Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Privacy

Red Cross Begs Hackers Not To Leak Data of 'Highly Vulnerable People' (therecord.media) 71

The Red Cross has disclosed that it was the victim of a cyber attack and has asked the hackers who broke into the IT network of one of its contractors not to leak the personal information of more than 515,000 of "highly vulnerable people." The Record reports: The data was stolen from a Red Cross program called Restoring Family Links, which aims to reunite family members separated by conflict, disaster, or migration. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, director-general for the International Committee of the Red Cross. "Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data," Mardini said.

"The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration," the organization said in an email.

This discussion has been archived. No new comments can be posted.

Red Cross Begs Hackers Not To Leak Data of 'Highly Vulnerable People'

Comments Filter:
  • by gweihir ( 88907 ) on Thursday January 20, 2022 @06:10AM (#62190867)

    Somebody at the Red Cross went cheap. And now a lot of people may have to pay the price.

    • The Red Cross is frankly something of a shit show. After the Camp fire (all time worst name) in Lake County, local volunteers had a working system gathering and distributing donations and the Red Cross came in and shut it down because they wanted to be in charge, and literally never got it up and running again.

      That's nothing compared to their bullshit response to heavy weather in 2012 [propublica.org], but it's in the same vein.

      https://www.propublica.org/art... [propublica.org]

      • by Viol8 ( 599362 ) on Thursday January 20, 2022 @07:31AM (#62190957) Homepage

        Like a lot of Generation Woke, the charity sector seems to have been taken over by people who are more interested in appearing virtuous and caring than actually being virtuous and caring. The latter involves hard work, commitment and putting others first, whereas the former involves just a lot of noise making and PR which is much easier to undertake.

        • by gweihir ( 88907 )

          Unfortunately, that sounds very plausible. Appearance over substance.

          • What doesn't sound plausible is that this is the fault of "generation woke", whatever that's supposed to mean. Malfeasance in the name of charity has been a thing since time immemorial.

          • by narcc ( 412956 )

            Ah, the Apple model of charity.

            I run a non-profit, and I've run other non-profits. I can assure you that most organizations are actually working hard to make a difference in their communities.

            That said, charity is absolutely overloaded with corruption. Particularly in larger organizations where real money is involved. It's been like this for thousands of years. I don't buy that "generation woke" crap. That generation finally realized that we need a shared set of moral values. My generation was cynica

        • Re: (Score:2, Informative)

          by thegarbz ( 1787294 )

          Like a lot of Generation Woke, the charity sector seems to have been taken over by people who are more interested in appearing virtuous and caring than actually being virtuous and caring.

          You're confusing virtue signaling with incompetence. Just because they have the same net effect doesn't make them the same. I know some people who work for the red cross. They genuinely *want* to make a difference and are often completely hamstrung by rules and regulations that are present in any kind of larger organisation.

          I think the Red Cross should be broken up into hundreds of little more local institutions. They will actually make a difference then.

      • You arent wrong. The Louisville chapter turned out to be the most efficient and best run chapter in the US. This was in 2013. So what does the DC chapter do? They announce that all other chapters, including DC will be run just like Louisville, with one caveat. They had to fire all their vendors and switch everything over to the DC systems and overpriced shit show. Problem solved. louisville stopped being highly efficient and stopped embarrassing the DC office. There literally is no redeeming aspect of any e
      • The Red Cross is frankly something of a shit show. After the Camp fire (all time worst name) in Lake County, local volunteers had a working system gathering and distributing donations and the Red Cross came in and shut it down because they wanted to be in charge, and literally never got it up and running again.

        That's nothing compared to their bullshit response to heavy weather in 2012 [propublica.org], but it's in the same vein.

        https://www.propublica.org/art... [propublica.org]

        They've been a shitshow for a long time. My brother in law was a soldier in Germany, and needed a postage stamp, and they refused to give him one. I forget what it was for, but it was Red Cross related. Supporting the troops, my ass,

        Some years ago, after the Katrina Debacle, the Red Cross tried to get Hams who assisted them to get a criminal, lifestyle, and Financial background check.

        They dropped the last two after all their volunteer radio people found better things to do.

        None of the Hams cared about

      • by bws111 ( 1216812 )

        Too bad the INTERNATIONAL Red Cross (which this article is about) and the AMERICAN Red Cross (which your stupid rant is about) are completely different organizations.

      • Any more updated information? That frankly was terrifying to read. Looking it up the same person seems to be the CEO and there was further scandal involving Haiti. Is it still as dysfunctional?
    • Somebody at the [Pick-A-Company] went cheap. And now a lot of people may have to pay the price.

      FTFY, in case you've been asleep in a coma and missed the inevitable end result of Greed dismissing Security for the last decade or three.

      • by gweihir ( 88907 )

        Actually, I just like to call them out individually these days. Harder to dismiss the problem as "just a few are doing it".

        • Actually, I just like to call them out individually these days. Harder to dismiss the problem as "just a few are doing it".

          (Public Sentiment) "Who again? I'm sorry, it's been more than 17 seconds, and I scrolled past my concern 37 clicks ago."

