Project Insecurity was a computer security organization founded in 2018[2] by Matthew Telfer focusing on educational resources, vulnerability identification and remediation, and exploit development.[1]

Project Insecurity
Company typePrivate
IndustryComputer Security
FounderMatthew Telfer
Headquarters
London[1]
,
United Kingdom
ProductsComputer Security Tools, Exploits, and Educational Content
ServicesEducation, Exploit Development, Vulnerability Analysis and Remediation
Websitehttps://insecurity.sh/

Project Insecurity have responsibly disclosed and released a number of security flaws since their formation in 2018.

History

edit

In April 2018, Project Insecurity released two exploits affecting live chat systems used by various Internet Service Providers and Financial corporations around the world. Nuance Communications and LiveChat were the affected software vendors, both of which appeared to be vulnerable to bugs of a similar nature. These bugs could have allowed a malicious actor to glean information on employees relating to the affected companies, such as the name, email, and employee ID of the chat agent, alongside other information such as the backend systems in use, allowing a malicious hacker to potentially gain a foothold within these networks. One of the founders of this exploit was Kane Gamble, who was convicted and given a two-year prison sentence shortly after these exploits were disclosed. Kane's sentencing was unrelated to any activities involving Project Insecurity and was instead due to his involvement with Crackas With Attitude, a group responsible for purportedly hacking the CIA, FBI and Department of Homeland Security.[3] Prior to his sentencing, Kane Gamble had been attempting to show that he had reformed his character, not only working alongside Project Insecurity to help secure the above affected systems, but also by reporting vulnerabilities to companies such as T-Mobile USA of his own accord.[4]

In August 2018, Project Insecurity released a series of critical exploits for OpenEMR, an electronic medical system. There was over 25 vulnerabilities released in total, some of which would allow a malicious hacker to obtain full access to any machine running OpenEMR. This meant that such a flaw could be leveraged to expose the personal information of more than 100 million people worldwide, including 30-million US Citizens.[5][6][7]

References

edit
  1. ^ a b https://www.linkedin.com/company/project-insecurity [self-published source]
  2. ^ "PROJECT INSECURITY LTD - Overview (free company information from Companies House)". beta.companieshouse.gov.uk.
  3. ^ "Kane Gamble, British hacker, admits targeting heads of CIA, FBI". Washington Times. 2018. Retrieved 2018-05-05.
  4. ^ "British teen who tried to hack CIA chief finds 'critical' T-Mobile flaw exposing customer accounts". International Business Times. 2018. Retrieved 2018-05-05.
  5. ^ OpenEMRv5.0.1.3-VulnerabilityReport
  6. ^ at 23:01, Shaun Nichols in San Francisco 7 Aug 2018. "Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities". www.theregister.co.uk.{{cite web}}: CS1 maint: numeric names: authors list (link)
  7. ^ "Health details of 100 million patients vulnerable to OpenEMR security flaw". www.scmagazineuk.com.