‘I think we should be very concerned’: A cyber crime expert on this week’s hack and what needs to happen next
When Prime Minister Scott Morrison announced this week that a “sophisticated state actor” had targeted the big Australian political parties in a major cyber attack, the revelation threw up more questions than answers.
To make sense of it all, we’re hearing today from Nigel Phair, the director of UNSW Canberra Cyber and an expert on the intersection of crime, technology and society.
He said that while hacks like these should be seen as “the new normal” there was good reason to be concerned.
“Just merely having a breach is quite a big deal. Secondly, you look at the information that they hold. Political parties have information on donors – who they are and how much they give and what they want for it. They have information on the electorate, they have information on their own party politics and tactics for Senate Estimates for Question Time, those sorts of things,” he said.
“So that’s a lot of rich data that you could then use as a nation state to infiltrate other areas to perhaps change voter outcomes.”
The hackers may have used social engineering techniques such as phishing to gain access to the data, he said.
“They are quite unsophisticated attacks. It’s often spoofing an organisation or a person and getting someone, an end user, to reveal login credentials. And because we share passwords across multiple logins, that’s how you gain access to a trophy asset,” he said, adding that the hack served as a reminder to use a password manager and ensure all passwords are long and strong.
“I think we should be very concerned. We’ve got a great case study from the US. We’re very allied to the US and when you look at how nation states have disrupted that election I think it’s a given that there are many out there that’ll disrupt ours.”
Nigel Phair is the Director of UNSW Canberra Cyber.