Tuesday, November 14, 2017

Project EaglePuff

If you're not familiar with it, Project EaglePuff is the codename for the ongoing Scotiabank cybersecurity problem.  It was chosen as a stupid codename for what is, really, a brainless set of leaks, that were wholly preventable.

The size of the leak has grown from over 750MB to >1GB now - and now covers a large IT vendor in Toronto, Scotiabank Chile, Scotiabank Mexico as as one of the cloud companies that Scotiabank was touting some months back. 

Whilst one of the leakers has realised that certain files shouldn't be public, they've already been curated and documented, so will be handed over as evidence that they were out, when the time comes.

My work is now basically done - I've proven that Scotiabank can't secure stuff the way they should - so, I'm now just waiting for advice on steps.