FeaturedOpinion

Taran Rampersad: Are websites increasing cybersecurity vulnerabilities?

3 Mins read

Above: Illustration by vectorlab/DepositPhotos

Why So Many Breaches in Trinidad?

Taran Rampersad wrote this piece for his website, knowprose.com and it is reproduced here with his permission.

People continue to ask why there are so many data breaches happening in Trinidad and Tobago. I’m not someone who would call himself a security expert by a stretch, but it’s an intriguing enough question that I decided to look into it.

Are there commonalities in Website Technology?

First, I checked the websites of those that had been breached, which might reveal some commonalities. Bear in mind, it’s possible that the websites weren’t how the information was accessed.

TSTT, which had the most noteworthy breach, runs Wix – which was quite a surprise if only because of the vendor lock-in associated with it. I was expecting a more commonly used content management system but instead, Wix.

The Office of the Attorney General’s website, attacked earlier this year and probably the 2nd most important breach overall since it paralyzed the Judiciary is using WordPress. It also is actually not the first time; a teen was charged in 2007 for hacking into the Attorney General’s Office.

MassyStorestt.com also runs WordPress, but is substantially behind in upgrades. Pricesmart.com runs mostly BloomReach and a bit of Drupal. Their breach was reported yesterday.

It’s apparent that this isn’t an issue of common platforms being compromised. Yet there is a hint in here. MassyStoresTT.com being substantially behind in WordPress updates.

Maintenance

When I was heavily into developing CMS websites, I tried doing that locally in Trinidad and Tobago and found that people thought they could just buy a website and it would simply be done and they could go about their business without maintenance contracts. It simply doesn’t work that way.

Maybe even after years, that hasn’t changed. Maybe these websites aren’t being maintained and kept up to date with technology, which includes patching for exploits that allow their data to be breached or otherwise attacked. Maybe.

Personally, with my experience in dealing with local companies and government offices, I don’t see them seeing maintenance as a priority. In fact, I didn’t do business with companies in Trinidad and Tobago for that same reason because… I didn’t want my name associated with poorly maintained sites.

Is this the only conclusion? Definitely not.

Who Has Access Anyway?

Everyone talks about the breaches, but the public always assumes that the people with access to the information had a reason to access the information. In the TSTT data breach, scanned copies of people’s identification were found and I have to wonder what TSTT’s information policy is. Who needs access to that level of information, and why?

I’d be surprised if it were available through the website because that would be just asking for trouble.

Assuming they themselves can be trusted with your personal information, there’s social engineering, which the video below explains…

We forget at times that the people with access to information themselves are open to attack to get to something bigger. Maybe their own computer systems they use to access the data are compromised, maybe they’ve been compromised.
Conclusions

Again, I’m no security expert. Some of the information available from these breaches and the way attacks happened on some websites was clearly associated with the websites themselves. TSTT’s data breach seems different in that regard because no sane company would have that information accessible through their website.

Altogether, it seems like a lack of maintenance for most of these breaches – and maybe there were deeper issues with all of them, but in particular the TSTT data breach.

What is most disturbing is that these are the breaches we’re worried about, which could be a fraction of the number of breaches that happened. The announced breaches we found out about because either someone showed evidence or it created an issue that impacted products and services.

The insidious breaches, the ones where people simply mine the information and don’t get caught or brag, we don’t know about. That’s what concerns me most.

We should be worried.

About the author

Taran Rampersad

Taran Rampersad has over three decades of experience working with technology, the majority of which was as a software engineer.

He is a published author on virtual worlds and was part of the team of writers at WorldChanging.com that won the Utne Award and an outspoken advocate of simplifying processes and bending technology’s use to society’s needs.

His volunteer work related to technology and disasters has been mentioned by the media (BBC), and is one of the plank-owners of combining culture with ICT in the Caribbean (ICT) through CARDICIS and has volunteered time towards those ends.

As an amateur photographer, he has been published in educational books, magazines, websites and NASA’s ‘Sensing The Planet’. These days, he’s focusing more on his writing and technology experiments. Feel free to contact him through Facebook Messenger.

