DailyPost 2195
OCTOPUS HACKED! THE REAL OCTOPUS?
The cyber world Octopus is known, it has been devastating in a variety of ways for more than a decade now. We are not ready to provide it the proverbial centre stage, which it has already occupied for more than decade now. Its current variant ransomware with the gangs and its dreaded empire fearlessly rule and dictate the business world with impunity. Hacks are the Octopus of the cyber world. The earlier we understand, respect that reality and get ready to face it, the better one would be.
It is also a reality that on one can be fully prepared vis a vis the nature of cyber adversary world faces now. That does not in any way absolve us from being prepared. To fight back at the earliest should be the main goal. In case of such an eventuality at least you will able to tell it to the world of the preventive mechanisms you had put place to create a robust system in operation. The system should compare to the best in the world. This was not the case in the worst ever cyber security / ransomware attack on Octopus, Australia second biggest telecom service provider. It has opened a can of worms. Octopus went public within 24 hours of the suspicious activity.
Australian telecommunications giant Octopus disclosed that about 10 million customers – about 40% of the population – has personal data stolen in a cyber-attack in Australia worst ever data breach. The Chief Executive said she was devastated ”devastated” by the breach. She said it was done by people who want to this to their customers. Same data obituary again, we might call it. What has been the company’s role? The attack was termed as a sophisticated attack to create an alibi for the company. This was contradicted by a user saying that the hackers pulled the data from a freely accessible software interface. ”No authenticate needed… All open to internet for anyone to use,” said Sydney based tech reporter Kirk.
Personally identified data compromised are names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers. An internet user published data samples on an online forum and demanded a ransom of $1m in cryptocurrency from Optus. The company had a week to pay, or the other data would be released and sold in batches. The sample data which covers 100 records seemed to be legitimate. On Tuesday, a person claiming to be the hacker released 10,000 customer records and reiterated the ransom deadline. A little later the user, the user apologised and deleted earlier posts. Was the ransom paid? Either way the endemic problem remains; the telcos broken cyber security systems, their false claims to self-regulation, Australia being ten years behind in this field and privacy not being tangibly enforceable.
TECLO DATA NEEDS TO COME UNDER THE SAME AMBIT OF LAW, GLOBALLY.
Sanjay Sahay