Orange recognized this Tuesday, May 6, a new data theft. Reuters Credit
Atlantico: Orange recognized this Tuesday, May 6, a new data theft, this time concerning more than one million people. Concretely, what does this portend for the days to come? What should Orange customers expect? Is this a leak of the same magnitude as that of February?
Fabrice Epelboin: It is indeed a fault of the same order as the leak already observed in February. And therefore in terms of threats, we must expect the same problems as at the time, although the inventiveness and talent of the thieves counts a lot in these kinds of situations. It may as well be phishing through fake emails from Orange asking for payments. Clicking on the link indicated would allow the thief to have access to your bank details. With a little imagination, and being creative in cybercrime, it is even possible to steal an identity and therefore go particularly far afterwards. It becomes possible to take advantage of the social security of the person whose identity has been stolen, to redo a vital card in his name and to recover it… It may seem twisted, but it is nonetheless possible for all that. From the moment someone's identity has been stolen, and Orange has really very specific identity data, it's all about criminal creativity. When Orange claims to have only names, it is a lie. Orange lies systematically, it's the way they manage this kind of crisis. When they are caught first by The Guardian, then by Le Monde, working hand in hand with the DCRI, they lie again. Since it is one of the biggest advertisers in France, it is something that it is possible for it to afford.
It is, however, something that is part of life, in a sense. It's like break-ins in jewelry stores, really. We can't imagine a world without this kind of criminality - the fact of having no more criminals would not necessarily be a positive indicator, since it would most certainly reflect a dictatorial regime of the worst kind - but there is need to educate the public, in particular so that it can avoid various attacks such as those relating to phishing. Which is obviously not compatible with the fact of delivering anxiety-provoking messages vis-à-vis the internet. But in this case, it is a security breach, and it must be understood that absolute security does not exist.
This is already the second time that Orange has been hit by a massive data leak in a few months. How to explain it? Isn't security supposed to be a pillar of Orange's operation? What could be the reasons why the band doesn't care?
This is the second time we've heard of it, anyway. But it is likely that there were many more.
There's a fairly simple explanation, I think, which was already employed by Sony three years ago when a few hackers managed to hack into the Playstation Network: basically, it's something far too big to defend. In terms of American strategy, we say "Too big prospecting to be safe". That is to say that if there is a gigantic territory to defend, regardless of the army at our disposal – because Orange can be assimilated to an army, in that it is a branch of the secret services – it cannot be defended. Even less when this territory suffers from several faults on the right, on the left.
Orange is French security, it is general information. We must approach this as a ministry, a branch of general intelligence in charge of monitoring the French population. This is Orange's mission. Incidentally, they are also internet service providers, but their republican mission is this aspect of population surveillance, which they take very seriously. They are good in safety, but again it's too big. Especially since Orange is perceived, in particular by activist circles such as the French secret services, in the process of setting up a kind of Big Brother, and therefore jeopardizing the concept of democracy.. Inevitably, this arouses the greed of criminals who tend to think that there is a lot of information to recover and use, but it also attracts activist circles who wish to denounce this state of affairs, and who have the same procedures to do so.
What are the systems put in place by the operators?
We do not know enough details, and we will probably never have them, to know concretely what types of devices are in place. These vary according to the attack, we would need to know a little more about the attack to be able to respond concretely.
All that can be said is that it is a question of the security budget, which Orange absolutely has. 100% security does not exist and that Orange has moved into the "bad guys' camp". Orange, in the tech world, it's Monsanto. Sooner or later there will necessarily be very aggressive boycott campaigns. Population surveillance is something that is very badly perceived by the latter, and Orange is at the heart of it. It is therefore, I think, normal that they stir up a certain form of hatred and greed which leads to these attacks. Orange is surveillance and that will necessarily have consequences. Chats and conversations haven't been stolen yet, yet they're recorded!
Is a third leak possible? How to protect oneself from it personally, since it does not seem to be done at the higher level?
More than conceivable, it is inevitable. The real question is not "is it possible", but when will it fall on us? When will we discover a new flaw, a new leak? Since it is not possible to secure anything 100%, it is guaranteed that it will happen again.
As for protecting ourselves against it… It's something very complicated: there really aren't any measures to take, in truth. First, Orange should be avoided as an access provider. To be a journalist, for example, and to use Orange, is heresy. However, even without having Orange, the conversations are intercepted, since they necessarily end up passing through an Orange network. It nevertheless remains a principle as basic as that of the vegetarian who does not eat meat, to do without the services of Orange.
I believe that the question is slightly ambiguous, depending on whether one wonders how to escape the vigilance of Orange, which is very complicated – they are among the best in the world in terms of surveillance – and it requires fairly advanced computer skills, to radically change your work habits on the internet to the point of abandoning certain online services like Google, and a whole bunch of little habits of this kind that must be lost to leave as few traces as possible on the internet. It's something really complex.
Not being a victim of Orange, as an ordinary citizen, is simply impossible for once. In the files that have been stolen, there are prospects and customers. Orange has implemented systems to collect personal data on prospects, more or less legally, but that is not the point. Which means, concretely, that among the stolen files, there are also people who are not Orange customers. Today, the legislator would have to put the point on the table. What no one will do: Orange has already been caught red-handed installing Bacchar al-Assad's political opposition surveillance system. No one will open this file.
Otherwise, part of the population will eventually learn to disappear from the internet. We will find in this sample intellectuals, journalists, for example, but also young people who leave to do jihad in Syria. They are the first to learn this sort of thing.
Faced with this "laxity", what are the alternatives available to Justice? Is it possible to force Orange to review its model?
Justice has no power over this, since the military training law. Article 20 of this law expresses very precisely that the Prime Minister, the Minister of the Interior, the Minister of the Budget as well as the Elysée have access to listening to the French population.. As they wish, without justification and without judicial review. Any legal, press or parliamentary action is intercepted in time, defused and unlocked even before it is executed. Everything is under the control and supervision of the Executive. We moved to a republican regime which gave full powers to the Executive, through a law that can be described as martial. It's scary enough, but people like me have been warning about this for five years. It really ended up happening, and it puts democracy in more than danger: the press is no longer free, justice is not independent… In short, democracy is definitively buried.
source: Atlantico.fr
Further information :
Terms & Conditions
Subscribe
Report
My comments