storage server…once again, NO password to protect it. This would allow anyone who happened to guess the right web address to access and download these sensitive documents.

Worse, these servers will default to be private and not web-accessible. So, these files were left accessible by choice.

Once this was discovered, there were attempts to reach out to OpticsML. Despite their website being taken down and their phone number disconnected, an email made its way to the company’s chief executive, and the data was then secured. Affected customers are to be notified, and the incident reported to New York state regulators.

While there is bound to be more to this story, let’s focus on the real lesson here: it is critical that a business not only diligently secures its data, but that it also has the means to identify when its data has been breached.

We offer a wide variety of security services to help you keep your business’ data secure. However, the most important method to keep unwanted entities out of your network is also one of the most simple concepts in information technology: having sufficient passwords protecting you.

As reviewed above, Diachenko was able to locate a massive amount of data, left unprotected. For a moment, let’s assume that he wasn’t a security researcher, and instead wanted to steal this data for his own malicious purposes. Just imagine, all that data, available for the taking - think of the damage that could be caused if that data was to have been leaked (assuming it hadn’t been already).

This is just one of many reasons that passwords are so crucial to the success of so many businesses. Without them, you have no means of controlling who has access to your data.

As a result, you need to make sure that any sensitive data or files your organization has are only accessible via a password - and not just any password. Your passwords need to reflect industry best practices, including:

  • Using a mixture of alphanumeric characters and symbols.
  • Avoiding common phrases or words, random sequences or passphrases being preferable.
  • Remaining a “need-to-know” asset, reducing the likelihood of someone external to the organization (or even is in the organization, but has no reason to access a given resource) can access the contents that the password was protecting.

Unfortunately, when data like this is breached, it is generally made available on something called the Dark Web, inside the Deep Web. Stay tuned for our next blog, where we’ll discuss the different levels of the Internet… it’s much bigger than you’d think.

To learn more about keeping your data safe, reach out to us at (410) 531-6727.

Tags:
Security Data Privacy
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Shrug Off Downtime with Managed IT Services
Tip of the Week: Enabling Smart Compose on Gmail f...

About the author

Michael Deskin

Michael Deskin

Michael Deskin joined Dresner Group, a leading technology provider of managed network and security services, in 2004 as a firm principal. Since that time, Dresner Group has continued to grow while gaining recognition for helping local businesses solve their IT issues so they could become more profitable and successful. Today, Michael oversees Dresner Group’s strategic vision, operational goals and business development efforts.

Michael has served on the Board of Directors for Associated Builders and Contractors, Association of Community Services for Howard County Maryland and other local community organizations. He is an active member is his local community and enjoys spending his spare time with his wife and four growing boys.

Author's recent posts

More posts from author
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Wednesday, 03 July 2024

Captcha Image

Client Service Login

Latest News & Events

Dresner Group named to the MSP 501 Winner

We are thrilled to announce that we have been recognized in one of the most prestigious lists in the global technology industry—the 2024 Channel Futures MSP 501!

Read More

Contact Us

Learn more about what Dresner Group can do for your business.

Copyright Dresner Group. All Rights Reserved.

Clicky