What is the frequency of cyber attacks in Australia?

A cyber attack is reported every seven minutes in Australia.

Who is primarily behind the cyber attacks targeting Australia?

Organized crime groups, particularly those linked to Russian hackers, are primarily responsible for these attacks.

What types of attacks are commonly used by cyber gangs?

Common attacks include ransomware and data theft, often combined with extortion.

What was the impact of the Medibank hack?

The Medibank hack affected 9.7 million current and former customers, leading to public data leaks and significant distress for individuals whose sensitive information was exposed.

What is the Australian government's response to cyber threats?

The government is increasing efforts to disrupt cyber crime and advising businesses not to pay ransoms.

How does the structure of cyber crime groups resemble traditional organized crime?

Cyber crime groups operate with a hierarchy, similar to organized crime syndicates, including roles for management and HR functions.

What lesson does the conflict in Ukraine provide regarding cyber warfare?

The Ukraine conflict has shown how cyber attacks are integrated with traditional warfare, suggesting future conflicts will see deeper ties between cyber and military operations.

What measures should organizations take to secure their data?

Organizations need to assess their data retention policies and implement strong encryption and de-identification protocols.

Why might paying a ransom be discouraged?

Paying ransoms feeds the business model of cyber criminals, encouraging further attacks.

What is the significance of the latitude Financial hack?

The latitude Financial hack was larger than the Medibank breach and reflects the escalating nature of cyber crime in Australia.

How cyber-crime has become organised warfare | Four Corners

00:45:49

https://www.youtube.com/watch?v=4m6Ydx0TGMY

Summary

TLDRThis video provides an in-depth look at the escalating threat of cyber attacks in Australia, particularly focusing on organized criminal syndicates such as Revel, which have targeted major companies like Medibank and latitude Financial. Experts outline how these gangs operate, the psychological and economic impact of their actions, and the strategies that defenders are employing to combat cyber crime. The Australian government is emphasized as taking a proactive role in cybersecurity, urging businesses and individuals to be vigilant and to resist paying ransoms, while highlighting the complex relationship between cybercriminals and Russian intelligence. Overall, the Cyber Security landscape is portrayed as a dangerous, rapidly evolving arena where both private and public entities must adapt to continuously changing threats.

Takeaways

🛡️ Cyber attacks occur every seven minutes in Australia.
💼 Criminal gangs like Revel operate with a sophisticated structure.
💰 Paying ransoms is discouraged as it fuels cyber crime.
🔍 The Australian government is increasing efforts to disrupt cyber criminals.
📉 Data breaches can have devastating impacts on individuals.
🌐 Ukraine's experience provides insight into cyber warfare and its implications.
🗂️ Strong data protection measures are essential for organizations.
🔎 Cyber crime is a global issue, with ties to Russian hackers.

Timeline

00:00:00 - 00:05:00
A massive cyber attack on Latitude Financial has put the personal details of millions of Optus customers at risk, showing the scale and severity of modern cybercrime that operates like a business.
00:05:00 - 00:10:00
Australia is facing a wave of cyber attacks, with a significant monetary impact on businesses. The intense stress of these incidents raises concerns for both individuals and corporate entities, whose operations are threatened by organized crime resembling the mob.
00:10:00 - 00:15:00
Cyber gangs targeting Australia are organized and operate globally, often from safe havens like Russia, adopting business-like structures that allow them to maximize their efforts and evade capture. Authorities warn that more attacks are anticipated, pushing for a proactive approach to combat these threats.
00:15:00 - 00:20:00
Cybersecurity analysts continuously monitor for signs of attacks, identifying threats early and engaging in a cat-and-mouse game against attackers. Australia's cybersecurity reputation is under siege as incidents grow in frequency and sophistication.
00:20:00 - 00:25:00
Ransomware and data theft are the primary methods used by cyber extortion gangs, with a notable attack on Medibank highlighting the potential fallout of data breaches and the challenges of negotiating with perpetrators.
00:25:00 - 00:30:00
Following the Medibank hack, the team focused on containment and investigation but faced daunting threats from hackers aiming to extort money by releasing sensitive medical data. Victims felt the distress as personal health information became compromised.
00:30:00 - 00:35:00
The refusal to pay ransoms can be a stance against future attacks, as hack investigations reveal attackers often operate through complex networks that include affiliated hackers and lesser-known groups manipulating ransomware technologies.
00:35:00 - 00:40:00
The internal dynamics of cybercriminal organizations resemble corporate structures, leading to brutal efficiency in operations, where traditional management issues like employee incentives clash with ongoing criminal activity.
00:40:00 - 00:45:49
As enforcement strategies evolve, the global rise in ransomware attacks signals an ongoing struggle, with law enforcement targeting the core operations of cyber gangs while aware of their ability to reinvent themselves continually.

Mind Map

Video Q&A

What is the frequency of cyber attacks in Australia?
A cyber attack is reported every seven minutes in Australia.
Who is primarily behind the cyber attacks targeting Australia?
Organized crime groups, particularly those linked to Russian hackers, are primarily responsible for these attacks.
What types of attacks are commonly used by cyber gangs?
Common attacks include ransomware and data theft, often combined with extortion.
What was the impact of the Medibank hack?
The Medibank hack affected 9.7 million current and former customers, leading to public data leaks and significant distress for individuals whose sensitive information was exposed.
What is the Australian government's response to cyber threats?
The government is increasing efforts to disrupt cyber crime and advising businesses not to pay ransoms.
How does the structure of cyber crime groups resemble traditional organized crime?
Cyber crime groups operate with a hierarchy, similar to organized crime syndicates, including roles for management and HR functions.
What lesson does the conflict in Ukraine provide regarding cyber warfare?
The Ukraine conflict has shown how cyber attacks are integrated with traditional warfare, suggesting future conflicts will see deeper ties between cyber and military operations.
What measures should organizations take to secure their data?
Organizations need to assess their data retention policies and implement strong encryption and de-identification protocols.
Why might paying a ransom be discouraged?
Paying ransoms feeds the business model of cyber criminals, encouraging further attacks.
What is the significance of the latitude Financial hack?
The latitude Financial hack was larger than the Medibank breach and reflects the escalating nature of cyber crime in Australia.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!

