Big Four accounting firm Deloitte, with $37B in annual revenues, found out that it had been hacked in March, and the hackers appear to have been inside its systems (supplied by Microsoft through its Azure cloud) since the previous October or March.
The hackers had access to up to 5 million sensitive company emails and documents from across all the sectors in which Deloitte operates, "the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies."
Deloitte kept the hack internally secret, only informing "a handful" of senior partners and lawyers, as well as six clients.
The Guardian has been told the internal inquiry into how this happened has been codenamed “Windham”. It has involved specialists trying to map out exactly where the hackers went by analysing the electronic trail of the searches that were made.
The team investigating the hack is understood to have been working out of the firm’s offices in Rosslyn, Virginia, where analysts have been reviewing potentially compromised documents for six months.
It has yet to establish whether a lone wolf, business rivals or state-sponsored hackers were responsible.
Sources said if the hackers had been unable to cover their tracks, it should be possible to see where they went and what they compromised by regenerating their queries. This kind of reverse-engineering is not foolproof, however.
A measure of Deloitte’s concern came on 27 April when it hired the US law firm Hogan Lovells on “special assignment” to review what it called “a possible cybersecurity incident”.
Deloitte hit by cyber-attack revealing clients’ secret emails
[Nick Hopkins/The Guardian]
Shenzhen Gwelltimes Technology Co., Ltd is the white-label vendor behind a whole constellation of Internet of Things networked home cameras sold as security cameras, baby monitors, pet monitors, and similar technologies; these cameras are designed to be monitored by their owners using an app, and because of farcically bad default passwords ("123") and other foolish […]
Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open.
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
Spring came and went, but we’re not here to judge if you didn’t get around to cleaning up your living space. After all, taking the time to vacuum your floors can stretch out into a lengthy task when you’re constantly switching between power outlets and trying to jam your machine into those tight corners. With […]
Projects big and small always go smoother when the whole team is collaborating, but members tend to get lost once the conference call ends. Timelinr is a project management solution that helps keep your stakeholders, team, and clients in the loop with high-level project roadmaps and granular task boards. Subscriptions are available today for $49.99. […]
The Adobe Creative Cloud is home to a suite of editing tools today’s creatives count on to produce their content. Whether you’re an aspiring photographer, animator, or graphic designer, Adobe’s programs can help you in your creative pursuits, and with the Complete Adobe CC Training Bundle, you can come to grips with six of them for […]