Sparks details attack and data theft

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://finance.yahoo.com/news/sparks-details-attack-data-theft-161500035.html

The company behind Sparks, the app that is designed to help you
connect with and meet new people nearby with whom you have shared
interests, and which was first presented at SXSW in 2012, has given
details of an attempted Denial of Service attack allegedly undertaken
by an employee of their sub-contractors, an outsourcing development
company based in Ho Chi Minh City, Vietnam.

Stephen Smith, Founder of Paragon Proximates Ltd, states: “Sparks was
developed under contract with our own parent company, Digital
Proximates Limited. We terminated our relationship with the
sub-contractors at the beginning of January after it became apparent
that the software the sub-contactors had delivered was not what was
specified and, in the event, totally unfit for purpose. It was
following this termination that the app was attacked.

“We have proof that the alleged attack was initiated by one of the
employees of the Vietnamese developing company, one of the app
developers who not only had knowledge of how to attack, but who also
had previous knowledge of, and access to, our IT assets. The target of
the attack was a known weakness in the system, one we had repeatedly
asked the sub-contractors to rectify.

“This particular weakness had in fact been identified by ourselves and
after the sub-contractor’s repeated refusal to rectify it, we took
remedial action on January 3rd 2013. But until it was addressed it was
the cause of numerous outages. At the onset of the attack over 1,000
requests per minute originated from a PC in Vietnam, with one single
user account. As a mobile application with our entire user base
connecting via their mobile devices – this was the only connection
from a PC. The activity itself lasted for several hours and
data-scanning activity was logged during this period.

“Through a detailed examination of the logs the next day we were able
to identify a specific employee of the Vietnamese developing company.
Given the fact that we were able to trace the source of the alleged
attack back to the sub-contracted development company, we informed the
company’s management in Ho Chi Minh and San Francisco, which in turn
acknowledged our communication and committed itself to an
investigation. However, in a later communication they denied that it
was anything to do with them.

“Whilst researching the alleged hacking, it became clear that the
Vietnamese developing company were copying our data to their own
servers – when we asked them to delete that, they instead claimed IP
over the content.”

Paragon Proximates Limited, the company behind Sparks, has reported
the alleged attack and the data theft to the Information Commissioner
in the UK and, with the kind assistance of the British Embassy in
Hanoi and the HM British Consul in Ho Chi Minh City, to the Ministry
of Information and Communication in Vietnam, and is working with law
enforcement agencies in the appropriate legal territories.

The sub-contracted development company in Vietnam was established in
2008 by a team of US and European executives and claims to be a
specialist in new product development with offices in Ho Chi Minh City
and San Francisco.

Sparks is a ‘local social’ network that helps you to maximise your
awareness of who is around you and what they’re talking about. Sparks
makes it easy for you to share your thoughts and photos and make new
connections with other people around you. Sparks also makes it easy to
maintain the connections you've made locally wherever you are.

Sparks gives you more freedom to discover who’s around, follow
profiles and like content, hold 1-2-1 chats and broadcast to some or
all – even to Facebook – with a single post. And all without the
bother of in-app advertising.

With Sparks, users can:

View up to 300 users’ profiles in the Discovery Grid
Chat to other users privately, for free
Follow or Like other Sparks users to find them again quickly
Stay up-to-date with friends and followers on the Discovery Stream
Share photos and updates on Sparks - and out to Facebook
Easily share private photos and videos in chat
Choose who sees photos and videos in your Private Gallery

Notes to Editors

About Sparks

Launched in November 2012, Sparks is the social discovery app for
meeting new people. If you love social networking on the go, Sparks
helps you find the right people, when and where you want to meet them.

Sparks is a 'local social' app - the content you see changes as you
move around town or the world. Sparks also makes it easy to maintain
the connections you've made locally wherever you are.

It is designed to take the growing social discovery market to the next
level by allowing users to get more connected with their lives and
neighbourhoods and away from the increasingly noisy and impersonal
global social networks.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.