Subtitles

Auto Scroll:

00:00:02
foreign
00:00:08
cyber Security Experts scrambling to
00:00:10
assess the scale of the attack the Cyber
00:00:12
attack on latitude Financial little
00:00:15
details of millions of Optus customers
00:00:17
at risk
00:00:19
it's organized crime it's a modern day
00:00:21
version of the mob
00:00:23
Australia is under attack and the enemy
00:00:26
is anonymous
00:00:29
with all of these attacks they are
00:00:32
intense they're stressful it's hard not
00:00:35
to feel anxiety
00:00:38
we might think it's one guy in a
00:00:40
basement wearing a hoodie but the
00:00:42
reality is it is a business operation on
00:00:44
some counts Global cyber crime is the
00:00:47
third biggest economy in the world
00:00:49
every seven minutes a Cyber attack is
00:00:52
reported in Australia and businesses are
00:00:55
paying tens of millions of dollars in
00:00:58
ransoms
00:00:59
this hurts many people businesses go out
00:01:02
of business people lose their jobs
00:01:04
stocks plummet in their value there's a
00:01:07
lot of damage
00:01:09
this Four Corners episode cracks open
00:01:11
the operations of the Cyber gangs
00:01:14
targeting Australia this structure you
00:01:16
get scale you look like any other
00:01:18
software company but you're actually
00:01:20
just a criminal organization
00:01:22
I think he's online now so he's come
00:01:25
back with Australians at the most
00:01:27
stupidest humans alive and they have a
00:01:29
lot of money for no reason a lot of
00:01:31
money and no sense at all
00:01:36
we go to Ukraine to track them down
00:01:40
and discover we are battling a common
00:01:43
enemy so they hit Australia yeah these
00:01:46
guys Target Australia
00:01:50
the Australian government warns we must
00:01:52
all brace for more attacks
00:01:57
to Cyber attack s can hack back
00:02:00
and the instruction of the Australian
00:02:01
government now is you go you Rove the
00:02:03
world you find these people and you hurt
00:02:05
them before they can hurt us
00:02:21
so this is the place where our analysts
00:02:24
are monitoring the networks of our
00:02:26
customers for malicious activity that
00:02:29
suggests that maybe it's the beginning
00:02:31
of a ransomware attack
00:02:32
[Music]
00:02:33
so as you can see we have two detections
00:02:36
two executions that were allowed and
00:02:38
five were blocked we'll be doing a
00:02:41
couple of hundred major incidents a year
00:02:48
often we'll wake up when there is a high
00:02:51
severity alert like if there's something
00:02:53
bad happening you don't want to leave it
00:02:55
till the next morning to respond to it
00:03:00
it's a bit of a cat and mouse game
00:03:01
really
00:03:03
The Defenders get better
00:03:05
the cyber crime ecosystem is incredibly
00:03:08
resilient
00:03:10
they operate from offshore safe havens
00:03:13
Russia for example green lights it's
00:03:15
ransomware and cyber extortion actors
00:03:17
provided they don't attack Russian
00:03:20
targets
00:03:22
as head of intelligence for cyber
00:03:24
security companies cyber CX Catherine
00:03:28
manstead understands the inner workings
00:03:30
of the criminal syndicates causing chaos
00:03:33
in the lives of Australians
00:03:36
what we're defending against is cyber
00:03:38
extortion gangs and they use a range of
00:03:40
tools to achieve their objectives one of
00:03:42
those is ransomware so they lock up the
00:03:44
systems of their victims until those
00:03:46
victims pay a ransom to unlock the
00:03:49
systems or or hopefully find another way
00:03:51
to get themselves back online the other
00:03:54
thing they're doing and they're doing
00:03:55
this increasingly is stealing
00:03:57
information you don't need ransomware
00:03:59
for that you walk into the system you
00:04:01
steal information and you threaten to
00:04:03
make it public unless the victim pays a
00:04:06
ransom
00:04:07
in October last year Australia was hit
00:04:10
by one of the largest data breaches in
00:04:13
its history
00:04:14
cyber CX was part of the response
00:04:18
medibank was part of a string of attacks
00:04:22
against well-known popular household
00:04:25
brands in Australia late last year that
00:04:28
formed something of a wake-up call
00:04:30
[Music]
00:04:37
authorities won't reveal details about
00:04:39
the heck we want to find out who was
00:04:42
behind it
00:04:44
I'm on the way to meet a man who is
00:04:46
working with midibank when the hack was
00:04:48
first detected John McPherson used to
00:04:51
work in international security overseas
00:04:53
he's home now and gets called in for
00:04:55
major cyber incidents we're hoping to
00:04:58
find how the first few days after the
00:05:00
hack unfolded
00:05:02
foreign
00:05:05
I received a call quite late at night on
00:05:08
the 12th of October the night before he
00:05:11
became public
00:05:12
it's the first priority was containing
00:05:15
the attack and making sure that the
00:05:16
systems were secure after that the the
00:05:19
very lengthy process of forensic
00:05:22
investigation and trying to understand
00:05:23
exactly what had happened what the
00:05:25
parameters of the attack were began in
00:05:27
earnest
00:05:29
how would you describe the mood of the
00:05:31
team I think with all of these attacks
00:05:34
they are intense they're stressful it's
00:05:38
hard not to feel anxiety but you have a
00:05:42
good plan you execute that plan
00:05:45
six days after the attack the hacker
00:05:47
sent an ominous message directly to the
00:05:49
medibank CEO's phone
00:05:52
hi as your team is quite shy we decided
00:05:55
to make the first step in our
00:05:57
negotiation we found people with very
00:06:00
interesting diagnoses
00:06:04
they were threatening to release a
00:06:08
so-called naughty list which was a list
00:06:12
of a hundred people
00:06:14
who had received various forms of highly
00:06:19
sensitive Medical Treatments so a an
00:06:21
outright threat of uh releasing the most
00:06:26
damaging kind of material as a way of
00:06:29
trying to extort money
00:06:33
for Claire O'Neill Australia's first
00:06:35
cyber security minister this was the
00:06:38
second major breach in as many months
00:06:43
it's just it is just a low Act of a of a
00:06:47
sub-human type of person to take
00:06:50
personal health information the most
00:06:52
private thing that URI could have and
00:06:55
