Cyber-crime is a Real N Ational Disaster Risk
We are reaching a moment in the international environment where cyber-crime has risen to become of proportions that is a real national security risk wherever you are, says Tobias Feakin.
Mr Feakin is the ambassador for Cyber Affairs and Critical Technology for Australia. He was in Fiji for the Pacific Island Law Officers’ Network (PILON) meeting in Nadi earlier this week.
PILON is a practical grouping of Pacific partners, who are from law enforcements and legal backgrounds, who are trying to address the same issues - cybercrime – and other serious issues such as child exploitation.
Australia works closely with Fiji and its regional partners to ensure they genuinely receive the benefits from this technology rather than being caught up by the risks.
“We are here in Fiji to engage with the Fijian Government, to engage with Fijian industry partners, to see what is going on inside Fiji’s ecosystem, what’s new exciting in digital, how can we work closely together,” Mr Feakin said.
Mr Feakin explains in detail below the work they do, how cyber criminals work, and the changing technology landscape we now live in.
IVAMERE: PLEASE EXPLAIN THE WORK THAT YOU DO, AND THE SCOPE OF WORK YOU CARRY OUT WITH FIJI?
FEAKIN: We do a lot of productive work on cyber security issues together and we look at ways where can better assist each other, and lessons learned in the coming years.
One of the things that is part of the bilateral discussion is how we are viewing the cybercrime landscape. More often you find in these conversations, similarly with our Fijian partners is that we are all facing similar types of threats, but often they come from different angles.
IVAMERE: HOW DO THESE CYBERCRIME CRIMINALS WORK?
FEAKIN: From an Australian perspective what we are seeing here is an increased threat from state-based actors, serious organised criminal groups, and from motivated individuals, who have different motivations for what they are doing, for criminal it’s to gain money, for state, it’s to gain access to data, to understand how the countries work and to get access to information, and for individuals it could a range of all of those reasons.
We see the individuals operate across all those landscapes. Quite often you find motivated hackers essentially are like guns fire and that creates complexities in responding to these issues.
We’ve seen significant upticks in Australian setting in terms of cybercrime.
Last year we had 76,000 acts of cyber crime reported into our reporting structures, but we envision the numbers to be a lot higher because quite often the public won’t be aware that they should report certain activities that are criminal in nature. So, in talking to our Fijian partners,
we are facing similar threats.
IVAMERE: ARE CYBER CRIMINALS ONLY INTERESTED IN MAKING BIG MONEY?
FEAKIN: It doesn’t always have to be that they are looking for the largest sum of money that they can scoop up in one go, some criminals are adept. You may have heard in the past about credit card fraud scheming multiple accounts of small numbers, so it goes unnoticed.
So, it maybe you as a citizen don’t have much money, but criminals are still interested in scheming a few dollars out of your account if they can, using your information so that they can go forward and apply for larger sums of money with banks, insurers, use that identity so that they can then create more money sources for themselves.
So again, it’s about understanding how you as an individual could well be targeted the easier you make your information and data online, and to other people, the more likely you could be a victim of cyber-crime. Cyber criminals will look for the weakest links, they’ll look at ways in which broadband networks are increasing and try to exploit that.
And often we find that the firsttime users of the internet whether it be on the mobile or computer they are more vulnerable because there has not been any learning process on how you can safeguard yourself from some of those risks.
IVAMERE: HOW IS CYBER-CRIME DIFFERENT NOW COMPARED TO BEFORE?
FEAKIN: Cyber threats are more widespread now compared to before. The bar of entry to be able to deliver those payloads has just dropped considerably.
When I was looking at it in the late 90s, you must be a considerable toplevel expert to be able to deliver any kind of malware, cyber-attack.
Now we’ve reached a stage where you can download tools sets in dark net markets, which enable you to conduct cyber-attacks, and it would also have instruction manuals and everything in between. That means that barrier of entry is lower, therefore there has been a proliferation of risks involved, if you combine that with the increased connectivity and see where it leads.
So, we are all dealing with these risks and as policy makers we adjust our policy settings constantly
Often we find that first-time users of the internet whether it be mobile or computer, they are more vulnerable because there has not been any learning process on how you can safeguard yourself from some of those risks.
because that is what happens with the technology space as well.
IVAMERE: HOW IS AUSTRALIA’S
EXPERIENCE SIMILAR TO FIJI AND THE REGION?
FEAKIN: Right now, we are dealing with data breaches from medibank,
which is a private health insurer in Australia, and from Optus, the most significant data breaches that have taken place.
In our context we are dealing with the scourge of ransomware where essentially the access to data or access to network is locked up in a particular malware, which encrypt everything until payment is made, when theoretically you make the payment and your data is unscrambled, but we understand is that criminal will they actually do that, so we would always advise that you don’t pay that ransom because you
are not totally sure that by paying the ransom you’d ever get that data back anyway.
But ransom is something that we know is affecting our partners around the region as much as it is in Australia.
So, it is important that we are working together, sharing that information, looking at how we respond to those kinds of incidents in order that we are all better equipped.
IVAMERE: ARE THERE ANY INTERNATIONAL LAWS THAT GOVERN THE SPREAD OF MISINFORMATION ON SOCIAL MEDIA, ESPECIALLY NOW IN FIJI THAT WE ARE NEARING OUR ELECTION DATE?
FEAKIN: There aren’t global sets of legislation. In Australia, there has been an approach that anything that crosses the barrier of inciting violence or hatred, there are legislative powers that every safety commissioner must demand that those pieces of information are taken down on the big tech platforms otherwise they face significant fines if they don’t do that in a certain time scale.
Around the election interference I think what’s important is the role
news organisations can play. It’s about reminding the public about validating sources.
If something looks fantastical as though it seems a bit out of the ordinary, then don’t trust that immediately as you read it.
I think a lot of responses to that kind of disinformation is around we as members of the public becoming more discerning. We digest information.
There is a different way of you producing information as a newspaper as opposed to an individual typing out whatever thoughts they may have and presenting that as news online.
There’s real responsibility on Governments and broader society that we are discerning consumers of information because we are all becoming much more gauged online, access to broadband is much clear now then it used to be therefore what needs to come is an uplift in awareness.
And that is one thing the Australian Government is keen to do with Fiji and other Pacific families is to work together in that journey.
Increased connectivity is so important for socio-economic growth, communication, and everything we do as societies.
But we want to work with partners to ensure there is a mindfulness to some of the risks that are there and that includes misinformation and disinformation, includes better awareness for cyber security responses.
IVAMERE: WHAT DO YOU THINK OF FIJI’S SECURITY POLICIES, AND DO YOU SEE ANY LOOPHOLES?
FEAKIN: I know the Fijian Government is working hard in looking at its security posture, cyber security policies, and I know the Fijian Government is looking at defining roles and responsibilities, and how to go about in assisting the public in approaching these issues that’s forthcoming, we’ll wait for that to eventuate.
My experience now with the Fijian Government when there is communication with me, is that there is real energy within the Fijian Government to make sure there is a high level of preparedness and that the responses are up to standard
IVAMERE: WHAT ARE SOME OF THE SUCCESSFUL OUTCOMES OF THE COLLABORATION YOU’VE HAD WITH FIJI?
FEAKIN: I think some of the best successes are through initiatives such as PILON, which really looks at how do you equip countries on legislative frameworks, lawyers who understand how you prosecute against those legislations, and judges who understand the severity of the crime.
Something like the PaCSON (Pacific Cyber Security Operational Network) initiative, which is an operational community of experts who meet and swap tips on how to go about being technically proficient in delivering cyber security, and understanding what that environment threat looks like, sharing that information, and pumping that information out to the broader audience.
IVAMERE: WHAT IS YOUR ADVICE TO FIJIANS?
FEAKIN: Anything you are doing online, whether you are opening an email, whether you are about to upload some information or photo. I would say, stop, think, and then commit to what it is you want to do. But if you take that pause to think about does that make sense, should I really click on it. The best thing for the public is to really think about their interaction.
■ The interview with Tobias Feakin was conducted at the Fiji Sun office in Suva on 30 November, 2022.
Feedback: