A recent report caused the blogmaster to search BU Archives.
As far back as 2014 with the support of vested parties led by subject matter expert James Bynoe, several blogs highlighting the threat posed by cybersecurity were to Barbados Underground – list a FEW- Understand Internet Data Privacy: What should you know and expect, Website Defacement Cyber threat to the Caribbean and Caribbean Businesses, Organizations and governments and people could be losing millions to cyber criminals and hackers and don’t know it appeared. For those interested do a search using ‘cybersecurity’ of the BU Archives.
Last week it was reported the Queen Elizabeth Hospital (QEH) suffered a cybersecurity incident. Another way to explain it – information was stolen from QEH’s database by unknown parties. So far the official and sanitized explanation is – “the QEH was taking all necessary precautions to protect the integrity of our systems ans patient privacy“. On December 14. 2022 the QEH issued a report indicating changes to its operations because of the cybersecurity incident – Temporary Changes At QEH Due To Internet Outage.
The blogmaster from the inception of Barbados Underground in 2007 has been bemoaning the lack of financial and IT literacy in Barbados. A read of the comments section under the blogs linked and others support the conclusion. Several BU commenters questioned the bona fides of James Bynoe and the priority given by BU to matters of IT security in the Barbados landscape. As the saying goes, if you don’t hear, you will feel.
So far the official statement may suggest to Barbadians the government and officials at the QEH have the matter under control, FALSE. We have confirmation from officialdom of a breech which means an unauthorized person or persons have access to confidential health information of Barbadians and others who have had to seek medical attention. The information stolen can be used for many purposes depending on what stored in the QEH database. According to website TechTarget a primary healthcare provider database includes the following:
- name;
- address (anything smaller than a state);
- dates (except years) related to an individual — birthdate, admission date, etc.;
- phone number;
- fax number;
- email address;
- National ID number;
- medical record number;
- health plan beneficiary number;
- account number; credit card details (blogmaster)
- certificate or license number;
- vehicle identifiers, such as serial numbers, license plate numbers;
- device identifiers and serial numbers;
- web URL;
- Internet Protocol (IP) address;
- biometric IDs, such as a fingerprint or voice print;
- full-face photographs and other photos of identifying characteristics; and
- any other unique identifying characteristic.
It is optimistic for concerned Barbadians to expect reasonable explanations to be forthcoming from government. No doubt the ramifications of the QEH breech will be cloaked under it being a national security matter. There is a ‘casualness’ successive governments seem to manage confidential information of Barbadians, some have not forgotten the sharing of personal information by the Barbados Electoral Office leading into the last general election.
The blogmaster is not optimistic the rank and file Barbadian understands the importance of managing data in a protected environment ‘far less’ our leaders. Being reactive is a curse we will have to live it seems.
Where there is no vision what…?
Correction
How Much Is Your Email Address Worth?
· The answer to that question is £84.50.
I know Bu X’mas season is when people start acting nice to each other, but Johnny Knocks should be sanctioned in my humble opinion for chatting bare shit
Big Tune from the Grace Thrillers
Karma acts promptly these days, int got no time to waste. There has been a complaint that RoB reps commissioned the hacking of someone’s laptop last week, apparently, hackers had the same idea for a gov entity, which is a much bigger loss. Keep going after people, but be sure that someone is waiting in the wings to come after you too. You are not untouchable or invincible.
People’s personal information, ID etc are still in cyberspace. Gov entities can’t handle consistent attacks.
Perhaps “James Bynoe” should now assist the QEH for free as it is his sister that now runs the institution.
Barbados has way too many cover-ups and conflicts of interest to work effectively in a Digital Era. We are seeing that unfold and will see a whole lot more of that soon. Sorry to say.
“It is against that backdrop” that I will say: “Cybersecurity in Barbados lacks the credibility that it needs to have because of a plethora of charlatans the have invaded that space”. These un-masked and un-shrouded Cyber-Villains seek nothing more than to saddle clients with hugh bills for one hundred plus page “reports” that were generated by a template site or a downloaded pc application.