Understanding Energy Density: A Guide to Car Battery Capacities

Understanding Energy Density: A Guide to Car Battery Capacities

Understanding the energy density of your car battery isn’t just about making it last longer.
Read More
ISC2 anti-scammer guidance

ISC2 anti-scammer guidance

The Caribbean Chapter of the ISC2 has issued guidance and advice for internet users facing phishing messages and WhatsApp scams.
Read More
Gifts for the tech obsessed

Gifts for the tech obsessed

If you travel regularly, replacing multiple chargers with one unit that can do double or triple duty makes sense, even more so if it has a foldable wall plug.
Read More
TATT begins digital television free to air testing

TATT begins digital television free to air testing

The transition of free-to-air television from analogue to digital will bring an enhanced quality of service to consumers, including up to 4K high-definition resolution video, access to electronic programming guides,...
Read More
New CELIA submarine cable to connect Caribbean to the US

New CELIA submarine cable to connect Caribbean to the US

CELIA will enhance connectivity in the Caribbean region, providing high-capacity and secure data transfer and very high Internet speeds with low latency.
Read More
Samsung leans in on extended reality (XR)

Samsung leans in on extended reality (XR)

Supported by the broader Galaxy ecosystem, this technology will empower and transform your everyday life in a way that only we can deliver.
Read More
What keeps regional cybersecurity experts awake at night

What keeps regional cybersecurity experts awake at night

Whether the attack comes from a successful external attempt, exploiting a vulnerability or from inside, perhaps a disgruntled employee, an exploit needs just one vulnerability.
Read More
Where hackers begin

Where hackers begin

Digital nation strategies have been released by 170 countries and regions and more than 60 countries have elevated AI in their national strategy.
Read More
Blue skies for microblogging?

Blue skies for microblogging?

Bluesky hit its current high of 23 million users faster than expected, but it’s way behind X.
Read More
Samsung Electronics Joins the Carbon Trust

Samsung Electronics Joins the Carbon Trust

Globally, connected devices currently require approximately 500 terawatt-hours (TWh) of energy annually.
Read More
The apps that thrive in Apple’s ecosystem

The apps that thrive in Apple’s ecosystem

By Apple's own yardstick an app that shares usable data across three devices is acceptable one that synchronises with four is a winner.
Read More
America’s open mic moment

America’s open mic moment

What made online pundits so effective in the US election?
Read More
The press and the president-elect

The press and the president-elect

Beyond the president-elect's often-expressed intent to retaliate against journalists he believes are unfairly attacking him is the agenda of Project 2025.
Read More
Understanding Energy Density: A Guide to Car Battery Capacities Understanding Energy Density: A Guide to...
ISC2 anti-scammer guidance ISC2 anti-scammer guidance
Gifts for the tech obsessed Gifts for the tech obsessed
TATT begins digital television free to air testing TATT begins digital television free to...
New CELIA submarine cable to connect Caribbean to the US New CELIA submarine cable to connect...
Samsung leans in on extended reality (XR) Samsung leans in on extended reality...
What keeps regional cybersecurity experts awake at night What keeps regional cybersecurity experts awake...
Where hackers begin Where hackers begin
Blue skies for microblogging? Blue skies for microblogging?
Samsung Electronics Joins the Carbon Trust Samsung Electronics Joins the Carbon Trust
The apps that thrive in Apple’s ecosystem The apps that thrive in Apple’s...
America’s open mic moment America’s open mic moment
The press and the president-elect The press and the president-elect

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
BitDepthFeatured

The Wordpress War

4 Mins read
WPEngine and the websites of its customers were blocked from the WordPress log-in system theme and plug-in updates and other background processes that enable a Wordpress website.
News Briefs

TSTT confirms Kent Western as CEO

1 Mins read
Effective October 01, 2024, TSTT has confirmed the appointment of Kent Western as Chief Executive Officer. Western has been acting…
Press Releases

TSTT partners with France's SOGET to improve port efficiency and digital transformation

3 Mins read
The PCS complements existing systems, neither replacing nor competing with them, ushering in a new aspect of interoperability and data sharing.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
1 year ago

[…] Trinidad and Tobago – People continue to ask why there are so many data breaches happening in Trinidad and Tobago. I’m not someone who would call himself a security expert by a stretch, but it’s an intriguing enough question that I decided to look into it… more […]

×
FeaturedNews Briefs

ShopCourts, Pricesmart online data breached

1
0
Share your perspective in the comments!x
()
x