If you live in Australia, you may have caught ABC’s Four Corners last night as their investigation exposed the cyber war crime in and against Australia. From individuals like you and me to the Government and corporations – we are all being attacked. In this eye-opening news story, Four Corner’s reported the discovery of a database on the dark web which contained secure server details of more than 70,000 international companies. Out of these, 5,855 Australian organisations were listed on this database. Frustratingly, Four Corners revealed that computers from schools, law firms, local councils, a peak sporting body, an airline, and a federal research network were all hacked and their login details were put on sale – from a mere $6 per individual.
These computer login server details are rented by cyber criminals in order to launch their attacks. Tim Wellsmore who is the former manager at the Australian Cyber Security Centre said that this could provide “access to whatever is on that computer system” or be used to launch Denial of Service (DoS) attacks similar to the ones which targeted the Australian Bureau of Statistics’ census form.” Wellsmore added that these logins are desirable as it would mean that hackers would use legitimate servers to hide behind the attacks.
However, being present on this list does not necessarily mean that a person or company has been breached. Jetstar and Suzuki have claimed that they are aware of their presence on the list however claim that their IT security has not yet been compromised. However, there are machines on the list that have been confirmed as being breached.
- The University of Melbourne’s federally funded network which hosts the virtual servers for Australian researchers has been on sale since January 2015.
- Rowing Australia was hacked and their details have been on sale since December 2015. To remedy this, they have hired an external cyber security expert to develop strategies to protect their systems and data.
- Other organisations such as Victoria’s Ararat Community College, Scitech, and the Town of Port Headland in Western Australia have been confirmed as being compromised. Investigations are under way at Ararat Community College to find out if anything has been stolen.
The high number of suspected Australian servers really comes as no surprise. In June, we blogged about Australia being revealed as the 4th most vulnerable country to cyber attacks due to the high number of insecure networks and internet channels.
Wellsmore said, “Many people may think of those as computer servers sitting in in an office somewhere. Those servers would be computers everywhere across Australia, including in people’s homes that are just sitting there already compromised waiting to be used for an attack. It’s a market-driven economy unfortunately and … because of some of the vulnerabilities out there in the software that are quite easy to be compromised, there’s a lot of these … for sale”.
If you have appeared on the list or are worried that your organisation may be affected, we recommend that you do carefully check for potential past intrusions on your server. Some of these may occur on your website or company servers. If you have been affected, please contact your IT services provider to ask if they have been adequately trained in cyber security.