The Times Australia
The Times World News

.
Times Media

.

A new cyber taskforce will supposedly 'hack the hackers' behind the Medibank breach. It could put a target on Australia's back

  • Written by Mamoun Alazab, Associate Professor, College of Engineering, IT and Environment, Charles Darwin University
A new cyber taskforce will supposedly 'hack the hackers' behind the Medibank breach. It could put a target on Australia's back

The Australian government is launching an offensive against cybercriminals, following a data breach that has exposed millions of people’s personal information.

On November 12, Minister for Cyber Security Clare O'Neil announced a taskforce[1] to “hack the hackers” behind the recent Medibank data breach.

The taskforce will be a first-of-its-kind permanent, joint collaboration between Australian Federal Police and the Australian Signals Directorate. Its 100 or so operatives will use the same cyber weapons and tactics as cybercriminals use, to hunt them down and eliminate them as a threat.

Details on how the taskforce will operate remain murky, partly because it needs to keep this information away from criminals. But the fact remains that taking an offensive stance, while it could deter further attacks, could also put a big red cross on Australia’s back.

Australia punches back

It was only in 2016 that the Australian government first publicly acknowledged[2] it has offensive cyber capabilities[3] housed in the Australian Signals Directorate – and that these are used against offshore cybercriminals. The admission came from then prime minister, Malcolm Turnbull, following attacks on the Bureau of Meteorology and Department of Parliamentary Services.

Australia has used cyber offensive[4] strategies a number of times in the past. This has included operations against[5] ISIS and, more recently, efforts to disable scammers’ infrastructure[6] and access to stolen data at the start of the pandemic. Details of intelligence operations are generally kept under wraps, especially where the Australian Signals Directorate is involved.

How might the taskforce operate?

Minister O'Neil has said the new taskforce will[7]:

scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber attacks and disrupt their efforts.

As to whether it could launch a counterattack on the Medibank hackers, the resources are there, but working out the kinks will be crucial. Australia’s intelligence agencies have more resources than the average organised cyber gang, not to mention connections to other advanced intelligence agencies around the world.

However, one key issue with holding cybercriminals to account is attribution. A legitimate counterattack requires identifying the source of an attack beyond reasonable doubt. The Medibank data leak has been attributed to criminals based in Russia – most likely from, or at least associated with, the REvil cyber gang.

This assumption is based on similarities between existing REvil sites on the dark web and the extortion site hosting the stolen Medibank data, as well as other similarities between the Medibank attack and REvil’s previous attacks.

Read more: What do we know about REvil, the Russian ransomware gang likely behind the Medibank cyber attack?[8]

That said, hackers can hide their identity by routing through (often unaware) third parties. So even if this attack is attributable to REvil, or its close associates, the attackers could easily deny involvement if taken to court.

The group could say its systems were used as unwitting hosts by another external perpetrator. Plausible deniability can almost always be maintained in such cases. Russia (and China) have had a track record[9] of denying involvement in cyber espionage.

As such, it’s very difficult to prosecute cybercriminals – especially in cases where these criminals may be backed (officially or unofficially) by their government[10]. And if perpetrators can’t be put behind bars, they can simply lie low for a while before popping up somewhere else in cyberspace.

Beyond the Medibank hackers, the taskforce will also target other potential threats to Australia. In the case of inaccurate attribution in any of these operations, we might see tit-for-tat escalation. In a worst-case scenario, attacks based on incorrect attribution could start a cyberwar with another country.

Read more: Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know[11]

Defence before offence

By actively seeking and trying to neutralise offshore gangs, Australia will put a target on its back. Russian-linked criminal gangs and others might be encouraged to retaliate and target our sectors, including critical infrastructure.

Boosting Australia’s cyber defences should be the top priority – arguably more so than retaliating. Especially since, even if the taskforce successfully mounts a counterattack on the Medibank hackers, it’s unlikely to recover any data stolen (since criminals make copies of stolen data).

