CYBER SLUG
SLEEPLESS MPs are sweating bad, nervous their emails have been siphoned in last week’s hacking of the federal parliamentary computer network.
There’s no evidence the hackers have stolen anything. But you just can’t tell. And we also don’t know how long they have been snooping about.
That’s the thing about hackers and their malware.
Nefarious packets of code can lie dormant and undetected for weeks, months, even years inside a compromised computer network.
They burrow their way into deep, forgotten corners and effectively pull a camouflage rug over themselves, telling the roving security sniffers: “Nothing to see here!”
Then a few weeks before an election, they wake up, start muttering in binary, snooping and breeding.
Australia has been slowly beefing up cyber security, lulled out of a false sense of security generated by our geographic isolation, because we’re an island continent (yay!) and don’t share borders with anyone (yippee!).
It just hasn’t been top of mind like it has been in Europe, for example, where two thirds of Germany’s manufacturers have been hit by cyber crime, costing $50 billion.
About 20 per cent have reported their production systems sabotaged and one in 10 say their communications have been tapped.
Our politicians don’t talk much about cyber crime.
Instead, we have the spectacle of their panic, locked out of their systems to enforce password changes, demanding answers about their emails from a fledgling cyber security agency that should have been funded a decade ago.
As much as I sympathise with MPs and the nightmare scenario that their missives will be leaked to destabilise our political system, I’m furious these same people told us last month our health records would be kept safe when uploaded to the My Health Record database. You can’t have it both ways. You can’t have the Australian parliament hacked and potentially exposed then turn around and say the personal data of your constituents is safe.
You can’t stay awake at night worrying about your own explosive email blow-ups and expect the rest of us to sleep soundly. We can’t. Not when we’re fielding phishing emails and dodgy phone calls daily from scammers trying to get our data or our money with nary a cybercop in sight. The cutting edge is elsewhere. The Japanese Government, for one, is going where no one else has gone before.
It’s decided to hack its own citizens, attacking 200 million unsecured devices ahead of the Olympics.
New laws give their government workers power to find and hack into Internet of Things (IoT) devices such as web cameras and routers using default passwords and password dictionaries.
They’ll hack citizens and even enterprise systems then when they find a security hole that red flag will be sent to the consumer.
It’s bold and white knight crazy — but there’s real energy to try something.
Meanwhile, in the comfy Land of Oz, the munchkins at My Health Record ooze confidence about the security of your health data.
“There have been no reported unauthorised views of a person’s health information in My Health Record in the six years of its operations,” goes the official line.
Data breaches have happened, but “errors of this type occur due to either alleged fraudulent Medicare claims or manual human processing errors”. Here’s the rub. You don’t know what you don’t know.
You can only report what you find.
If you don’t find anything, you can’t report it.
It comes down to how hard you look
Given the parliamentary security breach last week, we need to look much harder and in more places.
Cyber crime is ramping up because it is successful, not because our data is magically safer.