These wretched fakes and frauds, peddlers of snake oil and empty promises, when challenged cannot provide any deep technical insights to their clients about Cybersecurity matters, but will instead opt to speak in terms of cliches and buzz terms aimed specifically at confounding and confusing their targets.
They come with lofty business names like “Caribbean Cybersecurity Center” and “Carisec Global Inc” just to name a few of the top “shadow boxers” knocking about the place today.
These companies are one man shows, masquerading as full service Cybersecurity Organizations with a staff compliment and brick and mortar locations to match, but are not even close.
Their owners /managers are relentless pirates who call companies on a weekly basis trying to scare CEO’s and other top management about what is happening in Barbados as it relates to Cyber threats, and what will happen if these persons are not allowed into the respective organizations to implement their own will and desires. These activities are solely aimed at getting a foothold, extracting as much cash as possible and as quickly as possible before the unsuspecting target starts to see through the veil. By that time, if they are lucky the financial disadvantage to their company can be contained, but it is not without some fiscal pain to the specific target.
However, if you ask some of these “C-list” actors for extensive references, success stories, or just plain old Certifications and a history of employment, that line of questioning will normally make for light work and they will hastily beat an exit!
The QEH, NIS, and any other organization in Barbados that is serious about Cyber Defense, Cyber-Resilience or just plain old good Cybersecurity practices and policies, needs to do their research and start to speak with those persons who do not pontificate and proselytize, or seek aggrandizement and attention. Get in touch with companies that are doing something “right” as it relates to Cyber and avoid the excessive noise coming from the “Peanut Gallery”, because, as we have been shown by example, its “Empty vessels that make the most noise!”
@The Watcher
List the agendas of the cybersecurity shops peddling for business, it does not change the passive approach of leadership in government and even private sectors.
The Wicked West went to War to implement their [racist faces] New World White Colonial Odour and claimed their illegal spying was required for fighting terrorism terrorism terrorism, when it was noted they really wanted to spy on all civilians and illegally share data with septic tanks yanks using apps like Prism, against data protection laws, human rights and international law they implemented new laws to say they was now kosher and legal. The mission creep was to spy on all under the guise of drug wars, money laundering, spy watch lists for activists, extremist politics. I have been added onto IP blacklists just for commenting radical ideas about their white supremacy racism, slavery reparations etc .
GCHQ NSA UK USA are now prejudiced and hypocritical about China and their superior IT technology and stronger economy overtaking and lapping them. They spied on BLM but turned a blind eye / took their eye off the ball against racism populism and russian help for brexit and trump.
Bu seems to operating an algorithmic blockage for quality control, where the Blogmeister performs a coin toss review to determine what can pass through. Where can it can be when I get rid of this misery, but this here action will cause a reaction, when this man is saying that man can’t pass.
@ David on December 18, 2022 at 10:47 AM
Well, you probably know just as well as I do, that when we Barbadians ( both born and naturalized) have to spend money on something, especially when that thing is not tangible and we cant see the immediate returns, we get real cheap!
Correct me if I am wrong here ( and you seem to be plugged in more deeply on the political front than I ever will be), but government seems not to do a whole lot of anything unless there is some political capital to be gained from it.
The private sector on the other hand, does not seem to do much of anything unless some form of profit can be realized from it.
Cybersecurity as a practice, unless its being peddled by some firm whose specialty it is, wont result in many political check boxes, or high profits respectively, so its implementation will wain until it just goes away or so we hope.
So the “passive approach” that you have identified is just us being who we are. We will have a national call to action when EZPay or the Treasury or Finance or the Central Bank or even SWIFT gets the juice squeezed out of it and we can no longer drink from the cup of procrastination.
As for the Private Sector, well, they will shape up when they are frozen stiff out of their databases and communication links for two or so weeks and the business is now on the verge of collapse. Alternatively, if I know them well enough, they will pay the ransom and expect us to pay their increased price model as a result of their poor decisions.
Its coming though, that Cyber event that will cripple many of our systems is coming if we dont get serious enough about this hi matter so just hang on and wait for it.
