Asha Javeed

Lead Ed­i­tor In­ves­ti­ga­tions

asha.javeed@guardian.co.tt

The ac­counts of Gov­ern­ment min­istries and state en­ter­pris­es are in­clud­ed in the 6GB of da­ta up­loaded to the dark web af­ter the Oc­to­ber 9 breach at the Telecom­mu­ni­ca­tions Ser­vices of T&T (TSTT).

Among those ac­counts are the Of­fice of the Prime Min­is­ter and Prime Min­is­ter Dr Kei­th Row­ley.

In a state­ment is­sued on Tues­day night, Dr Row­ley said it was not his per­son­al bank in­for­ma­tion.

“It ap­pears to be my TT Gov­ern­ment tele­phone bill ac­count, which is some­where on TSTT’s sys­tem. That piece of da­ta has in­fo which is ac­cu­rate but not se­cret,” he said in a state­ment to Guardian Me­dia, which was sub­se­quent­ly pub­lished on his Face­book page.

Among the in­for­ma­tion Guardian Me­dia gath­ered were tele­phone num­bers for ex­ec­u­tives and per­son­al doc­u­ments on change of num­bers for staff.

IT con­sul­tant Shiv­am Teelucks­ingh, who has been done a deep dive in­to the da­ta and its im­pli­ca­tions for TSTT cus­tomers, yes­ter­day ex­plained that the in­tri­cate con­nec­tion be­tween TSTT and oth­er gov­ern­ment agen­cies sig­nif­i­cant­ly height­ens the cy­ber­se­cu­ri­ty risk.

“Con­sid­er, for in­stance, the po­ten­tial reper­cus­sions of a com­pro­mised ID card scan. Be­yond the im­me­di­ate threat of iden­ti­ty theft, this seem­ing­ly in­nocu­ous breach opens the door to the cre­ation of fraud­u­lent doc­u­ments, with im­pli­ca­tions rang­ing from il­lic­it bank ac­count set-ups to fraud­u­lent ac­tiv­i­ties across in­ter­na­tion­al bor­ders. This sce­nario em­pha­sis­es the crit­i­cal need to pri­ori­tise the pro­tec­tion of our da­ta,” he said.

To il­lus­trate this, he point­ed to the Prime Min­is­ter’s da­ta avail­able in the da­ta dump.

On Tues­day, Dr Row­ley de­nied his ID card, dri­ver’s per­mit and pass­port were com­pro­mised in the da­ta leak by TSTT and said it was a rel­a­tive, an­oth­er Kei­th Row­ley. In Par­lia­ment, Pub­lic Util­i­ties Min­is­ter Mar­vin Gon­za­les al­so de­nied the PM’s de­tails were list­ed in TSTT’s da­ta dump.

There are two Kei­th Row­ley’s in the TSTT da­ta dump.

But one of them - of the three lists that were down­loaded from the dark web - is dis­tinct­ly list­ed as Dr Kei­th Row­ley.

To cor­rob­o­rate this, Guardian Me­dia used the Prime Min­is­ter’s birth­day - Oc­to­ber 24, 1949 - which is pub­lic in­for­ma­tion and was able to ver­i­fy his iden­ti­fi­ca­tion on the da­ta dump list us­ing his birth date.

Dr Row­ley’s dri­ver’s per­mit num­ber was list­ed on an­oth­er da­ta dump list. To ver­i­fy whether it was in­deed the PM, the in­for­ma­tion was en­tered in­to the Min­istry of Works and Trans­port’s web­site, with his birth date, and his iden­ti­fi­ca­tion came up. (See pic­ture).

On No­vem­ber 3, TSTT ad­mit­ted that 6 GB of its da­ta was leaked but said it came from a lega­cy sys­tem and con­tained da­ta which was no longer valid.

How­ev­er, while in some in­stances, pass­port in­for­ma­tion and ac­counts have changed, in oth­er in­stances they are valid and cur­rent.

Dr Row­ley has said the fact that these da­ta or any oth­er can fall in­to the hands of crim­i­nals is deeply dis­turb­ing and that this in­ci­dent should be treat­ed with the great­est com­pe­tence and ut­most sin­cer­i­ty by the com­pa­ny.

“TSTT is al­so ex­pect­ed to treat this mat­ter as a na­tion­al se­cu­ri­ty threat and en­sure that the pub­lic trust is re­stored, pre­served and han­dled with ab­solute pro­fes­sion­al­ism,” the PM said on Tues­day.

