TalkTalk hack: Internet providers storing browsing history is blackmail risk, say experts
Cybersecurity experts are warning internet providers such as TalkTalk that as well as exposing their customers to fraud through poor security they may be putting users at risk of blackmail as they are called on by the government to store increasing amounts of data from people's search history.
Theresa May's Home Office, as part of the review of the investigatory powers legislation (better known as the Snooper's Charter), has called on internet service providers to store up to one year of people's browsing history. However, in the wake of high profile hacks at TalkTalk and Ashley Madison, experts are warning this browsing history could be easily manipulated by online blackmailers.
How would you feel if someone dumped a big file on the internet showing every web page you visited in the past year? How will the internet service providers' reputation and business suffer when this happens?
Jim Gumbley, lead consultant and security expert at ThoughtWorks
Jim Gumbley, lead consultant and security expert at ThoughtWorks, told IBTimes UK: "The politics of this aside, this will impose a requirement on the internet service providers to hold yet more personal data. There is an impact if someone hacks in or otherwise steals this data from internet service providers systems. How would you feel if someone dumped a big file on the internet showing every web page you visited in the past year? How will the internet service providers' reputation and business suffer when this happens?
"The likelihood of this kind of outcome is in part down to how determined the Internet Service Providers are to invest in protecting data. The recent theft of personal data from TalkTalk indicates the likelihood of personal data theft from UK Iinternet service providers is currently more than zero," he added.
The new Snooper's Charter legislation is currently being wrangled over. The issue of judicial oversight over the investigatory powers has been one particular sticking point but internet and phone companies are likely to keep all their users' communications data for up to 12 months if the bill is passed.
At present, it is unclear how much data is stored by each service provider but it appears to be done on a case-by-case basis.
"My understanding is that it would be up to the individual company as to how long they might retain those log files. My understanding is that those retention policies could vary based on the individual internet service provider," Joe Sturonas, chief technology officer of PKWARE, an international data security and smart encryption company, told IBTimes UK.
"This case is just one example of the new generation of criminality my team are dedicated to tackling"
- Detective Superintendent, Jayne Snelgrove
Sturonas added there were a variety of methods available to hide browsing history from internet providers through proxies and onion browsers.
UK police, under the direction of Met's Cyber Security Unit, is continuing to investigate the TalkTalk hack with a team of 500 specialist officers.
In a statement, Detective Superintendent Jayne Snelgrove of the Cyber Crime Unit said: "This case is just one example of the new generation of criminality my team are dedicated to tackling. We continue to lead on this investigation but are working with the National Crime Agency."
Snelgrove, who heads Operation Falcon, the Met's response to fraud and linked crime online, added that: "Operation Falcon sees a more focused and joined-up approach by the Metropolitan Police Service, the business industry and other law enforcement agencies to ensure that we quickly identify the issue – in this case alleged data fraud – and immediately set about working to protect the public, designing out the crime and arresting the culprits."
© Copyright IBTimes 2024. All rights reserved.