Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
China's premier vows to expand global 'trade pie': state media
-
Belgium commemorates Brussels attacks 10 years on
-
Sri Lanka raises fuel prices by 25 percent as war bites
-
Rights groups fear use of arrest to stifle free speech in Pakistan
-
Iranian missiles sow panic, destruction in Israeli towns
-
Damaged Russian tanker to be towed to Libya: state-owned company
-
Gilgeous-Alexander scores 40, LeBron breaks NBA appearance record
-
Cuba hit by second nationwide blackout in a week
-
BTS draws over 100,000 fans to Seoul comeback concert: label
-
US-China 'Board of Trade' may help ties but experts flag market worries
-
Sinner, defending champ Mensik advance to third round at Miami Open
-
Iran missile strikes wound over 100 in two south Israel towns
-
Shai hits 40 as Thunder win despite NBA melee with four ejected
-
Records shattered as US heatwave moves eastward
-
Iran missiles hit southern Israel, injuring more than 100
-
LeBron James breaks record for most NBA games played
-
'Perfect' PSG sweep past Nice to reclaim top spot in Ligue 1
-
Japan coach says Asian Cup crown 'well-deserved' for inspirational team
-
PSG sweep past Nice to reclaim top spot in Ligue 1
-
Robert Mueller, ex-FBI chief who led Trump-Russia probe, dead at 81
-
Milan move to within five points of Serie A leaders Inter
-
Duplantis masterclass as Kerr and record-setter Ehammer shine
-
Rosenior urges Chelsea to 'forget the noise' after damaging loss
-
Marquez ambushed Di Giannantonio to win Brazil sprint
-
Sweden's Duplantis wins fourth world indoor pole vault title
-
Liverpool, Chelsea slip up in Champions League race
-
WHO sends first overland convoy from emergencies hub to Beirut
-
Everton rub salt in Chelsea wounds as Champions League race tightens
-
Coach Mignoni returns but Toulon crash to Stade Francais
-
Robert Mueller, ex-FBI chief who led Trump-Russia inquiry, dead at 81
-
Sinner and Pegula advance to third round at Miami Open
-
Britain's Kerr outsprints Hocker for world indoor 3,000m gold
-
Kane backs Tuchel's call to rest him from England friendly
-
NBA fines 76ers' Drummond, Magic's Suggs $25,000 each
-
Switzerland's Ehammer sets indoor heptathlon world record
-
Pogacar 'relieved' by Milan-San Remo triumph, gunning to complete Monument set
-
World Athletics decision to hand Asia two world indoors 'strategic' - Coe
-
Trump threatens to use ICE agents for airport security control
-
Kane moves closer to goals record as Bayern sink Union
-
Pogacar ends long wait for Milan-San Remo glory after edging epic
-
US says 'took out' Iran base threatening blocked Hormuz oil route
-
Di Giannantonio takes Brazil MotoGP pole ahead of Bezzecchi, Marquez
-
Welbeck scores twice to dent Liverpool's top-five hopes
-
US strikes Iran bases threatening blocked Hormuz oil route
-
Pirovano wins World Cup downhill title, Aicher puts pressure on Shiffrin
-
Doroshchuk wins Ukraine's second world indoor gold, Hodgkinson and Alfred coast
-
K-pop kings BTS stun Seoul in '2.0' comeback concert
-
French prosecutors suspect Musk encouraged deepfakes row to inflate X value
-
Mbappe 100 percent, Bellingham fit, says Real Madrid's Arbeloa
-
Iranians mark Eid as Tehran reports strike on nuclear plant
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
X.M.Francisco--PC