@The Watcher
Your summation of the matter at hand cannot be faulted too much. It boggles the mind why we are not having the self labeled advocates coming out of the woodwork with the same zeal to compare with the IDB Survey matter for example. It is a serious matter the ease databases of public and private sectors are being penetrated in Barbados.
USA and UK spend billions on spy budgets and hundreds of billions up to one trillion which is one million million on national security budgets which is taking the piss. It is a scam man.
I have an opinion that is similar to The Watcher.
Sometimes, I wonder what safety measures are in place?
Is our IT keeping abreast of developments in their field?
How is the system accessed?
A word to the wise
I worked at a large international pharmaceutical company (32,000 employees which had the following protective measures in place
(1) Employees could not download any app or exe files from the internet.
(2) Necessary apps were stored in “software center” on the company system and it was from there we were able to copy required apps to our computers
(3) We could not save files from our computer to a flash drive or any external device
(4) We used our userid and password for initial logon to the company computer, but to go access company information we would then have to log-on to the company site and as part of the process entered a number generated by a token; every person had his own ‘token” generator and this was issued with the computer.
(5) If there was an issue, then an IT technician would access your computer using a special system. You would have to contact IT and go through a verification process before help would be provided. They then had to request access to view your computer remotely.
(6) New users (employees) were given a profile and access based on the tasks they were performing
(7) Access to additional folders had to be requested from IT after request was approved by the ‘folder owners’. ‘Folder owners’ could not grant you access
(8) This was a company with a large footprint in several countries. Though there was an IT department in some countries, I got the impression that (a) a standard process was applied when giving people access to the system and (9) all IT staff was controlled by a central site. Basically, IT was broad enough to accommodate different user groups and different sites, but it was a controlled process.
10) Every computer had mcafee computer antivirus.
Short note: I started to take some computer course when studying in ST Augustine. It did not take me long to decide that the “computer God” was not worthy of worship. Have your own measuring stick. Don’t believe the hype.
@ TheOGazerts on December 18, 2022 at 7:17 PM:
So what you have outlined here is just Good IT, Security and Operational Policy in effect.
nothing rocket science in it. I bet that almost everyone followed it without as much as a challenge to its existence.
You know what I suspect also, your pay was closely tied to making sure that these mandates were followed else you would be out of a job. I bet that much!
So what you have written here we can achieve quite easily. We just have to want to understand that value that it brings and then have that desire to be successful.
Perhaps you can summarize it and submit it to the Nation or Barbados Today as a Cybersecurity piece. I see that those publications tend to print trash from the Peanut Gallery that has no real value, so maybe they will do an about turn and print yours which to my mind has a ton more value
@The Watcher
What was outlined is good security policies by any company but is that all that is required to defend against external attacks from hackers?
“or even SWIFT gets the juice squeezed out of it”
SWIFT is a global messaging system between banks
it does not perform payments or settlements etc just instructions between banks
hacking SWIFT would not be a big deal
hacking SWIFT would not be a big deal..
.. banks have their own systems for downstream processing of incoming messages and creation of outgoing messages, security lies within the banks systems
Can’t even see any real posters these days. Hope Pacha, William, TLSN, Terence etc are paying RAPT attention. Real drama and action playing out everywhere, of the big leagues variety. So much happening ya gotta keep ya head on a swivel and make sure none of it sticks to ya…lawd…what a chain of events.
Staying in my little corner bosie, don’t want the world class big players steam rolling over tiny me. Who would have thought.
I am not IT. Was just commenting on what IT did at my company.
There was a Barbadian (IT) guy who was born in England of Bajan parents and foolish me got in a conversation of who is a “real Bajan” and who is not. I realized my ignorance and apologized, but that is why I am so sensitive about comments directed towards us in the Diaspora… We remain real. We are real
The comment was not directed at you, it is about identifying government’s lack of a robust cybersecurity strategy/policy.
AOP: I consider myself as making real comments.
“What was outlined is good security policies by any company but is that all that is required to defend against external attacks from hackers?”
