Lead Editor Investigations
asha.javeed@guardian.co.tt
The accounts of Government ministries and state enterprises are included in the 6GB of data uploaded to the dark web after the October 9 breach at the Telecommunications Services of T&T (TSTT).
Among those accounts are the Office of the Prime Minister and Prime Minister Dr Keith Rowley.
In a statement issued on Tuesday night, Dr Rowley said it was not his personal bank information.
“It appears to be my TT Government telephone bill account, which is somewhere on TSTT’s system. That piece of data has info which is accurate but not secret,” he said in a statement to Guardian Media, which was subsequently published on his Facebook page.
Among the information Guardian Media gathered were telephone numbers for executives and personal documents on change of numbers for staff.
IT consultant Shivam Teelucksingh, who has been done a deep dive into the data and its implications for TSTT customers, yesterday explained that the intricate connection between TSTT and other government agencies significantly heightens the cybersecurity risk.
“Consider, for instance, the potential repercussions of a compromised ID card scan. Beyond the immediate threat of identity theft, this seemingly innocuous breach opens the door to the creation of fraudulent documents, with implications ranging from illicit bank account set-ups to fraudulent activities across international borders. This scenario emphasises the critical need to prioritise the protection of our data,” he said.
To illustrate this, he pointed to the Prime Minister’s data available in the data dump.
On Tuesday, Dr Rowley denied his ID card, driver’s permit and passport were compromised in the data leak by TSTT and said it was a relative, another Keith Rowley. In Parliament, Public Utilities Minister Marvin Gonzales also denied the PM’s details were listed in TSTT’s data dump.
There are two Keith Rowley’s in the TSTT data dump.
But one of them - of the three lists that were downloaded from the dark web - is distinctly listed as Dr Keith Rowley.
To corroborate this, Guardian Media used the Prime Minister’s birthday - October 24, 1949 - which is public information and was able to verify his identification on the data dump list using his birth date.
Dr Rowley’s driver’s permit number was listed on another data dump list. To verify whether it was indeed the PM, the information was entered into the Ministry of Works and Transport’s website, with his birth date, and his identification came up. (See picture).
On November 3, TSTT admitted that 6 GB of its data was leaked but said it came from a legacy system and contained data which was no longer valid.
However, while in some instances, passport information and accounts have changed, in other instances they are valid and current.
Dr Rowley has said the fact that these data or any other can fall into the hands of criminals is deeply disturbing and that this incident should be treated with the greatest competence and utmost sincerity by the company.
“TSTT is also expected to treat this matter as a national security threat and ensure that the public trust is restored, preserved and handled with absolute professionalism,” the PM said on Tuesday.
Gonzales has ordered an independent investigation into the breach.
Guardian Media has reported that despite TSTT’s denials, the data dump contains banking and credit card information, as well as birth certificates and foreign ID cards of people who would have used the company’s network.
The names of the country’s top officials, Prime Minister Rowley, President Christine Kangaloo, Chief Justice Ivor Archie, Finance Minister Colm Imbert, National Security Minister Fitzgerald Hinds, Police Commissioner Erla Harewood-Christopher and Public Utilities Minister Marvin Gonzales, are all included in a list of people found in documents downloaded from the dark web from TSTT’s data breach.
The list contains 1.2 million entries and there are hundreds of thousands of names which were posted online following the data breach.
As of yesterday, the data has been downloaded over 19, 112 times from the dark web.
Expert: Cyberattack a wake-up call
Yesterday, IT expert Teelucksingh said customer communication is paramount in times of data breaches.
“Personal information, ranging from phone numbers to addresses, has become prime ammunition for cybercriminals employing sophisticated social engineering tactics. This isn’t merely a theoretical concern; it’s a tangible threat that requires immediate attention and action. ... The potential consequences are severe, ranging from the extraction of sensitive information to gaining physical access to unsuspecting victims. Picture the ease with which a cybercriminal could exploit this information to manipulate individuals, persuading them to divulge confidential details or facilitating unauthorised access to their premises,” he explained.
He said the gravity of the situation extends beyond national borders and emphasised the urgency of bolstering our digital defences and implementing stringent measures to safeguard personal information.
“Moreover, let’s delve into the power of a seemingly innocuous email address in the hands of a cybercriminal. Posing as a TSTT representative, an attacker could send a carefully crafted email containing a seemingly irresistible link, promising a prize or exclusive offer. The unsuspecting recipient, whether a customer or even a high-ranking executive, may unwittingly click on the link, unknowingly granting access to a treasure trove of sensitive data,” he said.
He observed that while these scenarios may sound like plots from a movie, they are not confined to the realms of fiction.
“The potential for data misuse extends beyond our borders, making it imperative for us to fortify our digital defences. I have taken the initiative to share the information I possess with relevant authorities, recognising the need for collective action in addressing this breach. It’s not just about personal responsibility, it’s about ensuring the wider community is cognizant of the dangers and empowered to protect themselves.
“I implore everyone to exercise caution and refrain from seeking information on the dark web for malicious purposes”
He said that recent cyber attack serves as a wake-up call for T&T.
