Repeat hacks highlight Australia's cyber flaws / Photo: Muhammad FAROOQ - AFP
-
Sinner extends Masters tournament streak on home turf, eyes French Open
-
Canadian cruise passenger confirmed positive for hantavirus
-
England see off gutsy France to clinch another Women's Six Nations
-
Sevilla safe despite Real Madrid defeat, Mallorca on brink
-
UK police detail arrests after far-right rally and counter demo
-
Smalley tees off with PGA lead and stars in hot pursuit
-
Trump issues dire warning to Iran to accept peace deal
-
West Ham on brink of Premier League relegation, Man Utd seal third
-
Bulgaria's Eurovision winner flies home to rapturous welcome
-
Starc takes four to keep Delhi alive in IPL
-
Kyiv residents protest 'dangerous' civil code, call for LGBTQ rights
-
Modiba thunderbolt gives Sundowns victory in African final first leg
-
World champions England see off France to clinch another Women's Six Nations
-
Taiwan's leader says island will not be 'traded away'
-
Sinner wins Italian Open, extends Masters tournament streak
-
'Michael' moonwalks back to top of N. America box office
-
Putter powers sizzling Kitayama to record 63 at PGA
-
Travolta channelled film greats in low-thrust plane movie
-
Scotland rugby great Scott Hastings dead at 61 - SRU
-
Fujimori and Sanchez advance to Peru runoff: official results
-
Italian PM meets victims of Modena car incident
-
'Fight relentlessly': Ukraine commander vows strikes into Russia
-
Kitayama fires sizzling 63 at PGA as No.1 Scheffler starts
-
Fernandes equals Premier League assist record in Man Utd win, West Ham brace for Newcastle
-
Ireland thrash Scotland 54-5 in Women's Six Nations to finish third
-
Vingegaard climbs to victory as Eulalio holds firm in pink
-
Carrick expects clarity on Man Utd future in 'coming days'
-
Eyewitness says Modena tragedy could have been even worse
-
Around 10 'new' victims in France's Epstein probe: prosecutor
-
Shock threat by billionaire Bollore's Canal+ group rocks French cinema
-
Kohli, Venkatesh dazzle as Bengaluru qualify for IPL play-offs
-
Probes ongoing into alleged abuse at 84 Paris preschools: prosecutor
-
Di Giannantonio wins Catalan MotoGP Grand Prix, Alex Marquez injured in horror crash
-
Fernandes equals assist record as Man Utd edge Forest thriller
-
Earps to leave PSG, in talks with London City Lionesses
-
Bowlers, Joy put Bangladesh on top in second Pakistan Test
-
Alex Marquez injured in horrific Catalan MotoGP crash
-
'Message for friends and foes': Libyan National Army conducts grand exercises
-
Bayern's Neuer sidelined again with leg issue
-
Adam Driver shuts down question about clashes with Lena Dunham
-
British soprano Felicity Lott dies aged 79
-
Roma near Champions League return with derby triumph, Napoli secure top four
-
Denmark's Antonsen wins badminton Thailand Open title
-
'Toxic' males Trump, Putin, Netanyahu to blame for wars, says star Bardem
-
Iran have 'constructive' meeting with FIFA over World Cup preparations
-
'Peaky Blinders' creator says he has licence to reinvent James Bond
-
Xabi Alonso appointed Chelsea manager on four-year deal
-
Mass Ukraine drone barrage kills 4 in Russia: Moscow
-
Gucci takes over New York's Times Square for fashion show
-
Lyles says 'well worth the journey' after winning 100m in Tokyo
Repeat hacks highlight Australia's cyber flaws
Inadequate privacy safeguards and the stockpiling of sensitive customer information have made Australia a lucrative target in the eyes of foreign hackers, cybersecurity experts told AFP following a series of major data breaches.
Medibank, Australia's largest private health insurer, recently confirmed that hackers had accessed the data of 9.7 million current and former customers, including medical records related to drug abuse and pregnancy terminations.
Telecom company Optus fell prey to a data breach of similar scale in late September, during which the personal details of up to 9.8 million people were accessed.
Both incidents sit comfortably among the largest data breaches in Australian history.
Australian National University cybersecurity expert Thomas Haines said many companies had been hoarding personal data that they should not have been hanging on to.
"There was a famous line for a while: Data is the new oil," he told AFP.
"If data is the new oil, then we're living the era of the weekly oil spill."
Haines contrasted Australia's approach with that of the European Union, which in 2018 adopted sweeping privacy reforms limiting how organisations collect, use and store personal data.
"There have got to be incentives in place to stop companies hoarding data they don't need, or to penalise those companies for big leaks. Europe has done this," he said.
"At the moment the business incentives are basically along the lines of: Let's just keep a whole bunch of data."
Haines said Medibank appeared to be an exception, in that most of the sensitive information within its databases had been stored for good reason.
- Hacking 'for profit' -
Australia's comparatively weak safeguards against identity theft meant it was also easier to exploit stolen personal information, Haines said.
"All they need to know is your passport, your driver's licence and some other things -- and then I can start taking out loans in your name."
Haines said European countries such as Norway had much more stringent requirements involving face-to-face contact.
Dennis Desmond, a former FBI agent and US Defense Intelligence Agency officer, said most hackers were searching for particular types of data.
"For-profit hackers are going after healthcare data, they're going after identity data and credentials to access systems," he told AFP.
"There is a profit motivation there, otherwise they wouldn't be risking jail and prosecution."
The Medibank hackers this week started leaking stolen data to a dark web forum, after the company refused to pay a US$9.7 million (Aus$15 million) ransom.
The Optus breach led to the theft of customers' names, birth dates, and passport numbers.
- Russia blamed -
Australian Federal Police Commissioner Reece Kershaw on Friday blamed the Medibank cyberattack on a team of hackers based in Russia.
"We believe those responsible for the breach are in Russia," he told reporters.
"Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world."
Medibank data leaked to the dark web so far has included hundreds of potentially-compromising medical records related to drug addiction, alcohol abuse and sexually-transmitted infections.
Home Affairs Minister Clare O'Neil conceded on Friday the country's cyber defences had not always been up to scratch.
University of Sydney data researcher Jane Andrew said one major flaw was that Australian companies were not always obliged to report data breaches.
"There are heaps of data breaches happening all the time that we don't hear anything about," she told AFP.
"Companies have been gathering data because it's seen to be valuable, without fully understanding the potential risks."
H.E.Young--AMWN