@David
I tried to emphasize how IT was centralized, proactive and was limiting access to the computer system. It would be sensible to believe that other methods were employed.
A word to the wise
Along with this hack, we recently had someone removing data storage media from BWA premises. So besides electronic defense there must be steps to ensure that storage devices with confidential information are protected; to monitor access to the building and what is taken in and out of the building.
Given the easy availability of sensitive information, I am doubtful of the steps employed to protect these data.
Once again I see an attempt to assign weights to various contributors. Whilst I admire the intelligence and contribution of some here we must all remember this . “There are no Gods; the Gods are all dead”.
One of the reason Barbados finds itself in trouble is that there is too much hero worship. Two men may say the same thing, but the quality of the statement is judged by who says it. If we embrace that fact that a sensible man can talk nonsense and an idiot may speak with a nugget of sense, then we may be able to discern when our experts are giving us less than stellar advice.
Please use your rankings but do not disparage the comments/contribution of others.
“AOP: I consider myself as making real comments.”
One of the very few.
It’s instructive that those who spent years stalking and harassing commenters have had the blog to themselves for months and dont know what to do with it, as some of us knew would happen. That is after they spent years showing massa what good divisive slaves they are and enabling massa to proceed with panache.
I don’t mind them loving their massa mind you, cause i unbiasedly find some of massa’s intellectual prowess and intrigues quite attractive from a certain point of view..but one should love self first. Either way it’s too late for the good slaves to recover lost ground anyway. They blew their load on the petty and silly..
Watch as things unfold.
Anyone knows how the “Let’s Sue Massa Show” is proceeding. All types of things ah gwaan, so ah gotta axe, ya never know. Are they still chasing the Drax and cousin Charles shadow.
I heard some billion dollar figures calling in another reparations arena that is heating up, only problem is, the figure should be trillions, billions are nothing in these times, but i staying outta dat one.
“We remain real. We are real”
“I consider myself as making real comments.”
In order that you perceive your reality
you must have working senses
that means your body must function
before you can perceive a reality
So what runs your body?
Is it within your perceived reality or from outside?
Your heartbeat all the rhythms of your body, the laws that govern life are not coming from your perceived reality
they’re coming from the total reality
the whole universe is working through you
and then you become alive
and then make your perceived reality
all those rhythms are methods of communication
you are communicating with the whole universe
your life is through the life of the universe
what are the laws that make you breathe? think?
where do these laws come from?
must be beyond the perceived reality
because they must be there first for us to be perceived reality
Is the light that you see in front of you produced by the sun or by you?
The sun is radiating energy
energy your brain converts into light
so you are producing the light
so if you want to see your inner light it is in front of you
you are producing this perceived reality that is produced in your brain
all the senses are created in the brain
you can only perceive 5% of the whole
how can you assume you are translating the whole reality out there?
that’s why we call it perceived reality
If I make my reality I am like a projector
after you produced it in your brain
you have to project it outside
because this reality
if it not projected
you don’t feel it as your environment
so the senses do not only keep information
it is not a one-way street
all your senses work both ways
active in reception
active in projection
in projection of your reality outside
and then you think it is outside
it’s lie a projector, during the movie, you are living the film out there
but in reality the film is in the projector
so the projector is your brain, the film is in it and you projected outside
the act of projection and the act of producing light and all that
takes energy
a projector if you keep running it will heat up
same thing with you
because it is a left brain operation, your reality is made up, through the activation of the senses, then what happens is it overheats if you use it too much so you you have to sleep, whenever it gets too stressful you daydream and activate the other part of the brain and it is relaxing
if a person has too many problems they just daydream
the more you concentrate the more you stress
If I am producing my reality and I have a projector I’m producing my reality
I can control it and I can play with this reality I am producing
but it doesn’t work that way
Imagine there are 100 projectors out there producing the film
Whatever I do one will not even be seen out there
Even if I close it off completely the film is still going on
it’s like if I have one instrument with one string and I hit the string and I can stop it the sound goes away
but now if I have a musical instrument and I hit my string and then stop it the sound will not stop.. resonance
the reality through resonance becomes solid
resonance is a form of interference and becomes solid through resonance
we are parts of forming it, but we are not the total forms of it,
so at the end it becomes our reality
so this is our perceived reality
Root cause of all of these issues is poor IT governance.