try to use that for money it just
00:06:57
disgusts me and it does tell us that we
00:06:59
are dealing with a particular type of
00:07:01
scumbag here
00:07:02
[Music]
00:07:04
the hackers doubled down ramping up
00:07:06
their threats
00:07:08
in the event of a negative outcome of
00:07:10
the negotiations for us we will do
00:07:13
everything in our power to inflict as
00:07:15
much damage as possible for you both
00:07:18
financial and reputational
00:07:20
[Music]
00:07:24
they want you to panic and then pay
00:07:27
I think in the medibank case the hakka
00:07:31
seemed to enjoy the media and the
00:07:33
notoriety
00:07:34
[Music]
00:07:35
they seem to think that the negative
00:07:38
publicity would be a trigger for
00:07:40
medibank to pay a ransom when in actual
00:07:42
fact it's it's quite the opposite
00:07:47
after almost a month of back and forth
00:07:49
with the hacker in November medibank
00:07:52
confirmed that 9.7 million of its
00:07:55
current and former customers had been
00:07:57
impacted
00:07:59
and the hackers quoting Confucius
00:08:01
published their ultimatum
00:08:07
they demanded almost 10 million dollars
00:08:10
or in 24 hours the stolen data would be
00:08:14
released
00:08:15
[Music]
00:08:17
finally medibank made the decision not
00:08:20
to pay the ransom
00:08:22
on the 9th of November the so-called
00:08:26
naughty and nice list of customers
00:08:31
details were released
00:08:34
[Music]
00:08:35
lawyer Andrew Watson was watching the
00:08:38
drama unfold
00:08:40
he's led many major class actions and
00:08:44
knew how large the impact of this breach
00:08:46
could be
00:08:48
people have just been devastated by the
00:08:53
circumstances of what's occurred
00:08:58
we've had people who have had procedures
00:09:02
that have involved termination
00:09:05
who for obvious reasons didn't want that
00:09:09
public we've had people who
00:09:13
were the subject to drug and alcohol
00:09:16
treatment who have been devastated by
00:09:18
the fact that that might become known
00:09:22
I think for some medibank customers it
00:09:24
was obviously TP upsetting I think for
00:09:27
others it wasn't a material issue
00:09:30
the important thing is
00:09:32
medibank's refusal to pay a ransom
00:09:35
results in keeping Australian companies
00:09:38
safe from future attacks that makes it
00:09:40
easier for companies in the future to
00:09:43
refuse to pay criminals for data that
00:09:46
they've stolen
00:09:50
the Australian federal police were in
00:09:52
charge of investigating the hack
00:09:55
so you've got no doubt that that
00:09:56
midibank hack was sourced in Russia
00:10:00
we've got no doubt that a number of the
00:10:02
Simon cripples who are involved in that
00:10:04
attack were based in Russia can you tell
00:10:07
us anything about the people behind it
00:10:09
no I can't go into that John given the
00:10:12
ongoing investigation
00:10:15
as the crisis deepened inside medibank
00:10:19
the team was scrutinizing their system
00:10:21
for any trace of the hacker
00:10:24
what does a forensic team look for when
00:10:26
it does its investigation forensic teams
00:10:29
are sifting through terabytes of data
00:10:32
and hundreds of millions of lines of
00:10:34
code
00:10:35
they're looking for the traces that
00:10:37
hackers leave in the system so they're
00:10:39
looking through computer logs they're
00:10:42
looking for the triggers of malware and
00:10:45
viruses that they leave behind in
00:10:46
systems they're looking for traffic that
00:10:49
leaves an organization and and travels
00:10:53
overseas
00:10:55
the way the criminal groups operate
00:10:57
makes tracking them all the more
00:10:58
difficult gangs sell access to software
00:11:01
that harms a network and they control
00:11:03
Ransom negotiations with the victims but
00:11:06
it's hackers known as Affiliates that
00:11:09
make the initial breach
00:11:11
so an affiliate is a fancy word for
00:11:14
people who buy into a ransomware or a
00:11:18
cyber extortion model I guess you could
00:11:20
say it's a bit like a franchise but
00:11:22
instead of a business person buying
00:11:26
access to the McDonald's brand and
00:11:29
supply chain and Tech Innovation and
00:11:32
illegitimate cyber criminal buys into a
00:11:36
ransomware or a cyber extortion model so
00:11:38
they might rent the malware the
00:11:40
ransomware they might
00:11:42
get access to that group's dark web
00:11:46
resources their portals for leaking
00:11:48
information and they'll do all of that
00:11:51
of course for a monetary incentive they
00:11:53
get to keep a big portion of the ransoms
00:11:55
that they harvest
00:11:56
[Music]
00:11:58
The Gangs each develop their own
00:12:00
ransomware a type of malicious software
00:12:04
if there's a trace of that ransomware in
00:12:06
an attack it can be credited back to the
00:12:09
Gang
00:12:12
cyber criminals can use an exploit like
00:12:14
a lure a fishing lure and you can click
00:12:15
on that link and then malware's uploaded
00:12:19
and they sit and they wait and they do
00:12:22
reconnaissance sometimes up to six
00:12:23
months on your systems work out what
00:12:26
your valuable data is to you and how
00:12:27
they can steal it
00:12:30
many banks negotiators had been engaging
00:12:33
with the hacker for weeks
00:12:36
are you from
00:12:38
in this case we'd better be anonymous
00:12:41
just a ransomware group
00:12:44
the hacker claimed to be affiliated with
00:12:46
several well-known cider gangs but the
00:12:49
medibank team was skeptical the hacker
00:12:53
was not able to give any confidence that
00:12:56
they were affiliated with a Criminal
00:12:58
group
00:12:59
so they were never able to demonstrate
00:13:01
that they were part of a group who would
00:13:04
do what they say they were going to do
00:13:10
ultimately the blog the medibank hacker
00:13:13
decided to leak the data on offered the
00:13:16
best lead
00:13:19
Jeremy Kirk is a cyber analyst and
00:13:21
agreed to take us through the evidence
00:13:26
there's several Clues as to who might be
00:13:29
responsible but nothing is a hundred
00:13:30
percent and when the MetaBank data the
00:13:33
personal data started to be released it
00:13:35
was released on a blog site and this is
00:13:38
common for ransomware gangs to release
00:13:40
stolen data on blogs in order to try to
00:13:42
get the victims to pay this blog had a
