Dubai: the gate Arab news technical
Revealed a security researcher from a company UpGuard security services about the security breach enabled him to find tens of thousands of sensitive documents for major industrial companies – including most of the major car manufacturers – on your server backup is not protected. Included documents and materials to more than 100 companies dealt with the police a Canadian Level One Robotics, which provides Industrial Automation Services for businesses, according to in –the report of the New York Times.
He said security researcher he found these documents on a server, a special reserve police, the Canadian non-domestic, it does not require any passwords or special permissions, and anyone connected to download articles, which amounted to 157 GB at least, and nearly 47 thousand file contains trade secrets of a number of companies such as Fiat Chrysler, Ford andGeneral Motors andTesla ,Toyota andVolkswagen.
No doubt that car manufacturing companies like General Motors, Ford, Tesla, Toyota, and Volkswagen is doing its utmost to maintain the confidentiality of their information and art. The details related with the assembly line processes and automation between trade secrets and the most sensitive in the industry.
The size of the data that has been detected 157 GB almost, and special lines of business in 10 years, and blueprints of the original factory Blueprint, documents, settings, robotic machines, and models request a badge of identity, and models a request for access to a virtual private network VPN, and agreements of Non-disclosure of confidential information and NDAs -which describes in detail how sensitive information is disclosed.
Include data also on the personal details of some staff of the company Level One Canadian, including pictures of light-licensing driving, passports, and statements of clients of the company Level One including work plans, invoices, contracts and details of bank accounts.
It has been discovered this hack the first of the month by Chris Vick managers Chris Vickery security researcher at UpGuard, which said: “This is a hack of the worst processes of disclosure of sensitive data in the field of cyber security up to now, in that it reveals a lot of the trade secrets of major industrial companies, and of course if what I found on the term NDAs on a document, then immediately you’ve got something that’s not supposed to be available to everyone”.
It should be noted that the term NDA is a test of English the following: non-disclosure agreement: Non disclosure agreement, an agreement signed between at least two parties and that there is some confidential information that will be shared between the Parties to the contract only can be disclosed to the public.
It wasn’t clear whether anyone else has seen or downloaded this data is local, which included some personal information of my company, Level One, trade secrets, companies that deal with it. He informed the researcher Vic Directors of the Canadian company during the past week, and has already been withheld this information is non-local In within one day. However, unintentional disclosure of customer data explains the big problem facing large corporations is their exposure to security risks through its suppliers and external companies that deal with it.
Data has been disclosed about the way the breakthrough site of the company Level One Robotics Canada through access to the protocol is rsync, a File Transfer Protocol commonly used in the backup of large datasets.
According to researchers of security it is not put restrictions on the server rsync by IP address or user name User Name, This means that any client rsync related port of rsync was to have access to download these data, anddemonstrates this the sheer amount of sensitive data and the number of businesses affected how can risks impact the electronic supply chain from a third party and a fourth on the largest companies.
Published company UpGuard event details in the publication via her blog titled How to show supplier of robots and confidential data for manufacturing companies? Shown that if there is someone who knows where to look will enable him access to trade secrets protected by the automakers due to the fault of the Supplier company.
It is noteworthy that in the 2013 event the worst data breach due to an error the company supplied, when confirmed the company’s Target Stores, giant to there pirates have captured about 40 million credit card number, debit card was used at its stores has been touted attackers this data by penetrating one of the fighters of the heating and ventilation systems of the buy the target and then use the information stolen from this commercial activity to get systems to target, infiltrate and.
During last month the company revealed a ticketmaster Ticketmaster to sell the tickets that the payment information of thousands of customers have been stolen recently in the breakthrough happened because the program is not secure from a company Inbenta, a company run forums chat customer support on the website of TicketMaster.
Confirmed 56 per cent of firms -that participated in last year’s survey conducted by the ponemon Institute lemon Ponemon Institute research security – they know at the time what a breach of security due to suppliers, and increase the likelihood of penetration increased with the number of external parties that deal with companies said the participants in the Survey said that an average of 470 an outside company has gained access to sensitive company information, compared with 380 companies one year ago.
Said Larry ponemon founder of the research firm: “I started the Executive Directors in recognition that some of their relationships with third parties and create security risks unreasonable”.
Said Faye Francis Faye Franklin, the Executive Director of the centre for the sharing and analysis of information related to car a trade group focused on cybersecurity: “the automobile industry has a supply chain deep and complex as the security risks faced by third party a source of growing concern”.
Lifting Milan gasco Milan Gasko, CEO of the Canadian Level One to discuss any details about the incident so that these confidential documents have been disclosed through it, where he said the company is taking these allegations very seriously, and fully investigate the nature and extent of operation of this disclosure, he added: “in order to maintain the integrity of this investigation will not offer any comment at this time”.
It is worth noting that Level One was founded in 2000 in the city of Windsor in Canada, and opened an office American after six years in the city of Detroit, the company offers engineering services with a focus on robots and automation manufacturing companies.
Declined officials from General Motors, Toyota and Volkswagen to comment on the data that has been disclosed, while the new Fiat Chrysler, Ford and Tesla to requests for comment.
Become a supply chain is the weakest part in the area of data privacy big companies, still the companies that spend millions of dollars annually in the field of cyber security is endangered by the Supplier deals with their statements, as involving serious supply chain for the expansion of the parties of the third and fourth who are dealing with data sets of companies.
All these suppliers have the processes and systems of their own to determine how to protect data, so it must have institutions and suppliers to the operations of the Unified deployment of the work on the creation of assets and keep them securely, which reduces the likelihood of an accident breakthrough data. If this is not included the security in the operations themselves, there would always be errors in initialization lead to the breakthrough data.
As you should also have a response plan in the event of a data breach, so that they can act quickly to address it when they are in an accident, as the company did Level One in this case.
Work company Level One Robotics with customers, suppliers and others as required the process of manufacture and sale of robots. This system is very easy to know the entire chain at risk in the case of a single link is unlocked and well.
Link to it from the source: hacked data reveals trade secrets for auto makers, General Motors, Ford, Tesla, Toyota