CyTA hands over hacker case to police

THE Telecommunications Authority (CyTA) has handed over to police the case regarding the publication by hackers of broadband users’ usernames and passwords, the Cyprus Mail has learned.

It was reported yesterday that the usernames and passwords of around 8,500 broadband users had been posted on a website by hackers who managed to gain access to CyTA’s service i-choice.

However, it has since transpired that the list only contained around 2,200 names.
The case concerns the same list that was stolen around three years ago, with the data again posted on the web.

CyTA issued no statement, though spokeswoman Sofia Yiannakou told the Cyprus Mail that an in-depth and thorough investigation was under way and an announcement would be issued when it was finished.

Questions have been raised regarding the authority’s response at the time of the theft, since many of the usernames were still valid.

It is understood that that is another issue currently under investigation.

And despite the official line, the Cyprus Mail has learned that CyTA has already handed over the case to the police for further investigation.

The data was posted on http://www.shitanet.0catch.com, a website supported by the Electric Lightwave Inc. network and based in Vancouver, Washington, USA.

It is a shared folder on the Internet, which was impossible to access yesterday as it is limited to 40MB of downloads per day.

As soon as the story broke yesterday, many curious people visited the website to download the list.

An expert told the Mail that the list was out there because CyTA had not encrypted it in the first place.

And when the hackers managed to break into the system, the list was there for them to take, he said.

He added that around three years ago, when the list was hacked, there were people going round accessing the Internet for free, using the stolen usernames and passwords.
“Even my name is on the list,” he said.

But the freeloaders could have been located or at least the remote locations, if CyTA’s logs had been activated. They could have picked IP (Internet protocol) addresses.

The authority is also having to answer questions after hundreds of picture messages (mms) were sent out to clueless subscribers.

Most of the pictures depicted sexy women and the sender in all cases was CyTA.

A source in the company said that they were looking into the matter, though it initially looked like it was a mistake by subscribers who had activated the Calendar Girl function on their Cytamobile-Vodafone cards.

When activated, this automatically sends a new picture of a model – male or female depending on preferences – to the subscriber’s phone at the first and 15th of the month.

The complaints about the messages were made on Wednesday, February 2.

The Cyprus Mail is the only English-language daily newspaper published in Cyprus. It was established in 1945 and today, with its popular and widely-read website, the Cyprus Mail is among the most trusted news sites in Cyprus. The newspaper is not affiliated with any political parties and has always striven to maintain its independence. Over the past 70-plus years, the Cyprus Mail, with a small dedicated team, has covered momentous events in Cyprus’ modern history, chronicling the last gasps of British colonial rule, Cyprus’ truncated independence, the coup and Turkish invasion, and the decades of negotiations to stitch the divided island back together, plus a myriad of scandals, murders, and human interests stories that capture the island and its -people. Observers describe it as politically conservative.