Going after cybercriminals addresses the symptoms of the problem, not the root: the fact that our systems were vulnerable enough to be hacked in the first place. The Medibank breach, and the major Optus breach[12] preceding it, have both demonstrated that even businesses with seemingly strong cybersecurity protocols are vulnerable to attacks.

The best option from a rational and technical standpoint is to prevent, as much as possible, data being stolen in the first place. It might not be as flashy a solution, but it’s the best one in the longer term.

Read more https://theconversation.com/a-new-cyber-taskforce-will-supposedly-hack-the-hackers-behind-the-medibank-breach-it-could-put-a-target-on-australias-back-194532

The Times Features

Sunshine Coast Personal Injury Lawyers: Expert Guidance for Work Accident Claims

When accidents occur in the workplace, they can have profound and lasting effects on a worker's life, both physically and financially. In Queensland's Sunshine Coast, personal in...

iS Clinical's Skincare Secrets for Radiant Party Season Skin

As the festive season approaches, having runway-ready skin is easier than ever with iS Clinical's  top skincare prep tips. Whether you're walking the red carpet or simply stepp...

How to Camp Sustainably in Byron Bay: Eco-Friendly Tips

Camping in Byron Bay is a fantastic way to soak up nature, from beautiful beaches to lush rainforests. It’s no wonder Byron Bay camping is on so many bucket lists! But with more ...

Book a room in Broome as the northwest is best

Looking for a different kind of seaside escape? Done the east coast? Then book a room in Broome to discover why those in the know say the northwest is best, with Broome one of ...

Primary care involves more than GPs. A new review shows how patients can better access care

Australians today are more likely[1] than previous generations to live with complex and chronic diseases, such as diabetes, heart disease and depression. This means they’re mo...

Why Your Credit Score Matters More Than You Think in Australia

Your credit score isn't just a number, it's a reflection of your financial reputation. In Australia, a good credit score can unlock doors to better financial opportunities, while...

Enhance Your Home’s Comfort and Style with Blackout Curtains from 3Hlinen

Creating a comfortable and peaceful home environment often involves choosing the right window treatments. Among the various options available, blackout curtains stand out as a ve...

Is thirst a good predictor of dehydration?

Water is essential for daily functioning and health, and we can only survive a few days[1] without it. Yet we constantly lose water through sweat, urination and even evaporatio...

How doctors use light to diagnose disease

You’re not feeling well. You’ve had a pounding headache all week, dizzy spells and have vomited up your past few meals. You visit your GP to get some answers and sit while they ...

Times Magazine

What Sets Melbourne's Top Design Agencies Apart From the Rest?

Design- a word that is all about creativity and expression. When you start a business in today's time, your primary aim is for your audience to know you. The key way your audience can know you is to develop a strong visual value.  Businesses in to...

Jabra launches Evolve2 75 headset to re-energise hybrid working

Jabra has announced the release of the latest in its Evolve range of enterprise headsets, the Evolve2 75. With 68% of employees seeing their Ideal work week including a hybrid model of working from home and an office[1], the Evolve2 75 is specifica...

Bridesmaid Duties: What To Do for the Bride

There’s no greater privilege than being chosen as a bridesmaid. Of course, you can’t help feeling joy and excitement with your friend getting married. However, a feeling of anxiety may also creep up on you if you don’t know what to do or if you fee...

Online Shopping Experience at Ryft Australia

Welcome to Ryft Australia's online shop! Ryft is a leading Australian retailer offering unbeatable value on the highest quality products. We specialize in providing customers with an extensive range of products for their home and lifestyle needs. O...

The Best Venues for Hire in Melbourne that Suit Your Needs

Definition of Venue Hire When planning an event, one of the most important decisions is choosing the right venue. Venue hire refers to the process of renting a space for a specific period of time to host an event. This can include conference cen...

The Symbology Of Birthstones

Way back in the Middle Ages, the healers and wise men of the time thought that all gemstones held supernatural powers, a belief that continues on to this very day! The tradition still fascinates us, so let's examine the birthstones and the gift the...