Recent data breaches have driven fast reforms to Australia’s cybersecurity and data protection rules, and the most recent development looks to be the formation of a cyber task force that will “hack back” and aggressively pursue what Minister for Home Affairs Clare O’Neil termed “scumbags.”
Due to the fact that millions of Australian citizens have had sensitive personal data stolen from a variety of major companies and that long lines have formed to have compromised personal identification re-issued, the Department of Home Affairs has promised a new policy that will be “tough on crime” regarding cyber incidents and data leaks. The Australian Federal Police (AFP) and the Australian Signals Directorate will work together to form a joint task force of around one hundred personnel, according to the announcement made by the agency.
The Cyber Task Force is planning to clamp down on data thieves, and they have promised action against international targets.
The Office of Home Affairs has stated that the Cyber Task Force will be an ongoing operation that will concentrate on criminal gangs and that it will engage in “day in and day out” actions to identify and apprehend those responsible for data breaches. This statement was made in reference to the fact that the Cyber Task Force will be established. When officials were asked if the infamous REvil ransomware gang had been involved in the attack on Medibank, they did not name specific targets, but they did say that the recent string of attacks can be tied to organized criminal groups in Russia. However, the officials did not name specific targets.
Officials did confirm that they had identified the individuals who had hacked into the Medibank system; however, they said that they would not be disclosing the names of those responsible to the public at this time since Interpol is now in discussions with Russian law enforcement agencies. There has been conjecture that it is either a resurgence of REvil or an offshoot group that might be made up of former members of REvil.
The apparent pushback from the Australian government seems to have been driven not just by the rapid-fire spate of breaches that have happened since September, but also by the exceptionally horrific character of the data extortion that occurred in the Medibank case. A significant amount of sensitive health information was taken along with the 9.7 million data that were stolen, and the perpetrators have been progressively leaking the most sensitive material via a dark web site. Patients who have been diagnosed with an addiction to drugs or alcohol, individuals who have had abortions, and prominent members of the public are all included in this category. Medibank has made it clear that it will not be participating in any ransom negotiations or payments.
How much “hacking back” capability does a cyber task team really have?
The news has caused some individuals to speculate about the scope of the plans that the cyber task force has in store for the future. “Hacking back” is a highly problematic idea that dwells in a murky international environment of cyber interaction standards and unstated regulations. It is a term that refers to the act of retaliating against an online attack.
The concept has been floated sometimes by private enterprise, but it is often dismissed because to the risk of sparking a global issue by striking a nation-state entity or harming innocent third parties in the process. At the level of the government, the typical next step is to issue an indictment against any known hackers, and then to cooperate with law enforcement agencies from other countries in order to disable and seize the hackers’ servers and infrastructure, and then to ultimately locate the hackers themselves.
Given that Australia is a member of the “Five Eyes” intelligence network, which is comprised of states that normally pursue international criminal hackers with the greatest vigor, it is unclear what Australia’s cyber task force wants to bring to the table that is not already being done. It’s possible that this step is little more than empty rhetoric to convince the people of Australia that “something is being done” about the number of concerning breaches that have occurred recently.
Despite this, the formation of the cyber task force is not all that Australia has done recently to improve its data privacy protections and cybersecurity. Earlier in the year, a budget of AU $9.9 billion was allocated for the “Redspice” program (Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers) to cover the next decade. This figure represents a tripling of the program’s current annual funding in addition to the addition of three new offices and a total of 1,900 new employees.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.