OpinionTaran Rampersad: Are websites increasing cybersecurity vulnerabilities?

Taran Rampersad: Are websites increasing cybersecurity vulnerabilities?

Above: Illustration by vectorlab/DepositPhotos

Why So Many Breaches in Trinidad?

Taran Rampersad wrote this piece for his website, knowprose.com and it is reproduced here with his permission.

People continue to ask why there are so many data breaches happening in Trinidad and Tobago. I’m not someone who would call himself a security expert by a stretch, but it’s an intriguing enough question that I decided to look into it.

Are there commonalities in Website Technology?

First, I checked the websites of those that had been breached, which might reveal some commonalities. Bear in mind, it’s possible that the websites weren’t how the information was accessed.

TSTT, which had the most noteworthy breach, runs Wix – which was quite a surprise if only because of the vendor lock-in associated with it. I was expecting a more commonly used content management system but instead, Wix.

The Office of the Attorney General’s website, attacked earlier this year and probably the 2nd most important breach overall since it paralyzed the Judiciary is using WordPress. It also is actually not the first time; a teen was charged in 2007 for hacking into the Attorney General’s Office.

MassyStorestt.com also runs WordPress, but is substantially behind in upgrades. Pricesmart.com runs mostly BloomReach and a bit of Drupal. Their breach was reported yesterday.

It’s apparent that this isn’t an issue of common platforms being compromised. Yet there is a hint in here. MassyStoresTT.com being substantially behind in WordPress updates.

Maintenance

When I was heavily into developing CMS websites, I tried doing that locally in Trinidad and Tobago and found that people thought they could just buy a website and it would simply be done and they could go about their business without maintenance contracts. It simply doesn’t work that way.

Maybe even after years, that hasn’t changed. Maybe these websites aren’t being maintained and kept up to date with technology, which includes patching for exploits that allow their data to be breached or otherwise attacked. Maybe.

Personally, with my experience in dealing with local companies and government offices, I don’t see them seeing maintenance as a priority. In fact, I didn’t do business with companies in Trinidad and Tobago for that same reason because… I didn’t want my name associated with poorly maintained sites.

Is this the only conclusion? Definitely not.

Who Has Access Anyway?

Everyone talks about the breaches, but the public always assumes that the people with access to the information had a reason to access the information. In the TSTT data breach, scanned copies of people’s identification were found and I have to wonder what TSTT’s information policy is. Who needs access to that level of information, and why?

I’d be surprised if it were available through the website because that would be just asking for trouble.

Assuming they themselves can be trusted with your personal information, there’s social engineering, which the video below explains…

We forget at times that the people with access to information themselves are open to attack to get to something bigger. Maybe their own computer systems they use to access the data are compromised, maybe they’ve been compromised.
Conclusions

Again, I’m no security expert. Some of the information available from these breaches and the way attacks happened on some websites was clearly associated with the websites themselves. TSTT’s data breach seems different in that regard because no sane company would have that information accessible through their website.

Altogether, it seems like a lack of maintenance for most of these breaches – and maybe there were deeper issues with all of them, but in particular the TSTT data breach.

What is most disturbing is that these are the breaches we’re worried about, which could be a fraction of the number of breaches that happened. The announced breaches we found out about because either someone showed evidence or it created an issue that impacted products and services.

The insidious breaches, the ones where people simply mine the information and don’t get caught or brag, we don’t know about. That’s what concerns me most.

We should be worried.

About the author

Taran Rampersad

Taran Rampersad has over three decades of experience working with technology, the majority of which was as a software engineer.

He is a published author on virtual worlds and was part of the team of writers at WorldChanging.com that won the Utne Award and an outspoken advocate of simplifying processes and bending technology’s use to society’s needs.

His volunteer work related to technology and disasters has been mentioned by the media (BBC), and is one of the plank-owners of combining culture with ICT in the Caribbean (ICT) through CARDICIS and has volunteered time towards those ends.

As an amateur photographer, he has been published in educational books, magazines, websites and NASA’s ‘Sensing The Planet’. These days, he’s focusing more on his writing and technology experiments. Feel free to contact him through Facebook Messenger.

Social permission and the data center

Social permission and the data center

Generating equipment would have to be designed for the sea-salt laden air found even inland on an island.
Read More
Support us

Support us

Donate to support our work.
Read More
Brightstar Lottery launches 6th Annual Coding & Robotics Rock! Camp

Brightstar Lottery launches 6th Annual Coding & Robotics Rock! Camp

We want students in Trinidad and Tobago to understand these technologies from the inside, as innovators and problem-solvers.
Read More
How should business and government embrace AI?

How should business and government embrace AI?

"Very few people in the world can quantify the fiscal value of AI." - Anton Alexander
Read More
A request of readers

A request of readers

This is what's been happening since Newsday went away.
Read More
The data privacy issues in TT’s national ID platform

The data privacy issues in TT’s national ID platform

A country building a biometric database with no enforceable data-protection law is a live risk in the abstract.
Read More
Digicel, LoopUp partner to bring Microsoft Teams telephony to the Caribbean

Digicel, LoopUp partner to bring Microsoft Teams telephony to the Caribbean

By partnering with LoopUp, we can give our enterprise customers a seamless, fully managed Teams telephony experience
Read More
iVote Live launches with a focus on improved governance for organisations

iVote Live launches with a focus on improved governance for organisations

"A platform does not automatically create good governance. A digital vote does not automatically create democracy."
Read More
Maximize online impact with content that connects

Maximize online impact with content that connects

Staying visible online is hard when daily demands compete with the pressure to post often, stay on-brand, and still sound human
Read More
How influencer marketing works in the Caribbean

How influencer marketing works in the Caribbean

You have to really trust in this influencer to represent your brand, to be an advocate, to be the voice of your brand.
Read More
Your children: More device use means more cyber risk

Your children: More device use means more cyber risk

Shared family devices are often overlooked in terms of software updates and become gateways for cybercriminals.
Read More
CIBC Caribbean cards can now be added to Google Wallets

CIBC Caribbean cards can now be added to Google Wallets

Clients will be able to store Visa and Mastercard Credit Cards and Visa Debit Cards within Google Wallet, a digital wallet that's also launching in these markets.
Read More
Samsung Electronics expands water replenisment in 2026 Sustainability Report

Samsung Electronics expands water replenisment in 2026 Sustainability Report

Across its supply chain, Samsung expanded the scope of third-party audits to include 122 first-tier suppliers and 39 second-tier suppliers.
Read More
Social permission and the data center Social permission and the data center
Support us Support us
Brightstar Lottery launches 6th Annual Coding & Robotics Rock! Camp Brightstar Lottery launches 6th Annual Coding...
How should business and government embrace AI? How should business and government embrace...
A request of readers A request of readers
The data privacy issues in TT’s national ID platform The data privacy issues in TT’s...
Digicel, LoopUp partner to bring Microsoft Teams telephony to the Caribbean Digicel, LoopUp partner to bring Microsoft...
iVote Live launches with a focus on improved governance for organisations iVote Live launches with a focus...
Maximize online impact with content that connects Maximize online impact with content that...
How influencer marketing works in the Caribbean How influencer marketing works in the...
Your children: More device use means more cyber risk Your children: More device use means...
CIBC Caribbean cards can now be added to Google Wallets CIBC Caribbean cards can now be...
Samsung Electronics expands water replenisment in 2026 Sustainability Report Samsung Electronics expands water replenisment in...

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

RELATED POSTS