          Regarding calling out incompetence, it's even harder to find anyone who gives a shit.

    • Their primary mission is humanitarian, not about being a billion dollar technology business. Yes they could have better secured their systems, but paying top dollar doesn’t always mean a better implemented system. We also don’t know what they had in place and how it compares to other systems.

      From my experience, encryption of data at rest is not something a lot of tech people fully understand to implement. You start asking around, as a technology person, and it is often you “should get an e

      • by gweihir ( 88907 )

        Encryption of data only helps for "data at rest". If it is readily accessible, encryption is not a factor because of transparent decryption.

        • Encryption of data only helps for "data at rest". If it is readily accessible, encryption is not a factor because of transparent decryption.

          True. At the same time I’d be interested to know what are considered good ways of securing the type of data the Red Cross is dealing with? I hear plenty of criticism, but not much of how they should do it.

          Part of the reason for being defensive of the RC, is because I know I don’t have the knowledge to create the right safe guards and nor do many developers I know or know of. PII and PHI regulations often talk about requirements, but rarely is it clear how to fully fulfil all of them and with wha

  • ... not to store (ultra) sensitive, life-threatening information on regular unsecured office systems hooked to the public internet?

  • by jd ( 1658 )

    If this was a Grey Hat event to show the Red Cross that they're vulnerable themselves, that would be to the good. Remember, a Red Cross helicopter (or one painted to look like it) has been used in the past by a US death squad and we have to assume the US is one of the more mature, responsible countries. In other words, that data could easily be used by a hostile power precisely the way the Red Cross fear, with that intent.

    I'm looking to see if it would be possible to build an Open Source router, based on Op

  • by Viol8 ( 599362 ) on Thursday January 20, 2022 @07:25AM (#62190941) Homepage

    Most black hats (that have been caught) seem to match the dictionary definition of sociopath loners. I doubt many would be bothered about doing it to their own mothers, never mind strangers however vulnerable.

  • What kind of a person is on a power trip erasing a few ascii characters from an internet site?

    I literally said hackers are powerless tools of authoritarian states who take their pathetic shit out on anyone they can, and there you go.

    You Nazi cocksuck.
  • The Red Cross just seems to stumble from one screw up to the next. Contaminated blood, child molesters on staff and half a million bucks missing in Haiti, emergency vehicles taken out of service for a photo op during Hurricane Sandy relief...now this. And that's just what they couldn't cover up.

    Until I see hard evidence of a genuine cleanup, with a lot of top management publicly fired, the Red Cross is dead to me. There's so many charities out there that desperately need money, and don't have this kind o

    • Yep. Unfortunately charitynavigator is still giving them a very high score, which means charitynavigator is also dead to me since I know beyond a shadow of a doubt that their ratings are bullshit.

      • Charity Navigator is more concerned with the finances of charities, especially the ratio of what they collect to what they spend. For example, in Haiti the Red Cross spent hundreds of thousands of dollars bribing local thugs not to steal food they were distributing. According to Charity Navigator metrics, that's fine and dandy. Although it doesn't completely ignore scandals and incompetence, it doesn't highlight them, and I'm fairly sure it doesn't include them in its evaluations.

        Charity Navigator is a v

  • Begging (Score:5, Funny)

    by necro81 ( 917438 ) on Thursday January 20, 2022 @07:49AM (#62191009) Journal
    FTFS:

    "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, director-general for the International Committee of the Red Cross....

    "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, director-general for the International Committee of the Red Cross....

    It is often the case that begging gets to sound repetitive. Or, maybe the Slashdot editors empathized so deeply with the Red Cross' situation that they permitted a copy-paste duplication on the front page.

  • Who goes after an organizational that helps people? You don't shoot the neutral party that is there to help.

    • by jd ( 1658 )

      https://www.militarytimes.com/... [militarytimes.com]
      https://edition.cnn.com/2008/W... [cnn.com]
      https://www.nickdavies.net/198... [nickdavies.net]
      "There is no hard evidence as to whether Waite realised how he was being used. The Tower Commission found that North was using the Archbishop’s envoy as a source of intelligence, quoting his views in internal memos and referring to him as “our only access to events in Lebanon”. But principally, he used Waite as camouflage."

      In short, governments have no problem abusing trust and humanitarian o

    • They will go after their own grandma. Nothing is sacred to them.

        That's why they need to be sent to a concrete building with metal bars everywhere, where they are not sacred, except maybe their ass.

  • "Red Cross Begs Hackers Not To Leak Data of 'Highly Vulnerable People'

      500,000 US dollars please. You may pay in Bitcoin.

      This is like giving Tommy Tucker your lunch money. Either you sock him hard in the face the first time, or you might as well tattoo "FREE ATM" on your forehead.

  • Have we activated ARES or RACES for this breach yet?
  • There is a difference between the ICRC and the Amercian Red Cross. They're two entirely different orgs.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    vs.

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    These aren't the guys who saved your cousin Louis from a flood last year. These are the guys who save international refugees.

If all else fails, lower your standards.

Working...