00:13:45
bit of a technical history and had kind
00:13:48
of a tie to another ransomware gang
00:13:50
called our evil which was one of the
00:13:52
largest ransomware gangs so the belief
00:13:55
is that the people who were responsible
00:13:58
for the attack against medibank may be
00:14:00
linked to those people with the our evil
00:14:02
ransomware gang but again nothing is a
00:14:04
hundred percent it's just a suspicion so
00:14:06
who is our evil yeah our evil it stands
00:14:09
for ransomware evil and it was one of
00:14:11
the biggest and most successful uh sort
00:14:14
of ransomware groups it made at least a
00:14:16
hundred million dollars it was similar
00:14:19
to other ransomware gangs in that it was
00:14:21
as a service so other cyber criminals
00:14:23
could sign up and use the ransomware it
00:14:25
conducted some of the largest ransomware
00:14:27
attacks at the time and caused an
00:14:30
enormous amount of damage to businesses
00:14:32
and organizations
00:14:36
Revel sat at the top of that ransomware
00:14:40
Kingdom for a very long time
00:14:42
John DiMaggio knows the gang referred to
00:14:44
as both are evil or Revel very well
00:14:49
one of the big things that they did and
00:14:51
that they made famous was the double
00:14:53
extortion model what rival did was they
00:14:55
didn't just encrypt their victims data
00:14:57
but they also stole the data and they
00:15:01
would post bits of it publicly on their
00:15:03
website in order to embarrass victims
00:15:06
and sort of entice them to to pay the
00:15:10
ransom in 2020 the gang targeted several
00:15:13
high-profile companies in the United
00:15:15
States and turned their ransomware on
00:15:18
celebrities
00:15:20
Revo went after the new york-based legal
00:15:24
firm that had strong ties to both
00:15:26
politicians and the entertainment
00:15:28
industry as they looked through it they
00:15:31
started to see very popular names like
00:15:33
Bruce Springsteen Madonna president
00:15:36
Donald Trump and there were others as
00:15:38
well and they began to believe that they
00:15:40
would be able to get you know people
00:15:42
like Madonna to pay them this vast
00:15:44
amount of money and then they jumped to
00:15:45
the president United States
00:15:47
it's just amazing they would be that
00:15:49
dumb to threaten the president of the
00:15:50
United States but they did they really
00:15:52
put their target on on their own back
00:15:54
when they did all of this
00:15:56
there are a few pivotal incidents in
00:15:59
mid-2021 when was the attack against
00:16:01
Colonial pipeline which was the big
00:16:03
energy provider in the U.S that wasn't
00:16:06
our evil it was a group called dark side
00:16:08
but the groups were kind of linked and
00:16:10
then there were a couple Affiliates for
00:16:12
our evil that conducted attacks against
00:16:14
JBS foods which was the large abattoir
00:16:17
and those incidents really elevated
00:16:20
ransomware to a national security
00:16:21
concern particularly in the United
00:16:23
States
00:16:24
the ransomware attack they did against
00:16:27
JBS food that was an example of how they
00:16:30
could cause disruption that crossed
00:16:32
borders that caused operational
00:16:34
disruption of a significant degree and
00:16:37
the ransom they demanded for that which
00:16:40
was paid was about 11 million U.S
00:16:44
John DiMaggio was monitoring Revel every
00:16:47
step of the way
00:16:48
once I gained access to the crime forums
00:16:51
now they were there every day and I
00:16:53
could see the conversations they were
00:16:54
having with other criminals and even
00:16:56
participate in conversations
00:16:59
he even applied to join the gang posing
00:17:02
as a hacker we got pretty far in the
00:17:04
interview but what they did at the end
00:17:06
caught me off guard they asked me about
00:17:08
Russian folklore and they asked things
00:17:11
that I believe that they thought only a
00:17:14
true native Russian would know and you
00:17:16
know we weren't able to Google anything
00:17:18
quick enough to figure it out and that
00:17:20
was the end of our interview
00:17:22
it's organized crime it's an organized
00:17:24
group of cyber criminals that work
00:17:26
together and share money and it's a
00:17:28
modern day version of the mob
00:17:33
so this is the way that ransomware gangs
00:17:36
are often structured there's a boss kind
00:17:37
of at the top or maybe a couple
00:17:39
different bosses there's kind of a layer
00:17:40
of middle management and those middle
00:17:42
managers then interface with the people
00:17:43
who actually do a lot of the work
00:17:45
there's an HR function which is
00:17:47
responsible for recruiting other cyber
00:17:49
criminals and people who want to be a
00:17:51
part of it there's coders who develop
00:17:53
the malware which is actually the
00:17:55
malicious software that's infecting
00:17:56
computers you'll have an offensive team
00:17:58
as well so one's a company or
00:18:00
organization is infected with malware
00:18:02
they'll take over and go into that
00:18:04
organization figure out where their
00:18:06
sensitive assets and data are in order
00:18:08
to steal that data and then also encrypt
00:18:10
it and then finally after that has
00:18:12
happened they usually send an extortion
00:18:14
note to a company which is where the
00:18:16
negotiators come in and they're
00:18:17
responsible for trying to extract as
00:18:19
much money as possible from the victim
00:18:20
we've seen over the years that some of
00:18:22
the big drug gangs the medicine drug
00:18:25
cartel Etc came up with these sorts of
00:18:27
corporate structures is this the Cyber
00:18:29
equivalent of the median drug cartel
00:18:31
yeah absolutely it's like looking for a
00:18:33
fish efficiency in any way and that's
00:18:35
what they've discovered they've been
00:18:36
able to get scale and efficiency and
00:18:38
attack more companies and organizations
00:18:41
than ever before so how do we know this
00:18:44
is the sort of structure that some of
00:18:46
these groups are implementing yeah so in
00:18:48
early 2022 there were tens of thousands
00:18:51
of chat messages leaked on the internet
00:18:53
that belonged to a group called The
00:18:55
Conti ransomware group and it was
00:18:58
basically their entire Communications
00:18:59
for two years and so it really just
