Cybersecurity is often referred to as an arms race. Corporate espionage, cyber-criminal syndicates and grey-zone cyber-warfare between adversarial states all contribute to the worsening security landscape in this increasingly interconnected world. The game of cat and mouse being played out between cybersecurity analysts fortifying corporate systems and the black hat hackers probing their defenses can easily be compared to asymmetrical warfare. No matter the might and resources behind a company’s network defenses all it takes is a few guerrilla tactics to slip behind enemy lines and cause enormous damages. And Australian business are often collateral damage.
The Minister for Home Affairs and Cyber Security, @ClareONeilMP, said Australia is “probably a decade behind” in the wake of the Optus data breach. The Minister noted that the data taken “effectively amounts to 100 points of ID check,” making the “scope for identity theft and fraud quite significant in particular for those 2.8 million Australians.”
Brett Johnson, considered the godfather of Cyber Crime, stated that all cyber crime begins with identity fraud. A stolen identity means a hacker can create a false online profile and use it to lure more unsuspecting victims or launch sophisticated phishing attacks that use spoofed email addresses. This makes the Optus hack all the more concerning.
The AFP launched ‘Operation Hurricane’ to work with the financial sector to monitor the Dark Web and detect suspicious activity containing the identities of those caught up in the Optus breach. Meanwhile, international security partners such as the FBI and AFP cyber liaison officers across the world were recruited into the race to disrupt the cyber-criminal networks that may use Personally Identifiable Information from the Optus data breach for nefarious purposes.
MEDIBANK PRIVATE DATA BREACH
The damage that 100 points of ID can do for victims of identity fraud caught up in the Optus hack are tangible and long lasting. This will pale in comparison to the emotional distress that will certainly be caused by the data breach of Medibank Private, which reportedly contains highly sensitive medical information. The culprits behind this hack are believed to be based in Russia, a country that notoriously protects cyber criminals from transjurisdictional justice. To make matters worse, diplomatic relations have soured between Russia and Australia after the invasion of Ukraine and our country’s steadfast support for the Ukrainian government as the biggest non-NATO donor of military aid to the country. The Russian government have knowingly harboured cyber criminal groups within its borders that have famously attacked Colonial Pipeline and critical infrastructure in the U.S. as part of its ability to deploy asymmetrical gray warfare tactics.