Pages

Friday, February 23, 2024

How the hackers were hacked by federal agents

Department of Finance accidentally leaks sensitive and personal information from hundreds of providers in bungled email announcement


EARLY WARNING SYSTEM  - THE NEW SPACE RACE: AI company developing software to detect hypersonic missiles from space. 


Imagine being at war with invisible adversaries who, day and night, attempt to breach your defenses. That's the daily reality for the Australian Tax Office (ATO), which, under the stewardship of Chris Jordan, has been on the frontline, defending against a staggering 4.7 million cyberattacks each month. In his final public appearance as the head of the ATO, Jordan laid bare the scale of the challenges faced by the agency, including the alarming rise in tax fraud and identity theft, calling for police-like powers to bolster the ATO's arsenal.

Battling Shadows: The ATO's Fight Against Cybercrime and Tax Fraud under Chris Jordan's Leadership


Set to hand over to his successor Rob Heferen next month, Mr Jordan told the National Press Club in Canberra waves of new cyber threats and identity scams kept him awake at night, defending the ATO’s management of a massive GST fraud which implicated 150 staff and contractors.

Give the ATO law enforcement powers: Chris Jordan


Outgoing ATO boss says getting rid of work-related tax deductions would be a 'big step'


Chris Jordan at the NAtional Press Club 


The Department of Home Affairs’ cybersecurity guru owns a six-figure shareholding in one of the country’s biggest tech supply companies, CyberCX, which is a major contractor to government departments, including his own.
Peter Anstee is the first assistant secretary of the department’s cybersecurity policy area, and the government’s lead adviser on the issue. Corporate records show he owns 100,395 shares in private company CyberCX Pty Ltd, which he did not divest when he joined Home Affairs in 2021.

Home Affairs cybersecurity guru owns shares in big government contractor


Medibank cyberattacker reportedly detained in Russia


How the hackers were hacked by federal agents

A coalition of law enforcement agencies including the Australian Federal Police has hacked the profilic ransomware syndicate that stalled Australia’s ports in an attack last year.
Software from LockBit, which sells hacking tools to other criminals, was behind the hack on stevedore DP World in November 2023 that stranded tens of thousands of containers.
The image that greets users attempting to access LockBit’s site on the dark web. 
But on Tuesday LockBit’s website was replaced with a message from international police forces reading “this site is now under the control of law enforcement.”
It was “a beautiful site [sic],” said Ciaran Martin, former head of the United Kingdom’s National Cyber Security Centre, in a post on social media platform X.
The operation, termed “Cronos” was led by the UK National Crime Agency, with assistance from 10 countries including Australia.
LockBit’s software is designed to disable computer networks but can be reversed on command, facilitating ransom demands. It has been used in thousands of major breaches in the last five years, including against the Industrial and Commercial Bank of China, consultancy Accenture, and weapons maker Thales.
DP World, which moves about 40 per cent of the country’s container freight on and off ships, failed to patch a known flaw in its systems, leaving it open to exploitation by LockBit. That left some of its key computer programs unavailable in November last year, creating a massive container backlog while it built a workaround.
The Australian Federal Police were contacted for comment. Home Affairs and Cybersecurity Minister Clare O’Neil’s office confirmed the take-down.
The law enforcement hack of DP World’s site, which was available on the so-called “dark web” accessible via dedicated apps, is a rare public example of Western countries disrupting hackers who often reside outside their jurisdiction.
It follows Australian authorities’ decision to reveal a Russian man, Aleksandr Ermakov, as a person responsible for the 2022 Medibank hack. He remains at large.
In the year to March 31 last year, Lockbit was used in 18 per cent of all ransomware attacks against Australian targets, according to the US Cybersecurity and Infrastructure Security Agency.
Chester Wisniewski, an executive at anti-virus firm Sophos, said the authorities’ disruption of the most prolific ransomware group in the world was a major victory.
“We shouldn’t celebrate too soon though,” Mr Wisniewski said in a statement. “Much of its infrastructure is still online, which likely means it is outside the grasp of the police and the criminals have not been reported to have been apprehended.”
As well as providing software, LockBit operated a quasi-professionalised support service for affiliated criminal gangs. In a screenshot posted to social media, a member of LockBit told malware research group VX-Underground, that “FBI pwned me.”
More to come.
Gain insights into the week’s biggest tech stories, deals and trends. Sign up to The Download newsletter.
Nick Bonyhady is a technology writer for the Australian Financial Review, based in Sydney. He is a former technology editor, industrial relations and politics reporter at the Sydney Morning Herald and Age.Connect with Nick on Twitter. Email Nick at nick.bonyhady@afr.com



Major new study to identify Kleptocratic “red flags” and craft new anti-corruption rulesUniversity of Exeter. Paul R: 

Professor Heathershaw said: “Lawyers, accountants, company service providers and other professionals often play essential roles in the movement of illicit wealth. They can be enormously powerful and effective at resisting both scrutiny and regulation. This influence, along with the complexity of this terrain, has led to a lack of consensus around what counts as “enabling” activity and what consequences should follow.