00:19:01
opened it up for researchers like okay
00:19:03
this is what it's like day to day in a
00:19:06
cyber criminal group
00:19:07
[Music]
00:19:10
the leak that cracked open the inner
00:19:12
workings of the Conti gang was revenge
00:19:14
for the group's support of Russia's
00:19:16
invasion of Ukraine
00:19:19
more than 60 000 internal messages
00:19:22
reveal in forensic detail Conti's
00:19:25
negotiation strategies and HR disputes
00:19:30
they also provided insight into how
00:19:32
other big cyber gangs like Revel operate
00:19:37
foreign
00:19:37
[Music]
00:19:39
from the manager who says your next
00:19:43
salary depends on my good mood and
00:19:46
anybody who doesn't reply within three
00:19:48
hours of me trying to contact them gets
00:19:50
a strike against their name two strikes
00:19:52
and you're out it's pretty ruthless
00:19:54
organization yeah the managers were
00:19:56
pretty frustrated with their employees
00:19:57
and they had high turnover as a result
00:19:59
too I mean clearly you know the chats
00:20:01
showed you know management was upset
00:20:03
with this because they're trying to
00:20:05
pressurize you know their employees to
00:20:07
get more productivity out of them it
00:20:09
just happens to be you know productivity
00:20:11
motivated by crime here we have another
00:20:14
one
00:20:15
this month three people were fine for
00:20:17
absenteeism and various mistakes that
00:20:19
led to losses these fines will go to the
00:20:22
bonus fund for employees of the month
00:20:25
so this is really strange right like
00:20:27
these are normal sort of uh things that
00:20:29
managers would deal with in normal
00:20:30
companies and here this is a cyber
00:20:31
criminal organization right that has an
00:20:34
employee of the month
00:20:37
chats reveal that Conti's leadership was
00:20:40
particularly unhappy with their Ransom
00:20:42
negotiators complaining we bargain like
00:20:45
school children gangsters don't behave
00:20:48
like that
00:20:51
we've got a recording here of a woman
00:20:53
from Conti ringing up a victim
00:20:55
pressuring them for money let's listen
00:21:02
um Luke
00:21:03
[Music]
00:21:05
um I'm calling you from Palmdale
00:21:08
your company right now in negotiation
00:21:13
regarding data recovery
00:21:17
I find that chilling this is a woman
00:21:19
from a crime gang essentially they're
00:21:21
effectively holding a gun to the head of
00:21:23
the firm and it sounds like someone's
00:21:25
ringing to say you haven't paid your
00:21:27
electricity bill exactly the calling is
00:21:29
a very aggressive tactic to start
00:21:30
calling and harassing organizations and
00:21:33
ransomware gangs do that they they pull
00:21:35
out all stops to try and you know get
00:21:38
that organization to pay including kind
00:21:40
of running a call center
00:21:41
[Music]
00:21:45
yeah
00:21:46
our researcher Jess Longbottom managed
00:21:49
to contact a hacker who worked with
00:21:51
several cyber gangs he also claimed he
00:21:54
was part of Revel
00:21:56
[Music]
00:21:57
he agreed to chat with us on the
00:21:59
encrypted site Telegram
00:22:02
so we're hoping to chat to him and find
00:22:04
out a bit more about the group and
00:22:06
hopefully medibank definitely
00:22:09
he's online now
00:22:13
how do you feel when you hack into
00:22:20
a system
00:22:23
and he says great it's a feeling of
00:22:25
being on top of the world like nobody
00:22:27
can touch you
00:22:29
he claimed he traveled freely between
00:22:31
Eastern Europe and the UK and had no
00:22:34
fear of arrest he said he loved
00:22:37
targeting American companies let's ask
00:22:40
him about Australia
00:22:48
look at this yes let me tell you
00:22:50
something Australians are the most
00:22:52
stupidest humans alive
00:22:54
so pretty strong language there and they
00:22:57
have a lot of money for no reason a lot
00:22:59
of money and no sense at all stupidest
00:23:01
humans alive there's such hostility uh
00:23:04
from him towards the US and Australia
00:23:06
yeah it's quite incredible I think we
00:23:09
should ask him about midibank
00:23:11
yeah okay
00:23:13
do you know who's behind the hack
00:23:19
in the setup for the interview we had
00:23:21
not mentioned anything about medibank
00:23:24
so we were surprised he answered our
00:23:26
questions so quickly
00:23:29
come back with the the shush the swish
00:23:31
emoji
00:23:36
which I wonder I wonder I think that
00:23:38
relates to blog XX which is the which is
00:23:41
the blog where the medibank data leak
00:23:43
was actually published
00:23:47
we asked if blog xx and revel were the
00:23:50
same people
00:23:54
yes however there is some new faces
00:23:57
wow so he's saying that it's Revel and
00:24:00
blog XX
00:24:01
um they're connected it's really
00:24:03
interesting yeah
00:24:04
so is it correct that Rebel
00:24:09
was involved
00:24:11
in the medibank hack
00:24:17
ha yes indeed so he's confirming as much
00:24:21
as we can trust him that rival was
00:24:24
involved in midibank which is really
00:24:26
interesting because there's been so much
00:24:28
speculation that they were exactly that
00:24:31
to have him saying that really
00:24:33
contributes towards the picture and
00:24:36
interesting because lots of people said
00:24:37
that the attack wasn't sophisticated
00:24:39
enough to be Rebel so I think we should
00:24:42
put to him that the medibank hack caused
00:24:44
distress to millions of Australians and
00:24:46
see what he says about that
00:24:55
could not care less is his response wow
00:24:58
completely without empathy or morality
00:25:02
yeah exactly so much bravado
00:25:05
[Music]
00:25:06
we sent our conversation with the hacker
00:25:09
to John DiMaggio
00:25:11
my professional opinion is this sort of
00:25:14
second raising of Revol that we've seen
00:25:16
over the past year is not the original
00:25:18
group they simply have access to the
00:25:20
infrastructure and to the Rival malware
00:25:23
in my opinion someone else is using
00:25:26
their malware today this is for the ones
00:25:29
that are occurring to evade authorities
00:25:32
gangs are morphing all the time packers
00:25:35
come and go but the ransomware they
00:25:37
develop is still used
00:25:39
we've seen with some groups once they
00:25:42
create too much harm and fear they get
00:25:44
too big for their boots that's when
00:25:46