Gon­za­les has or­dered an in­de­pen­dent in­ves­ti­ga­tion in­to the breach.

Guardian Me­dia has re­port­ed that de­spite TSTT’s de­nials, the da­ta dump con­tains bank­ing and cred­it card in­for­ma­tion, as well as birth cer­tifi­cates and for­eign ID cards of peo­ple who would have used the com­pa­ny’s net­work.

The names of the coun­try’s top of­fi­cials, Prime Min­is­ter Row­ley, Pres­i­dent Chris­tine Kan­ga­loo, Chief Jus­tice Ivor Archie, Fi­nance Min­is­ter Colm Im­bert, Na­tion­al Se­cu­ri­ty Min­is­ter Fitzger­ald Hinds, Po­lice Com­mis­sion­er Er­la Hare­wood-Christo­pher and Pub­lic Util­i­ties Min­is­ter Mar­vin Gon­za­les, are all in­clud­ed in a list of peo­ple found in doc­u­ments down­loaded from the dark web from TSTT’s da­ta breach.

The list con­tains 1.2 mil­lion en­tries and there are hun­dreds of thou­sands of names which were post­ed on­line fol­low­ing the da­ta breach.

As of yes­ter­day, the da­ta has been down­loaded over 19, 112 times from the dark web.

Ex­pert: Cy­ber­at­tack a wake-up call

Yes­ter­day, IT ex­pert Teelucks­ingh said cus­tomer com­mu­ni­ca­tion is para­mount in times of da­ta breach­es.

“Per­son­al in­for­ma­tion, rang­ing from phone num­bers to ad­dress­es, has be­come prime am­mu­ni­tion for cy­ber­crim­i­nals em­ploy­ing so­phis­ti­cat­ed so­cial en­gi­neer­ing tac­tics. This isn’t mere­ly a the­o­ret­i­cal con­cern; it’s a tan­gi­ble threat that re­quires im­me­di­ate at­ten­tion and ac­tion. ... The po­ten­tial con­se­quences are se­vere, rang­ing from the ex­trac­tion of sen­si­tive in­for­ma­tion to gain­ing phys­i­cal ac­cess to un­sus­pect­ing vic­tims. Pic­ture the ease with which a cy­ber­crim­i­nal could ex­ploit this in­for­ma­tion to ma­nip­u­late in­di­vid­u­als, per­suad­ing them to di­vulge con­fi­den­tial de­tails or fa­cil­i­tat­ing unau­tho­rised ac­cess to their premis­es,” he ex­plained.

He said the grav­i­ty of the sit­u­a­tion ex­tends be­yond na­tion­al bor­ders and em­pha­sised the ur­gency of bol­ster­ing our dig­i­tal de­fences and im­ple­ment­ing strin­gent mea­sures to safe­guard per­son­al in­for­ma­tion.

“More­over, let’s delve in­to the pow­er of a seem­ing­ly in­nocu­ous email ad­dress in the hands of a cy­ber­crim­i­nal. Pos­ing as a TSTT rep­re­sen­ta­tive, an at­tack­er could send a care­ful­ly craft­ed email con­tain­ing a seem­ing­ly ir­re­sistible link, promis­ing a prize or ex­clu­sive of­fer. The un­sus­pect­ing re­cip­i­ent, whether a cus­tomer or even a high-rank­ing ex­ec­u­tive, may un­wit­ting­ly click on the link, un­know­ing­ly grant­i­ng ac­cess to a trea­sure trove of sen­si­tive da­ta,” he said.

He ob­served that while these sce­nar­ios may sound like plots from a movie, they are not con­fined to the realms of fic­tion.

“The po­ten­tial for da­ta mis­use ex­tends be­yond our bor­ders, mak­ing it im­per­a­tive for us to for­ti­fy our dig­i­tal de­fences. I have tak­en the ini­tia­tive to share the in­for­ma­tion I pos­sess with rel­e­vant au­thor­i­ties, recog­nis­ing the need for col­lec­tive ac­tion in ad­dress­ing this breach. It’s not just about per­son­al re­spon­si­bil­i­ty, it’s about en­sur­ing the wider com­mu­ni­ty is cog­nizant of the dan­gers and em­pow­ered to pro­tect them­selves.

“I im­plore every­one to ex­er­cise cau­tion and re­frain from seek­ing in­for­ma­tion on the dark web for ma­li­cious pur­pos­es”

He said that re­cent cy­ber at­tack serves as a wake-up call for T&T.