Australian PM Scott Morrison says the country’s major political parties and parliament were hit by a “malicious intrusion” on their computer networks. The activity was carried out by a “sophisticated state actor”, he said. But he added there was “no evidence of any electoral interference”. The nation will hold an election within months. Mr Morrison’s comments follow an investigation into the hacking attempt, which was first thought to involve only the parliament’s servers.
Images of child sexual abuse and stolen credit card numbers are being openly traded on encrypted apps, a BBC investigation has found. https://t.co/iGq4hVcZUI
— Edge Cyber Security (@EdgeCyber) February 19, 2019
Experts Comments below:
Sam Curry, Chief Security Officer at Cybereason:
“The Australian parliament and all governments globally are the traditional target for most of the named cyber groups. And this latest breach isn’t shocking. In fact, the Australian parliament can expect to continue to be a target. Beyond traditional nation on nation spying, government agencies make great targets because they are clearinghouses for significant amounts of sensitive data. Criminal cyber actors are typically trying to either pilfer databases with significant PII or to paralyse networks in an attempt to ransom them. This breach is yet another wake-up call for governments to prioritise IT modernisation projects and cybersecurity projects across the board. When IT/Security projects are line items on an agency’s overall budget they will, almost without exception, be deprioritised. If large scale attacks against governments have taught us anything over the past few years, it’s that Global 1000 enterprises are better prepared to turn back cyber adversaries. And until cyber threats are taken as seriously as physical security and prioritised as separate, earmarked appropriations, governments will never be capable or motivated to stop cyber attacks in a serious manner. “
David Emm, Principal Security Researcher at Kaspersky Lab:
“Cyber-attacks on political parties are almost becoming commonplace – especially in the run up to elections. In an atmosphere of increased suspicion of the cyber capabilities of different nations, the focus very often becomes intent on identifying the attacker. This is understandable. At the same time, however, it’s vital to ensure that defence and security remains top priority to protect against almost inevitable future attacks, whether political or criminal in nature.
“The news that all the main political parties in Australia were breached has shown that attackers will try to achieve their aims by compromising multiple routes – proving more than ever the importance of working together to ensure maximum protection from malicious actors, across geographical and political boundaries No matter what an organisation has already experienced in the case of breaches or hacks, they must regularly review their information security processes and educate staff on how to keep their own, and others’, information secure.”
Christopher Littlejohns, EMEA Manager at Synopsys:
“The use of what is currently considered “uncrackable” encryption mechanisms is an essential capability that enables much of the commerce that is executed on the internet. Without encryption, there would be no way to safely buy goods online, protect personal data, comply with GDPR regulations, do your banking, communicate safely in the battlefield, etc. We literally cannot do without encryption in current and future times. So encryption ensures privacy and security in the transmission and storage of our valuable data, hence this is why criminal and terrorist groups of various kinds will use it to their advantage.
“The underlying issue is one that societies as a whole need to tackle. The question is, is tackling the bad usage of encryption worth the potential impact on the good uses? Governments throughout the world are considering this problem, but there are no easy answers. If government agencies demand that the private keys are stored in some form of Escrow or similar, this undermines the whole purpose of encryption, to guarantee privacy and security. The worry would be that these keys are used for political or criminal purposes. This would lower the trust that people would place in the good uses of encryption, and could badly effect the economy. Alternatively, if we insist on the use of crackable encryption techniques, then the result is the same, i.e. we lose trust in the mechanism and the capabilities that use it.
“There is some positives in this however. Criminal gangs who exchange encrypted messages will inevitably leave a footprint on the internet. It is quite possible that Cyber forensic specialists could use this to identify participants to help build a picture of the participants. In addition, these individuals will inevitably record or store these pictures for further use. Here is where our serious crime investigators need to focus their efforts and develop their capabilities to deal with the threats as they are now. These types of criminals will always use whatever they can to reduce the risk of being caught, be it low tech or high tech. Unfortunately the old, trusted method of infiltration into these groups is probably still the best approach.
“The bottom line is it is absolutely futile to expect that the issue can be tackled by enabling government or police forces to access encrypted data more easily.”
Javvad Malik, Security Advocate at AlienVault:
“There is no such thing as a low priority system or data that is uninteresting to attackers. Whenever a system is online, or accessible in a digital form, it should be assumed that bad actors will try to compromise it to either steal information, make it unavailable, or to tamper with it. Government departments are no exception, and therefore security controls should be carefully considered – in particular having strong monitoring and threat detection capabilities so that any intrusion or potential intrusion can be quickly identified and responded to and limit the damage.”
Paul Edon, Senior Director at Tripwire:
“This attack is the latest demonstration of how the threats against nation-states have evolved in the last few years.
The value of the digital assets that a system holds influences the risk factor of that system, and given the national and international interests invested in a nation-states’ parliamentary networks, these kind of attacks are likely to be attempted again. Although it is impossible to predict whether the next attack will be successful, it is encouraging that Australia’s parliament has detected the threat promptly and has addressed the security issue immediately. Bipartisan forces should concentrate on keeping the election process free of international interference, and although it is tempting to speculate on whether – and which – nation-state backed the hacking operation, the focus should be on securing the networks as soon as possible.”
Chris Doman, Security Researcher at AlienVault:
“The Australian Government has released a tool to identify the attacker’s tools within networks. The tools they’ve identified are in use by a number of different attackers, though some analysts have noted they are particularly popular with Chinese attackers.”