they're most likely to attract the
00:25:48
attention of global law enforcement
00:25:49
after that those groups have
00:25:53
metastasized their Affiliates have left
00:25:56
the big bad Ransom and cyber extortion
00:25:59
gangs and they've moved on to smaller
00:26:01
gangs and they're playing their trade
00:26:03
through smaller lower profile groups so
00:26:06
the threat has changed it hasn't
00:26:09
necessarily diminished
00:26:13
months later the damage of the midibank
00:26:16
hack is still being uncovered
00:26:19
effectively every medibank customers
00:26:21
details were placed on the dark web
00:26:23
given the sensitivity of the data it
00:26:27
seems likely that medibank should have
00:26:30
been looking at a proper encryption
00:26:33
protocol or a de-identification protocol
00:26:36
so that the data even if hacked would
00:26:40
have been useless to the hackers there
00:26:42
was criticism of medibank storage of
00:26:45
personal data what's your opinion of
00:26:46
that
00:26:48
I think every organization in Australia
00:26:50
is now rapidly trying to assess how much
00:26:53
data they hold how secure it is whether
00:26:56
they need it or not how long they've
00:26:58
retained it for
00:27:00
I think it goes back to the question
00:27:02
that as a nation we've placed too much
00:27:04
value on collecting data and not enough
00:27:06
value on how we secure it and whether or
00:27:09
not we actually need to keep it
00:27:14
medibank is one of a string of hacks
00:27:16
that has made cyber crime a key priority
00:27:18
for the federal government
00:27:20
hey everyone in Australia a Cyber attack
00:27:23
is now reported every seven minutes
00:27:27
for businesses these days cyber security
00:27:30
is as important as having a lock on the
00:27:34
door
00:27:36
increased awareness Rachel Fork is on
00:27:38
the panel developing the government's
00:27:40
new cyber security strategy so all of us
00:27:43
understand one of the options being
00:27:45
considered is starving The Gangs of
00:27:47
funds by making the payment of ransoms
00:27:50
illegal
00:27:53
The Ransom note the damage has been done
00:27:55
by that point you're either in pain
00:27:57
Ransom mode or reputation Salvage mode
00:28:00
remembering it's a bit like The House
00:28:02
Always Wins here they always keep a copy
00:28:05
of your data you can then pay and they
00:28:07
will not release their data allegedly
00:28:09
will not release data on the dark web
00:28:10
for sale but you never know what's going
00:28:12
to happen happen with the copy of the
00:28:13
data that's stolen what's your view on a
00:28:15
company that's been hacked considering
00:28:17
paying a ransom well obviously it's a
00:28:20
it's a challenging situation in the
00:28:21
boardroom absolutely and it will never
00:28:23
be black and white the Australian
00:28:25
government's really clear advice is that
00:28:27
we would ask that Australian companies
00:28:28
organizations and individuals do not pay
00:28:31
Ransom because this simply feeds the
00:28:33
business model of cyber hackers so
00:28:35
ransomware is one of the biggest cyber
00:28:37
threats that we face as a country and
00:28:39
we're not pallets when it comes to cyber
00:28:41
attacks we can hack back at these people
00:28:43
and use the same tools that they are
00:28:45
using to hurt Australians to hurt them
00:28:47
and the instruction of the Australian
00:28:49
government now to the Australian signals
00:28:51
director at the Cyber guns of the
00:28:52
Australian government and the Australian
00:28:54
federal police is you go you Rove the
00:28:56
world you find these people and you hurt
00:28:58
them before they can hurt us
00:29:00
[Music]
00:29:04
it's the AFP cyber command which is now
00:29:08
tasked with going after or disrupting
00:29:10
the Cyber gangs
00:29:12
disruption is about frustrating their
00:29:14
ability to operate and stopping their
00:29:16
ability to operate
00:29:18
while we're at AFP Sydney headquarters
00:29:21
news breaks of another hack we've heard
00:29:24
there's been a major cyber incident the
00:29:26
team's pretty tight-lipped about what's
00:29:28
happened but what we do know is that a
00:29:30
loans credit card and insurance company
00:29:32
has been hacked and more than 200 000
00:29:35
customer records stolen the team's being
00:29:37
briefed and are on standby
00:29:42
Days Later latitude Financial revealed
00:29:45
the hack was much larger with the data
00:29:47
of 14 million former and current
00:29:49
customers stolen
00:29:53
I think it's now the new Norm we are
00:29:57
seeing the incidence of ransomware
00:29:59
attacks becoming more prevalent both in
00:30:01
terms of the number but also the scale
00:30:03
the sophistication and the impacts on
00:30:06
our community
00:30:07
do you think most Australians understand
00:30:09
how nasty this new world is no I don't I
00:30:12
think it's an evolving situation for all
00:30:14
of us
00:30:16
increasingly there's been a shift to
00:30:19
disruption which is a way to get at
00:30:22
these gangs before they can cause harm
00:30:24
the FBI and its Global law enforcement
00:30:27
partners and Australian law enforcement
00:30:28
are getting better at this we've seen
00:30:31
the FBI and other Global law enforcement
00:30:34
Partners seize infrastructure so these
00:30:36
groups are forced offline we've seen
00:30:38
them infiltrate groups to get the
00:30:40
decryption key so that when they engage
00:30:42
in ransomware global law enforcement can
00:30:45
come in and help those victims by giving
00:30:47
them the decryption key rather than
00:30:49
those victims having to pay a ransom
00:30:55
it was that Arsenal that the Federal
00:30:58
Bureau of Investigation used to bring
00:31:00
down rival after the gang carried out
00:31:03
one of the largest attacks in history
00:31:07
when cassia was attacked what happened
00:31:09
is they had about 1500 Downstream
00:31:12
customers that rival leveraged their
00:31:15
software to infect with their ransomware
00:31:17
so instead of just having one large
00:31:19
corporation now being held ransom they
00:31:21
had 1500 companies being held Ransom
00:31:25
unlike a lot of technology companies can
00:31:27
say is pretty easy to understand the
00:31:30
hack affected companies in at least 18
00:31:32
countries including Australia closing
00:31:34
down supermarkets in Sweden and
00:31:37
