Click on our Secret Library of Evidence ------>

    BANKILEAKS Secret Library

Loan Application Forms (LAF's)  

    Bank Emails to Brokers  

    Then Click on 'VIEW NOTEBOOK'

Join us on facebook

facebook3           facebook2 


What BFCSA Does...

BFCSA investigates fraud involving lenders, spruikers and financial planners worldwide.  Full Doc, Low Doc, No Doc loans, Lines of Credit and Buffer loans appear to be normal profit making financial products, however, these loans are set to implode within seven years.  For the past two decades, Ms Brailey, President of BFCSA (Inc), has been a tireless campaigner, championing the cause of older and low income people around the Globe who have fallen victim to banking and finance scams.  She has found that people of all ages are being targeted by Bankers offering faulty lending products. BFCSA warn that anyone who has signed up for one of these financial products, is in grave danger of losing their home.


Articles View Hits

Whistleblowers' Corner!

To all mortgage brokers, BDMs and loan approval officers! 
Pls Call Denise: 0401 642 344 

"Confidentiality is assured."

Cartoon Corner

Lighten your load today and "Laugh all the way to the bank!"

Denise Brailey

Led by award-winning consumer advocate Denise Brailey, BFCSA (Inc) are a group of people who are concerned about the appalling growth of Loan Fraud around the world. BFCSA (Inc) is a not for profit organisation in the spirit of global community concern and justice.

Click on the Cluster Map.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
    Login Login form

BFCSA: LandmarkWhite knew of IT weakness in 2017, a year before data breach

  • Font size: Larger Smaller
  • Hits: 240
  • Print

LandmarkWhite knew of IT weakness in 2017, a year before data breach

Australian Financial Review Mar 10, 2019 11.30pm

Michael Bleby


EXCLUSIVE  LandmarkWhite knew of a security weakness in its valuation platform in 2017, more than a year before it said it was first alerted to the vulnerability that led to the theft of records that were posted on the dark web, according to sources.

At least 15 people across LandmarkWhite's pool of IT staff, contractors and senior management knew of the weakness in its valuation platform in mid-2017 after contractors alerted them to the vulnerability in its API, a piece of software allowing two different systems to communicate, sources told The Australian Financial Review.

This was about 18 months before January 2019, when the company said it upgraded the valuation system that was the subject of the attack.

Far from being a sophisticated data hack, the breach that left 37,500 unique valuation records and 1680 supporting documents posted on a dark web forum for 10 days happened because the API connecting the devices of valuers in the field and LandmarkWhite's server required no authentication and did not restrict access to data. It was easily discoverable by any network searching application – software that routinely scrutinises the web for IT system weaknesses.

"Every single valuer was a walking time bomb," one person with knowledge of the breach said.

It is unclear why the company did not immediately respond to the weakness in its Valm8 system, which was accessed remotely by about 400 valuers nationally.

LandmarkWhite is already in a trading halt – it suspended trading in its shares for up to four weeks last month – but the new revelations may make it harder for the company to recover from a corporate failure that it said it was only first alerted to at the end of last year.

LandmarkWhite did not directly answer questions from the Financial Review about when it became aware of the vulnerability, but repeated an earlier statement that had it been aware of the incident sooner it would have shut down access to the exposed API.

It also said that it was restricted in what it could say about the incident, given its criminal nature.

"Although a small number of clients have resumed providing work to LandmarkWhite, its major clients have not yet, although LandmarkWhite is working very closely with them to resume work with LandmarkWhite as soon as possible," chief financial officer John Wise said in a written response on Friday.

"LandmarkWhite anticipates that this may occur as early as next week."

The company ignored the most basic of internet security measures, said Gareth Llewellyn, a Reading, UK-based internet privacy campaigner who alerted LandmarkWhite to the vulnerability after coming across it in January.

"This is a basic failing that should have been picked up by even a rudimentary cyber security policy," Mr Llewellyn told the Financial Review.

"This data breach was the Internet equivalent of leaving an open filing cabinet in a street-facing loading dock with the doors open."

LandmarkWhite's API required no authentication, or additional verification of users, and did not place restrictions on the release of data for people once they accessed the system.

"In cybersecurity we try to think in terms of "layered defences" with each layer frustrating, blocking or denying an attacker access to data," Mr Llewellyn said. "None of the usual layers of defence appeared to be evident here. LandmarkWhite seem to have relied entirely on 'security by obscurity'."

LandmarkWhite has already changed its story around the data breach that triggered a 15 per cent slump in the share price over two weeks last month. The company initially said that data company CoreLogic, which manages valuation requests between banks and valuers, alerted it to the data breach on February 4.

Ten days after that first announcement, LandmarkWhite said it had received a message via its Live Chat service on December 30, 2018, alerting it to a link on the dark web, which it could not access and subsequently discounted as spam.

It also said it was alerted by the federal government's Australian Cyber Security Centre to a vulnerability on January 10, 2019, the same day it received a Twitter post alerting it to the stolen data – most likely from Mr Llewellyn – although its social media was not being monitored over the holiday period.

LandmarkWhite said it was upgrading the Valm8 platform in January and closed the vulnerability on January 23.

The vulnerability was certainly apparent to outsiders who were looking for it. On January 10, after receiving an anonymous tip-off, Mr Llewellyn, who tweets under the handle @NetworkString, posted a tweet to @lmwproperty, the company's Twitter handle, which included a redacted page with lines of code that demonstrated access to the API without credentials.

"Hi @lmwproperty, Please send me a DM [direct message]. I was sent a Google search and damn... this doesn't look good," he wrote in the tweet, in which he copied in the Cyber Security Centre's @CyberGovAU handle as well as the Office of the Australian Information Commissioner's @OAICgovhandle.

LandmarkWhite did not reply – its social media accounts were not monitored during the holiday period – but the federal government agency apparently did.

"@CyberGovAU have responded and are investigating," Mr Llewellyn tweeted the next day.

Last modified on
Rate this blog entry: