Australia sets up team to hack back at cyber crooks
The information security industry got a surprise the weekend before last when the Australian Government announced a permanent operation with about 100 police and defence officers from the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD).
The operation will go after ransomware gangs, with Attorney-general Mark Dreyfus and Cyber Security Minister Clare O’neil saying the police and signalsintelligence (sigint) personnel will gather intelligence on them, identify leaders and networks and infrastructure.
Australia’s move comes after a ransomware attack on private medical insurer Medibank in which sensitive information on almost 10 million people was stolen. The AFP and ASD are now tasked with stopping similar attacks.
Very sensitive information it is too: Medibank rightly refused to pay the extortion money to the Blogxx criminals who in turn have started to release records in public. This includes names of hundreds of people who’ve been treated for alcoholism or had abortions.
Punishing unscrupulous criminals who hurt vulnerable people without hesitating is a must. However, hacking back is a contentious proposition. There is now an official political remit to go after hackers anywhere in the world. It’ll be an area to watch as many gangs are state-linked operations in countries hostile to the West. For example, Russia.
Meanwhile, Russia continues to flail in its invasion of Ukraine, there is now an even more clear imperative for Western nations to protect
IT infrastructure. Ransomware is big business, which last year led to losses in the tens of billions for victims. With that kind of money, launching ransomware attacks is tempting for crims who think
they can’t be traced.
A spate of prosecutions show that at best the criminals are pseudonymous.
Sigint agencies and police crews have an advantage over ransomware crooks: the
former have had to learn through investigating attacks and actively defending targets; the latter has usually not, and is often clueless about operational security.
Developers of ransomware are aware of this, and try to stay out of the limelight, with associates lured to do dirty deeds in return for a cut of the extortion money. Finding ransomware associates won’t be quite like shooting fish in a barrel, but not far off. Killing as much of the ransomware-asa-service industry is a great tactic that will hurt the criminals behind the operations.
People may become complacent, since there is now an official defence shield. “Outsourcing” information security and thinking it’s the Government’s job would be disastrous. Don’t let the guard down.