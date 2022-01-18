60 gigs of sensitive information stolen: according to the hackers, the Company’s cybersecurity systems would be of a minimum level.

A package of well 60 gigs including highly sensitive data was stolen last October from the network of Siae and has now been posted online. Information is currently at the mercy of anyone who wants to use them for illegal purposes.

The group responsible for the attack is Everest. Not much is known about this black hat hacker, except that it would be an independent entity acting alone. The threat actor initially requested a ransom to release the stolen data, but Siae was adamant and did not compromise, paying no amount. Hence the cyber criminal’s decision publish the material.

The sensitive information concern personal data, identity documents, driving licenses, credit cards and Iban codes, health cards and medical certificates, email addresses, telephone numbers and other personal information entered by customers in the registration forms for the company that redistributes royalties to authors and publishers. Also affected are the same employees of the organization.

Siae, the computer security of the network is “very low level”, according to hackers

From what we learn, therefore, the “loot” collected by Everest should not be underestimated. Since this is Siae, it is clear that a lot of data concerns characters from the world of entertainment and song. Nonetheless, Siae has decided not to shell out the ransom of 3 million euros in Bitcoin requested on 21 October from the attacker. The firm position of the CEO Gaetano Blandini induced the hacker to gradually lower the bar, up to the request for a payment of 50 thousand euros in the form of a spontaneous donation to a non-profit association chosen by Siae itself. The publication of the material, it is believed, would therefore have resulted from yet another refusal by Blandini.

Of the 60GB of sensitive data that has been made public, however, only half would seem to be actually accessible. The archive contains approx 28 thousand documents and, although it is now possible for many of the victims to secure multiple accounts, it may still appeal to criminal associations. With all the personal information available, a group could put in place different types of attacks in social engineering, ranging from Phishing or Smishing techniques, up to the complete identity theft.

The perpetrator of the theft, i.e. the hacker responsible for the data leak, was contacted by the cybersecurity blog Red Hot Cyber, to which he revealed he did not use no ransomware to breach the SIAE network and plunder its archives. Indeed, answering a specific question, Everest pointed out how the Company’s security systems are almost non-existent: “On a scale of 1 to 10, my rating of this company’s IT security is 1”. To enter, Everest therefore carried out a penetration test, thus discovering the vulnerabilities of the system at the level of backdoors, bugs and various computer errors. As happens, so to speak, with auditors authorized to test data security. It is not known whether it was a external test – therefore based on website, domain and other online material – o internal, launched perhaps after having come into possession of the entry credentials of some employee.