KITAN, MANASSEH A

CDIBER1-BBB

ARTICLE ON THE MOST RECENT CYBERCRIME

Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Data relating to the Pfizer/BioNTech Covid-19 vaccine, which was stolen in December
2020 following a cyber attack of an unspecified nature against the European Medicines
Agency (EMA), has been leaked on the internet.

According to BleepingComputer, the data dump is understood to include screenshots of

emails, peer review information, and other documents including PDFs and PowerPoint
presentations. The identity of the cyber criminals involved, and whether or not they are
backed by any nation state-linked interests, is unknown at the time of writing.

In a statement, the Netherlands-based EMA said: “The ongoing investigation of the

cyber attack on EMA revealed that some of the unlawfully accessed documents related
to Covid-19 medicines and vaccines belonging to third parties have been leaked on the
internet. Necessary action is being taken by the law enforcement authorities.

“The Agency continues to fully support the criminal investigation into the data breach
and to notify any additional entities and individuals whose documents and personal data
may have been subject to unauthorised access.

“The Agency and the European medicines regulatory network remain fully functional
and timelines related to the evaluation and approval of Covid-19 medicines and
vaccines are not affected.”

The EMA said it would continue to provide necessary information in due course, as far
as is possible.
The organisation – which is working with a specialised security forensics service in its
investigation – maintains that only a limited number of documents were stolen in the
cyber attack, and every third party involved has now been contacted and informed. The
breach relates to only one specific IT application, and only third-party data was targeted.

“Since the start of the pandemic in 2020, the actions of many nation-state actors and
other rogue hacking groups to steal vaccine research and disrupt the supply chain
delivering the vaccines have been diabolical,” said Cybereason chief security officer
Sam Curry. “You would hope that these brazen criminals would be brought to justice,
but that is more fantasy than reality in today’s world.

“With news of the recent leak of sensitive Covid-19 information from the EMA, and
specific vaccine data from Pfizer and BioNTech, the question that begs an answer is
why? Because hackers today still see Covid-19 as a strategically valuable asset and it’s
likely they will for the foreseeable future.”

Curry praised both the EMA and pharmaceutical and research organisations for being
upfront about working with law enforcement to face such threats head-on with more
advanced security tools and improved basic hygiene.

“These companies face a new reality each and every day that motivated hackers will be
successful every time they attempt to hack a company because they are well funded
and are looking to reap both financial and political fame,” he said.

“As the protection surface expands to mobile, the cloud and other potential attack
vectors, those companies that can detect a breach quickly and understand as much as
possible about the hacking operation itself, will be able to stop the threat and minimise
or eliminate the risk all together.”
REFLECTION PAPER

Cybercrime has been around the world for quite some time now, probably the
most recent crime to emerge due to the technological advancement. Normally, people
would store information through ink and papers, but right now, things got more practical
and everyone have kept their personal information, confidential data and other
important information in the internet. As broad as the internet has become, even
vaccine providers got their information hacked by unknown perpetrators. It is something
that everyone should be mindful of, especially companies and organizations that hold
such very vital information that once loss may result in digital destruction.

The article above, as mentioned in its title, informs the mass about the data
leakage of the Pfizer/BioNTech data. It happened last December 2020 and as of the
day the article was written, the perpetrators were still unknown. The cybercrime took
place in Europe and I think that it was done in Netherlands, specifically. If the
perpetrator will be charged with a specific cybercrime, it would be an offense of Data
Leakage. As per the article, the crime was done through a data dump in which these
data were screenshots of e-mails, peer reviews, PDF and Powerpoint presentations
about the Pfizer Covid19 vaccine. Although the true motives are unknown, the
European Medicines Agency theorized that this was done by a company which funds
hackers for the motivation of gaining political and financial fame. Furthermore, during
that time, hackers considered Covid19 as a valuable asset making it more reasonable
on why they pursued stealing vital data of vaccine and revealing its confidential facts.

As a reflection, I realized that not everyone is safe in the cyberspace even these
medical corporations or agencies get their systems hacked and even had their data
leaked by people whose identity is unknown. It is something that we, as netizens to be
mindful of, especially that we are using social media daily not realizing that our security
is not guaranteed. If vital and confidential information such as covid19 vaccine data
could be hacked how much less do we expect our accounts to be? Come to think of it,
these agencies that get their systems hacked, have mandatory cybersecurity since they
hold information that is prohibited from the mass media. Meanwhile, our social media
accounts barely have security, we only rely on the security of the where we have our
social media accounts registered. As a student of the school of criminology, not only do
I find these events of cybercrimes in the real world very informative and alarming since
all of us are using the internet and our personal information are very vulnerable to even
an amateur hacker. We should take our safety in the cyber world more seriously since a
cybercrime is not something that our government could resolve as its jurisdiction is
beyond what physical crimes can do. It is also sad to realize that some hackers are paid
by some states for personal interests.

With regard to how we can prevent such instances of Data Leakages, what we
can do is implement laws that mandate high level of cyber security to agencies that hold
data that may cause danger to the agencies when these data get leaked. For the side of
these companies, if possible, they must coordinate with experts who can improve their
security level in their websites, e-mails, and other medium of communication that they
are using. Agencies and organizations must invest on effective cyber security to prevent
hackers from getting into their websites and e-mails as unauthorized access to it may
harm the agency and the government too. Also, if possible, agencies must keep their
websites as private as possible, only giving access to authorized people. Generally,
data leakage cannot only happen in organizations and agencies that hold data as
important as covid19 vaccines, but this could also happen with organizations that hold
information online or thru computer files. Thus, even small organizations must be aware
of what they upload, in their websites, it must not contain valuable data that hackers
may target. Everyone should be taking preventive measures by their own so that risks
of cybercrime could be prevented. Moreover, the when possible, the government should
also invest on the law enforcement so that chances of hacking in the country could at
least be minimized.