Daily Bulletin


News

  • Written by Nicholas Patterson, Lecturer, Deakin University
19 years of personal data was stolen from ANU. It could show up on the dark web

Today it was revealed the Australian National University (ANU) fell victim to a cyber security attack two weeks ago. Stolen was a substantial amount of data dating back 19 years relating to staff, students and visitors.

We don’t know for sure how long the cyber attackers were inside the ANU systems in this case. However, the university revealed details of other attempted attacks last year.

Read more: Hackers cause most data breaches, but accidents by normal people aren't far behind

The ABC reported that the types of data stolen were “names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.”

These are very critical data. Privacy and security are at risk when this sort of information, especially people’s personal and financial details, are hacked.

The question now is what will happen with the stolen data.

There are three likely outcomes:

1. Invitation to pay a ransom

The hackers who stole the data might ask ANU to pay a ransom and they will “erase” the data they stole (or at least say they will). If the ransom is not paid, they will probably release it to the public.

We have seen cases like this before around the world. A recent example involved stolen coding tools.

Another example is an attack on a German IT company, Citycomp, where hackers broke into its systems and stole a lot of critical data. Citycomp was asked to pay a ransom of $5,000 – but did not. The hackers published the data.

2. Free public release of data

The hackers may release the stolen data to the public without asking for any payment. This might happen as a show of strength, to provide evidence of their capabilities, or to cause chaos.

The consequences are still very serious in this case. It could lead to serious breaches of personal privacy, fake identities being created and important intellectual property becoming available to competitors or other hackers.

More broadly, the university may attract fines from the government if it was later found that correct data protection practices were not followed. That said, there is no evidence this is the case here.

3. Sell for profit on the dark web

The hackers may sell the data on the dark web to make a profit. Others could buy the data to create fake identities and as a result fake credit cards.

An example where hackers have stolen data involving up to 150 million users and sold it on the dark web involved Under Armour’s MyFitnessPal app.

The entire stolen data set is reportedly available for an asking price of less than $20,000 in bitcoin – around one year after the breach occurred.

Hackers are hard to stop

What makes this ANU case very interesting is that in 2018 The Guardian reported that ANU had spent many months fighting off a threat to its systems. There were unverified reports this might have come from hackers based in China.

This means the ANU has known it was being targeted for a while now, and was still not able to fend off the data breach revealed today.

You might ask why the university hadn’t bolstered its cyber defences in response. The answer is the ANU probably did, to the best of its abilities.

However, when you are dealing with elite hackers and those using “zero day exploits”, it means your chances of preventing a hack are quite limited. Zero day-based exploits focus on vulnerabilities that are not yet known to anti-malware companies or for which no targeted solutions are available, such as patches or updates.

Read more: From botnet to malware: a guide to decoding cybersecurity buzzwords

This is still a dangerous situation

There are still aspects of this situation that will present concerns to the ANU and its stakeholders.

For example, it’s possible the hackers could still be in the systems, but hidden. They may have user names and passwords for student accounts or hidden backdoors the university has not yet discovered.

It could be worse than we know

Another issue is whether the hackers have stolen even more data than is being reported.

It currently appears data not stolen includes “credit card details, travel information, medical records, police checks, workers’ compensation information, vehicle registration numbers, and some performance records”.

ANU vice-chancellor Brian Schmidt has said: “We have no evidence that research work has been affected. But the university may not yet know for sure. A very concerning aspect for the university will be the potential for intellectual property and unpublished academic works to be accessed. This could be very valuable to sell off online or even to other universities.”

This has happened before: Iranian hackers targeted 76 universities across 14 countries to steal intellectual property from research projects in 2018.

Only time will reveal what happens next. The bad news is that hackers have stolen critical data and it’s in the wind. The outcomes could be minimal or they could be disastrous, depending on the hackers’ intentions.

A big concern will be if the hackers still have access to the university systems, via an established backdoor, and are siphoning off critical data as it emerges.

Authors: Nicholas Patterson, Lecturer, Deakin University

Read more http://theconversation.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web-118265

Writers Wanted

How unis can use student housing to solve international student quarantine issues

arrow_forward

The floor is lava: after 1.5 billion years in flux, here's how a new, stronger crust set the stage for life on Earth

arrow_forward

Play Poker Online Here With The Best Odds

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism

Buy Instagram Followers And Likes Now

Do you like to buy followers on Instagram? Just give a simple Google search on the internet, and there will be an abounding of seeking outcomes full of businesses offering such services. But, th...

News Co - avatar News Co

Cybersecurity data means nothing to business leaders without context

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some...

Scott McKinnel, ANZ Country Manager, Tenable - avatar Scott McKinnel, ANZ Country Manager, Tenable



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion