This case study delves into the critical issue of (meta)data leaks within the public sector, shedding light on the escalating cyber risks that government entities face. In an increasingly digitized world, public bodies store vast quantities of sensitive information, making them prime targets for cyberattacks.
The study highlights the urgency for public organizations to fortify their information security measures. By examining real-world incidents and their impacts, this case study provides essential insights into the evolving landscape of cyber risk, offering valuable lessons and recommendations to safeguard valuable data and uphold public trust.
Given the results of this case study, public bodies must take decisive actions to bolster their cybersecurity and safeguard the integrity of the information they hold.
Goals:
- Share what information is being exposed by these organizations
- Highlight the risks associated with these data leaks
- Offer a view to learn something new!
What are the expected (ideal) results?
-
- No usernames or personal names.
-
- Aliases or pseudonyms on documents.
-
- Maintain traceability.
-
- No GPS locations.
-
- Publish copyright notices.
- No hardware or software details.
What have we found?
… any guess?
Download case study
Don’t miss out on the complete findings of data leaks in the public sector – Download the case study for in-depth insights!
What is an ‘attack surface’?
It is the aggregate of exposed and internet-facing assets, along with the associated risks that a hacker can exploit to carry out a cyber-attack.
What is “metadata”?
It is the summary and the description of the data. It is used to classify, organize, label, trace and understand data, making sorting and searching. We will focus on document metadata.
Let’s see some examples:
Metadata can be used to create fun stuff...By using “geotagging” techniques we can include geographical info on our documents. I know where your Cat Lives is a masterpiece campaign in this field.
Also, it can be used to create something creepy...What if you mix geotagging with social networks? Geo creepy is another OSINT experiment that you should check out.
Metadata can also expose a ‘different truth‘…In 2023 the metadata from the Iraq Dossier revealed information that contradicted the official UK government communication.
… it will depend on our motivation! If our metadata lands in the hands of The Good Guys, it could be beneficial and fun. What about the ‘bad guys’? • Can they use our metadata to prepare an attack? • How much information are we giving for free? • What can we do to obstruct reconnaissance of our organization?”
What have we done?
- We collected websites from Public Sector Organisations.
- We scanned and analysed the information publicly available.
- We classified the information based on its nature and the risk it represents.
Download full case study
