Is the Tasmanian Devil Real ?

11026551884?profile=RESIZE_400xTasmania's Tafe system, the state's Teachers Registration Board and the office of the Commissioner for Children and Young People have been caught up in a recent Tasmanian government data breach, but a security expert says reporting about hack needs to be measured.

On 7 April, the Tasmanian government said 16,000 documents had been released online after hackers accessed data from the Department of Education, Children and Young People through the third-party file transfer service GoAnywhere MFT.  The Education Department's website said the data included the names of children and the school they attended, their home room and year group.  It also potentially included the bank account details and birth dates of TasTafe students.  Those affected have been sent emails urging them to monitor their bank accounts and report any suspicious financial activity.  Who's the culprit??  The Tasmanian Devil?

On the weekend, the Tasmania Police Chief Commissioner and the Secretary of the Department of Premier and Cabinet took the unusual step of writing a joint letter to members of the Labor Opposition and media outlets, urging them not to give further coverage to the topic because it could increase the state's vulnerability to cyber-attacks.  "Cyber criminals … operate as organized crime and work on a ransomware business model that creates uncertainty and fear.  The current media environment is fueling that business model," they wrote.  "I would appreciate your cooperation by heeding the same advice and not doing any further media.

The joint statement said authorities would now only be providing comment on the breach "if there is a significant event to inform the community.  [We] would strongly encourage a united approach," they said.  "The security advice is that continual coverage … can increase the cyber risk to Tasmania."

The reaction to the letter was swift on social media, with several Labor figures and lawyers labelling the direction ‘extraordinary’ and ‘outrageous.’  Advice to government being extended to try and silence the opposition from asking critical questions?" Labor's representative wrote on Twitter.  The Australian Lawyers Alliance said it set "a very troubling precedent."  "In a democracy we rely on opposition parties, and we rely on the media, to keep government accountable," he said.  "Some very serious matters have been raised about the competence of the Rockliff government's handling of this matter and it's incumbent on the opposition and the media to ensure that they continue public scrutiny of the government.  We have not seen in Australia any police commissioner do anything like this in such a ham-fisted way.  It's saying if there's any compromise of Tasmanian databases, we shouldn't talk about it, we should just let the government have their way."

A former national cybersecurity adviser to the Australian federal government and chief strategy officer for advisory firm CyberCX, has been engaged to provide technical assistance to the Tasmanian government on the data breach.  He told media outlets that one of the first tasks was to assess its "blast radius.  We certainly have seen [hackers] contact journalists, and just like in terrorist situations or in situations of self-harm, there does need to be caution sometimes on how these things are reported," he said.  "That shouldn't be read as saying the media shouldn't report it.  The intent of the letter seems to be not about asking questions per se, but the reporting of it and how it could be used by the hacker and thousands of people who might be concerned about their data."

CyberCX said in previous incidents like the Medibank security breach, the media was used by offenders to amplify the impact.  "They are real offenders and they cause real harm," he said.  "They'll try to extort money from victim organizations and if you don't do what they want, they'll try to create more harm through publicity, to warn the next victim, 'you'd better cooperate with me.'  "In terms of blame for the government, that'll come out in the wash, but clearly governments are always exposed to questioning by the media and the opposition as part of the parliamentary process.  And the media has a big role to play in educating the public about what to do if their information is leaked."

The breach of the US-based third-party file transfer service GoAnywhere MFT was first revealed at the end of March.  At first, the Science and Technology Minister said there was "no indication" government-held data had been compromised, but added the investigations were "ongoing."  A few days later she announced there was a risk sensitive data; including names, addresses and bank account numbers held by the Department of Education, Children And Young People has been accessed.  The minister confirmed that the breach involved up to 16,000 documents.  "My concern is for individual students, parents; we need to triage that, we'll be working through that," she said.

Source: Tasmanian cyber attack grabs TasTafe, Teachers Registration Board data (msn.com)

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com            

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/
  • Website:        https://www. wapacklabs. com/
  • LinkedIn:       https://www. linkedin. com/company/64265941    

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!