impacting kindergartens in New Zealand
00:31:39
and discover how casay can help you
00:31:41
simplify your systems management tasks
00:31:44
so this was a really good example of
00:31:46
rival trying to maximize harm by hitting
00:31:49
one organization that provided services
00:31:51
to thousands of others they demanded a
00:31:54
ransom in that case of 70 million
00:31:57
dollars
00:31:58
the attack came only weeks after
00:32:01
President Biden called on President
00:32:03
Putin to reign in Russia's cyber
00:32:06
criminals I did what I came to do
00:32:09
the US made an arrest and the gang's
00:32:12
leak site went offline
00:32:16
then in a surprise move in 2022 Russian
00:32:20
intelligence rated 14 members of the
00:32:23
group
00:32:24
but it wasn't the end of revel's
00:32:27
ransomware
00:32:29
the guys that they arrested were all
00:32:32
very young men they were primarily
00:32:34
Affiliates they were not the core
00:32:35
members of the gang they weren't the
00:32:37
ransomware developers they weren't the
00:32:39
ones supporting all these operations
00:32:41
they were simply the people that were
00:32:43
the hired hackers
00:32:45
it doesn't stop the attacks they can
00:32:47
just come back under a new name and
00:32:49
continue business as usual
00:32:53
wow I have been providing initial access
00:32:56
the hecka we spoke to earlier told us
00:32:59
the 14 members were now out of jail and
00:33:03
that he was supporting Russia's war
00:33:04
effort by providing initial access to
00:33:07
ukrainian-owned infrastructure
00:33:11
John DiMaggio was not surprised he
00:33:13
believes that the original masterminds
00:33:15
behind rival are hacking for Russia they
00:33:19
are supporting the war in the Ukraine
00:33:20
think about it even as Affiliates
00:33:22
they're some of the the best hackers in
00:33:23
the world so I 100 believe that that is
00:33:27
what how Russia is utilizing them
00:33:28
they're helping the Russian intelligence
00:33:30
Services creating malware uh and
00:33:33
facilitating attacks against the Ukraine
00:33:35
to sort of better the mission of Russia
00:33:40
as the war in Ukraine learned DiMaggio
00:33:44
says Russia's cyber criminals were given
00:33:46
an ultimatum hack for your country or
00:33:49
your assets will be seized and you'll go
00:33:51
to jail
00:33:52
[Music]
00:33:54
we know that these crime gangs have
00:33:56
always had a pretty cozy relationship
00:33:58
with Russian intelligence and security
00:34:01
agencies
00:34:03
we've seen those leveraged during the
00:34:05
Russian Ukraine war we've seen in
00:34:08
particular some groups that have come
00:34:11
out and said our Allegiance is to Russia
00:34:14
and we will engage in activities to
00:34:16
support Russia's cause and to undermine
00:34:18
Ukraine
00:34:27
[Music]
00:34:29
in Ukraine cyber attacks are about more
00:34:32
than just money
00:34:34
they're about life and death
00:34:40
[Music]
00:34:52
we've come to Kiev to track the Russian
00:34:54
cyber gangs targeting Australia
00:34:57
we're on the way to the agency
00:34:59
responsible for protecting Ukraine
00:35:01
including against cyber attacks
00:35:04
Robert Potter co-founder of Australian
00:35:07
cyber security company internet 2.0 is
00:35:10
taking us there
00:35:12
so we're heading up to sbu headquarters
00:35:15
the sbu is the primary domestic
00:35:19
Intelligence Agency of Ukraine it's like
00:35:22
our asio it's equivalent to our Azo or
00:35:25
MI5
00:35:27
curity is tight the sbu would be one of
00:35:30
moscow's top targets we're gonna need to
00:35:33
switch that off now
00:35:37
hello hello
00:35:38
the man we've come to meet is Ilya
00:35:41
vitiork the country's senior cyber
00:35:44
intelligence officer that's me
00:35:48
that's okay
00:35:51
I'm sure you don't go around handing out
00:35:53
cards too often yeah in your job
00:35:57
Australians know about the Invasion the
00:35:59
physical War but are there now two Wars
00:36:02
going on they combined cyber attacks
00:36:05
with psychological information special
00:36:07
psychological information operations and
00:36:10
they do combine cyber attacks with
00:36:13
genetic attacks cyber attacks
00:36:15
accompanied missile attacks on our
00:36:17
energy sector since October so they try
00:36:21
to destroy ID infrastructure of power
00:36:24
plants and distribution companies
00:36:27
simultaneously with cyber attacks to
00:36:29
cause more damage and to make people
00:36:33
suffer even more what can Australia
00:36:36
learn from Ukraine's experience with
00:36:39
Russian hackers no other country in the
00:36:42
world has faced what Ukraine has faced
00:36:46
in cyber domain first of all and the
00:36:49
experience we have how to withstand
00:36:53
when your enemy is more powerful is
00:36:57
crucial we've invented and used
00:36:59
different kinds of algorithm techniques
00:37:02
tools that have proved their
00:37:04
effectiveness and we are ready to share
00:37:06
this knowledge and this experience with
00:37:09
the world
00:37:16
in another part of the city internet 2.0
00:37:19
is working to strengthen Ukraine's cyber
00:37:22
defense
00:37:23
the other founder David Robinson has
00:37:26
just arrived
00:37:27
[Music]
00:37:30
it's fascinating
00:37:32
um
00:37:37
I mean amazing is we can see the
00:37:40
international cyber war on our
00:37:43
dashboards all over the world if the
00:37:44
Russians for example were attacking one
00:37:47
of the computer networks we're
00:37:48
protecting the systems can detect flag
00:37:51
that Russian cyber attacks using
00:37:53
algorithms using lots of pieces of
00:37:57
Technology all in the cyber security
00:37:59
industry in order to identify flag and
00:38:01
then view that that threat and then we
00:38:04
can basically block it
00:38:06
the team security engineer rafig Jabra
00:38:09
yilov has already got to work
00:38:12
here he's monitoring Russian cyber
00:38:14
attacks
00:38:16
so when someone in Russia makes an
00:38:18
attack you can see that here yes in real
00:38:21
time in real time with the live data we
00:38:24
can see their iPad dresses we can detect
00:38:27
their rough estimated locations it's a
00:38:30
never-ending battle isn't it yes it's
00:38:32
basically a cyber wall going between
00:38:35
engineers and attackers so as you said
00:38:39
it's never ending and as much as they
00:38:41
are improving their skills we need to do
00:38:44
it twice three times more to be ahead of
00:38:47
them
00:38:53
it is the first
00:38:55
first war in history
00:38:57
between two major cyber Powers Russia
00:39:00
and Ukraine we've never seen this before
00:39:03
and right from the beginning of the
00:39:05
conflict cyber has been an ever-present
00:39:09
dimension of that conflict
00:39:12
Catherine manstead has analyzed how
00:39:14
effective Russia's combination of
00:39:16
traditional and cyber warfare has been
00:39:19
from the outset Russia has made an
00:39:22
attempt to coordinate its cyber and its
00:39:24
conventional effects
00:39:25
it hasn't always been successful and in
00:39:28
fact towards the beginning of of the war
00:39:30
it did better on this perhaps because it
00:39:33
had more time to plan and coordinate
00:39:37
on one day in the first week we had a
00:39:39
missile strike on a broadcasting Tower
00:39:43
we also had a Cyber attack against a
00:39:47
Broadcasting Company as well as a
00:39:50
broader information campaign Russia said
00:39:52
it was going to disable Ukraine's
00:39:54
quote-unquote disinformation system it
00:39:57
was targeting people on social media it
00:39:59
even was targeting the elderly via phone
00:40:02
calls all of that was about creating
00:40:04
chaos
00:40:09
so Ukraine launched
00:40:10
it defensive and in October hit the
00:40:13
Crimea Bridge how did Russia respond to
00:40:15
that so we enter a new phase in many
00:40:18
respects in Russia's conventional cyber
00:40:21
and information war on the conventional
00:40:23
front it's hitting civilian targets
00:40:26
again Ukraine's looking into a winter
00:40:28
and it's going after energy assets I'm
00:40:31
sending millions of Ukrainian citizens
00:40:34
into blackout it's also hitting water
00:40:37
assets and that's mirrored in many
00:40:39
respects in the Cyber realm what
00:40:41
implications does this have for the next
00:40:43
major military conflict
00:40:45
cyber Defender and every cyber attacker
00:40:48
around the world will be looking at this
00:40:50
conflict so closely and they will be
00:40:53
learning the lessons from Russia Ukraine
00:40:57
Russia has not always done as well as it
00:40:59
could have at precisely coordinating
00:41:01
cyber and kinetic effects in the next
00:41:04
War I would expect we'll see adaptation
00:41:06
and an even closer interlinkage between
00:41:09
those two domains
00:41:15
when there's a Cyber attack in Ukraine
00:41:18
the response will come from this room
00:41:22
it's the nerve center of the country's
00:41:24
cyber defense and the team reports
00:41:27
directly to president zelenski yeah so
00:41:30
this is the threats to Ukraine and
00:41:32
Europe and you can see the different key
00:41:34
groups so they're just
00:41:36
so these are the different sectors that
00:41:38
have been targeted yet yeah and these
00:41:40
are the different attack tools that are
00:41:42
used for instance while looking at the
00:41:46
list of the different groups attacking
00:41:47
Ukraine I see Revel
00:41:52
Revel is the one that hit the medibank
00:41:54
attack so they hit Australia yeah these
00:41:57
guys Target Australia
00:41:58
so the power cuts for a moment not
00:42:01
uncommon here well the system's rebooted
00:42:05
the head of Ukraine's cyber security
00:42:06
Center issues a warning my prediction
00:42:10
for this year that uh
00:42:13
it is U.S Australia European Union
00:42:17
countries who will be targeted more even
00:42:21
more than Ukraine
00:42:23
so you think there'll be more attacks on
00:42:26
countries like Australia
00:42:29
who support Ukraine because they're not
00:42:32
getting the results they want in Ukraine
00:42:34
so they'll move on to other places and
00:42:36
it will be partly revenge for supporting
00:42:38
Ukraine yes
00:42:47
some of those names that came up on
00:42:49
their board today are names that we're
00:42:51
familiar with launching attacks on
00:42:53
Australia what does that say to you it
00:42:56
shows that we are part of the same
00:42:57
environment that they're studying the
00:42:59
same bad guys that we are what they
00:43:01
really are of Russian organized crime
00:43:03
groups being protected by the Russian
00:43:05
government and in some ways becoming
00:43:08
increasingly ideological uh in their
00:43:11
support of the Russian government and
00:43:13
that they that exchange of you give us
00:43:15
safe haven we'll give you a cut is now
00:43:17
we will also Target
00:43:19
the Target the ideological enemies of
00:43:22
the Russian government
00:43:28
in recent weeks the big cyber attacks on
00:43:32
Australia keep on coming Crown Resort
00:43:34
says it's working with police one of
00:43:36
Australia's biggest property giants has
00:43:38
been attacked by cyber criminals a Cyber
00:43:40
attack on latitude Financial has now
00:43:43
become the hack of latitude Financial is
00:43:46
now larger than medibank
00:43:48
ultimately what we see from these groups
00:43:51
is they tend to be pretty good at
00:43:53
outmaneuvering law enforcement
00:43:56
[Applause]
00:43:57
thy will Phoenix to avoid pressure so
00:44:01
when the Heat Is On from Global law
00:44:03
enforcement they will disband their
00:44:05
group they'll lie low for a bit and then
00:44:07
they'll pop up again maybe they'll
00:44:09
Rebrand for example and we've seen that
00:44:10
over and over again so unfortunately
00:44:13
it's going to be really hard for us to
00:44:17
break the business model of cyber
00:44:19
extortion
00:44:25
as a nation Australia is bracing to
00:44:28
fight this ever-changing war against
00:44:30
enemies Who hide behind screens and know
00:44:33
neither boundaries nor morals
00:44:38
what's at stake is everything when you
00:44:41
think about the life that we live online
00:44:43
at the moment consider what things will
00:44:45
look like in 2030 where our fridge and
00:44:48
our electricity in our homes and our air
00:44:50
conditioning and our car everything is
00:44:52
going to be connected to the internet so
00:44:54
we are going to have to get a handle on
00:44:56
this problem well before then
00:44:59
I want cyber hackers to know that we are
00:45:02
onto them and that we are watching them
00:45:04
online and that we will come and hurt
00:45:05
them if they come anywhere near our
00:45:07
country
00:45:10
thank you
00:45:14
[Music]
00:45:25
[Applause]
00:45:37
[Music]