MFA might help one account at a time, it wasn't the cure for one login being able to accesss every "Health Documents" folder.

A company with, as far as I can tell, very little online presence has made a bold claim that they have identified the MMH hacker. Further investigation shows a website, which links to a Discord, where people can report incidents - with is largely empty aside from boilerplate posts. I'm left wondering if RNZ got duped.

https://www.rnz.co.nz/news/national/585494/cybersecurity-group-identifies-person-behind-manage-my-health-hack 

boosacnoodle:

 

A company with, as far as I can tell, very little online presence has made a bold claim that they have identified the MMH hacker. Further investigation shows a website, which links to a Discord, where people can report incidents - with is largely empty aside from boilerplate posts. I'm left wondering if RNZ got duped.

 

https://www.rnz.co.nz/news/national/585494/cybersecurity-group-identifies-person-behind-manage-my-health-hack 

 

Grain of salt, etc.

"Those responsible, a hacker who calls themselves Kazu"

Big reveal there!

I read the report earlier, and my immediate thought was that it would surely be highly unlikely for the perpetrator to be named by a seemingly minor entity, before they were actually apprehended by whatever authority.

I would have expected any announcement from our own NZ authorities after the perpetrator was arrested.

A quick Google of the spokesperson named, seems to be an NZ actor based in the UK.

My $0.02 - I doubt the validity of the report and would say RNZ has been had good and proper.

Where is the report?

boosacnoodle:

 

Where is the report?

 

By report, I meant the RNZ report at the URL that you posted earlier.

geek3001:

 

I read the report earlier, and my immediate thought was that it would surely be highly unlikely for the perpetrator to be named by a seemingly minor entity, before they were actually apprehended by whatever authority.

 

I would have expected any announcement from our own NZ authorities after the perpetrator was arrested.

 

A quick Google of the spokesperson named, seems to be an NZ actor based in the UK.

 

My $0.02 - I doubt the validity of the report and would say RNZ has been had good and proper.

 

I get major discord scriptkiddie vibes.

RNZ:

 

.."We're just mindful that we're still looking into this individual, and we don't want to mistakenly drive this person underground by making them aware that there are these kinds of investigations ongoing into them."..

 

Then goes to the press...

I was just having a look, joking around with my friends and noticed how easy it would be to register a domain, clone their login and send out 1000's of known NZ emails from a previous leak 

Forget DKIM, DMARC, SPF etc... I would almost guarantee that this wouldn't be 0% effective. 

MMH should really register these similar domain names. 

turtleattacks:

 

MMH should really register these similar domain names. 

 

But that costs money! /s

On a serious note - goes to show the operation they are running... 

turtleattacks:

 

I was just having a look, joking around with my friends and noticed how easy it would be to register a domain, clone their login and send out 1000's of known NZ emails from a previous leak 

Forget DKIM, DMARC, SPF etc... I would almost guarantee that this wouldn't be 0% effective. 

 

MMH should really register these similar domain names. 

 

Cereus Health Group (owners of the ManageMyHealth platform) do have a number of domains registered (mmh.nz for example). However trying to stop typo squatting would be very hard and just a ongoing battle.

Nate001:

 

turtleattacks:

 

MMH should really register these similar domain names. 

 

 

But that costs money! /s

 

On a serious note - goes to show the operation they are running... 

 

But didn't they just get independently audited by security experts?

Wouldn't this be raised? Surely? 

sampler:

 

turtleattacks:

 

I was just having a look, joking around with my friends and noticed how easy it would be to register a domain, clone their login and send out 1000's of known NZ emails from a previous leak 

Forget DKIM, DMARC, SPF etc... I would almost guarantee that this wouldn't be 0% effective. 

 

MMH should really register these similar domain names. 

 

 

Cereus Health Group (owners of the ManageMyHealth platform) do have a number of domains registered (mmh.nz for example). However trying to stop typo squatting would be very hard and just a ongoing battle.

 

Not really typo squatting. They can set up a domain, with https, and mail server that can send out password reset emails with all the right authentications and checks by Gmail/Outlook/Yahoo!/Hotmail/Rocketmail. 

And, a page that looks exactly like their login.