Digitizing Technology Security: The hack that shocked Australia

Nearly 10 million Australians, or 40% of the country's population, have their important information stolen after hackers attacked the Optus network.

On September 23, Singtel Optus Pty Limited announced that hackers had stolen the data of 9.8 million customers, including names, dates of birth, phone numbers, emails, home addresses, passport numbers and driver's licenses. However, the company insists that banking information and more sensitive data were not collected.

This is considered the largest cyber attack in Australia. Optus, part of the Singtel group, is the second largest telecommunications service provider in the country.

Outside an Optus store in Australia. Photo: AP

Optus's Subjectivity

According to ABC , the day before Optus announced the compromised user data, the company's cybersecurity team detected suspicious behavior. However, the team is said to have not taken the necessary steps to secure the system.

Kelly Bayer Rosmarin, Optus CEO, confirmed this was a sophisticated attack and they are working with police and investigative agencies to bring the masterminds to light.

But when the cause of the problem has not been announced, on September 24, an anonymous person suddenly posted a list containing 100 user information on a hacker forum with a request to Optus to pay one million USD in cryptocurrency, if Otherwise, all data will be distributed over the network. A day later, this person shared the personal data of the first 10,200 people, and said he would continue to do so until he received the ransom, which is a week. On September 25, more than 10,000 additional user information appeared on the Internet.

More importantly, the hacker claimed the attack was not as "sophisticated" as Optus described it. The hack is quite simple through an unsecured and publicly accessible software interface. This person also said that he broke into the system easily without having to go through any complicated authentication steps.

Based on the initial analysis of the attack, CyberCX security expert Alastair MacGibbon suggested that the compromised system appeared to be due to a loophole by Optus itself.

Two days later, the hacker continued to announce the identities of 10,000 more victims, and urged Optus to send a ransom. However, the hidden person then suddenly deleted all that was shared. "We will not sell data to anyone, sorry Optus," the statement read.

According to experts, the fact that the hacker deleted the data shows that it is likely that Optus has sent a ransom. However, the company declined to comment.

Millions of Australians panic

On September 28, hundreds of people lined up outside the Service SA center at Sefton Plaza, South Australia to change their identification documents for fear of their information being exposed. The regional government also set up 32 points to exchange driver's licenses and other information for those in need.

"When I drove through Service SA, a long line was waiting at the door," a Fleurieu Peninsula woman told ABC . "It took me 30 minutes to drive, then I waited more than 40 minutes to get in. Fortunately, the staff here did the check-in quickly. The driver's license number was changed immediately."

Others said they were pleased with the government's swift move, but criticized Optus for its slowness and "quite inefficient" handling of the situation. Others demanded that Optus be severely punished for the mistakes made.

With the mass leakage of personal information, many people fear that they will become victims of scams, especially scams via texting, calling or sending malicious code via email. According to 7news , on September 27, Commonwealth Bank said it had blocked an account used in a scam to extort $2,000. This person was later identified as the victim of the Optus attack.

Many Australian government officials criticized Optus for exposing a loophole that caused millions of people to lose data, but vowed to support those affected by the attack. Chris McArdle, Service Delivery Director for the Australian Department of Transport and Infrastructure, urged people to remain calm and patient. "We are very busy, but we will deal with any issues as quickly as possible," he said.

On September 28, Rosmarin apologized to its users. He emphasized that the company is working with authorities, including the Australian Federal Police, and is in contact with the FBI to investigate the matter.

The people behind it have not yet been identified.

Bao Lam

China accuses US of hacking
The biggest DDoS attack in history
The hundred-year-old school was wiped out because of malicious code
Chinese hackers attack Southeast Asian telecom companies
Hackers are moving to attack social infrastructure