I gave a statement to the police (at CID headquarters) a few years ago as part of an investigation. The officer was using a Windows 98 desktop, it was not networked and everything was saved on the local HDD. A few months later I learned that there was no record of my statement and to expect a call from the same officer to give my statement again. Never got the call and later heard through the rumor mill that the officer and supervisor were both suspected of corruption.
Owen and the squandermania years should have focused on IT governance not just Edutech. The result is a country continuously behind the 8 ball in a perpetual state of catch up
https://www.instagram.com/p/CmZOxjtyAQT/
QEH Internet fix soon –
https://barbadostoday.bb/2022/12/20/qeh-internet-fix-soon/
This is what some are supporting and pretending they don’t know. You should see the predator trash all dressed up in lipstick. The predator pedophile scum they are letting loose on children worldwide.
“Aussie Trans Sex Offender Jailed After Sting Operation
A transgender Australian has been jailed for five and a half years after attempting to solicit sex with a nine-year-old girl and her mother while already on bail for sending explicit messages to underage girls – who turned out to be child exploitation detectives.
Tiane Miller, born a man, reportedly asked the woman she was chatting to online if her daughter wanted to “be in the room and get naked too,” before being arrested by cops at an arranged meeting point in possession of children’s lingerie.
Miller had been bailed for having sent a series of lewd messages – including images of the suspect’s penis – over three weeks to who the individual believed were 14-year-old girls before cops pounced on the individual’s home.”
African Online Publishing Copyright (c) 2022. All Rights Reserved. on December 19, 2022 at 10:31 AM said:
“AOP: I consider myself as making real comments.”
One of the very few.
It’s instructive that those who spent years stalking and harassing commenters have had the blog to themselves for months and dont know what to do with it, as some of us knew would happen. That is after they spent years showing massa what good divisive slaves they are and enabling massa to proceed with panache.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The pot calling the kettle black.
YOU ARE AN IDIOT.
You got the blog all fuh yuh self and still can’t stop criticizing and HARASSING other bloggers and coming with yuh samey, samey comments EVERYDAY.
Cuddear…some anonymous feelings got hurt. Give it a couple months, say about 6 or a little more, it will get much, much worse.
Karma is so competent.
Nonsense! Is ONE transgender paedophile representative of the whole bunch?
If one heterosexual person who is not transgender is a paedophile, does that make all of us paedophiles??????
This is the level of idiotic thinking that got me tired and needing a break in the first place!
A departure from logic meant only to allow the “thinker” to remain in his or her comfort zone.
Some of us, myself included, don’t mind being uncomfortable.
Truth be told, I would love life to be that simple, two sexes, two genders, each loving the other sex, just one neat package.
But the reality is that life and people are messy! And I have NO RIGHT to tell another person what gender they are or to whom they must be sexually drawn.
It has no bearing on my life. A person has been given, even according to the Christian book, the right to determine how he or she lives life.
Again, according to the Christian book, God is quite capable of judging and determining their final fate. No help from humans is necessary.
I support the right of people to live their lives in the manner that suits them, as long as it takes no rights away from me.
As far as I know, I have the right to remain a female heterosexual.
As far as I know, there is no plan afoot to deprive me of that right.
Nosey old farts need to mind their business!
Not crossing wunna but…..
The following was received by email and posted to social media by a cybersecurity expert, it is good to see some curious commentary since BU raised the matter.
https://barbadosunderground.net/wp-content/uploads/2022/12/P1.png
https://barbadosunderground.net/wp-content/uploads/2022/12/P2.png
This is in today’s Barbados Today.
Source: QEH
Here is a recent statement from QEH regarding the cyber breech which says little to the public about the seriousness of the breech.
Source: Nation
QEH progress report on cyber attack
https://www.nationnews.com/2022/12/31/qeh-progress-report-cyber-attack/