BreachExchange mailing list archives
Sparks details attack and data theft
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Wed, 20 Mar 2013 10:02:02 -0400
http://finance.yahoo.com/news/sparks-details-attack-data-theft-161500035.html The company behind Sparks, the app that is designed to help you connect with and meet new people nearby with whom you have shared interests, and which was first presented at SXSW in 2012, has given details of an attempted Denial of Service attack allegedly undertaken by an employee of their sub-contractors, an outsourcing development company based in Ho Chi Minh City, Vietnam. Stephen Smith, Founder of Paragon Proximates Ltd, states: “Sparks was developed under contract with our own parent company, Digital Proximates Limited. We terminated our relationship with the sub-contractors at the beginning of January after it became apparent that the software the sub-contactors had delivered was not what was specified and, in the event, totally unfit for purpose. It was following this termination that the app was attacked. “We have proof that the alleged attack was initiated by one of the employees of the Vietnamese developing company, one of the app developers who not only had knowledge of how to attack, but who also had previous knowledge of, and access to, our IT assets. The target of the attack was a known weakness in the system, one we had repeatedly asked the sub-contractors to rectify. “This particular weakness had in fact been identified by ourselves and after the sub-contractor’s repeated refusal to rectify it, we took remedial action on January 3rd 2013. But until it was addressed it was the cause of numerous outages. At the onset of the attack over 1,000 requests per minute originated from a PC in Vietnam, with one single user account. As a mobile application with our entire user base connecting via their mobile devices – this was the only connection from a PC. The activity itself lasted for several hours and data-scanning activity was logged during this period. “Through a detailed examination of the logs the next day we were able to identify a specific employee of the Vietnamese developing company. Given the fact that we were able to trace the source of the alleged attack back to the sub-contracted development company, we informed the company’s management in Ho Chi Minh and San Francisco, which in turn acknowledged our communication and committed itself to an investigation. However, in a later communication they denied that it was anything to do with them. “Whilst researching the alleged hacking, it became clear that the Vietnamese developing company were copying our data to their own servers – when we asked them to delete that, they instead claimed IP over the content.” Paragon Proximates Limited, the company behind Sparks, has reported the alleged attack and the data theft to the Information Commissioner in the UK and, with the kind assistance of the British Embassy in Hanoi and the HM British Consul in Ho Chi Minh City, to the Ministry of Information and Communication in Vietnam, and is working with law enforcement agencies in the appropriate legal territories. The sub-contracted development company in Vietnam was established in 2008 by a team of US and European executives and claims to be a specialist in new product development with offices in Ho Chi Minh City and San Francisco. Sparks is a ‘local social’ network that helps you to maximise your awareness of who is around you and what they’re talking about. Sparks makes it easy for you to share your thoughts and photos and make new connections with other people around you. Sparks also makes it easy to maintain the connections you've made locally wherever you are. Sparks gives you more freedom to discover who’s around, follow profiles and like content, hold 1-2-1 chats and broadcast to some or all – even to Facebook – with a single post. And all without the bother of in-app advertising. With Sparks, users can: View up to 300 users’ profiles in the Discovery Grid Chat to other users privately, for free Follow or Like other Sparks users to find them again quickly Stay up-to-date with friends and followers on the Discovery Stream Share photos and updates on Sparks - and out to Facebook Easily share private photos and videos in chat Choose who sees photos and videos in your Private Gallery Notes to Editors About Sparks Launched in November 2012, Sparks is the social discovery app for meeting new people. If you love social networking on the go, Sparks helps you find the right people, when and where you want to meet them. Sparks is a 'local social' app - the content you see changes as you move around town or the world. Sparks also makes it easy to maintain the connections you've made locally wherever you are. It is designed to take the growing social discovery market to the next level by allowing users to get more connected with their lives and neighbourhoods and away from the increasingly noisy and impersonal global social networks. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Sparks details attack and data theft Erica Absetz (Mar 20)