Sign Up
..... Connect Australia with the world.
Categories

Posted: 2018-03-21 21:19:05

While complex, the static password that Argus created was viewable in plaintext inside a file in the folder Argus created once installed.

"Basically they could see the user's screen, files as if they had logged into the machine locally. From there they could do nearly anything, including load malware. If the attacker knew they were on a medical server they could potentially download a copy of the [Argus] database or more."

Loading

It appears hackers have so far not used access to computers containing medical records to steal the records themselves. Instead, they are using them to conduct illegal activities online, according to a source, who said that they had seen a breached server themselves that was targeted.

"From what I saw, [the criminals] only used it to run other scams (dating, rental scams), and to purchase some goods online from what I guess are stolen credit cards so that the purchase would not get traced to them," the source said.

"The [criminal], in that case, didn't seem interested in the medical data there."

Telstra has not denied that a default static password in its Argus software was to blame for the vulnerability, telling Fairfax Media in a statement on Wednesday: "We will not comment on the specifics of the incident other than to say that a very small group of customers with unsecured remote desktop configurations with open internet access were impacted".

In a recent email sent to customers, Telstra Health advised medical practitioners about "an important security message". It's understood two separate messages were sent; one to former customers who have not received security updates, and another to current clients.

"We have identified a potential vulnerability in legacy versions of the Argus product that could be exploited in circumstances where a customer's remote desktop connections are open to unauthorised parties outside of their network," Telstra Health told customers.

"If you are no longer using Argus, you have not had regular software updates and we recommend that you uninstall the application and ensure that all the accounts associated with the Argus applications are removed from the computers where Argus has been installed," it said.

"The accounts should also be removed from your 'Active Directory' where user accounts are centrally managed," it continued, adding that practices would "shortly" receive a call from a Telstra Health representative to offer assistance to complete the uninstallation.

Loading

Commenting on the vulnerability, Steve Wilson, principal analyst of digital safety at Constellation Research, said: "What the hell are developers thinking when they put out software with default passwords when the programs open up privileged access to systems?"

Casey Ellis, founder and chief technology officer of BugCrowd, which runs so-called "bug bounty" programs that enables organisations to easily discover vulnerabilities in software by paying hackers to find them, said passwords were responsible for a lot of security challenges, "and default passwords doubly so ... it's both good that users are being notified and bad that it happened in the first place".

Troy Hunt, who runs the "Have I been pwned?" website, which informs internet users whether their password has been compromised online by scouring through leaked databases, said Telstra appeared to be taking the incident seriously.

"As soon as you are calling up every customer you would assume it is a very serious incident," Mr Hunt said. "This is the sort of information you least want to be exposed."

Mr Hunt added that Telstra's "saving grace" was that it had not yet identified any instance of abuse, whereby sensitive medical information was extracted.

"If we take them at face value, the impact is low but the severity is high because if hackers do gain access, the medical practices are potentially leaking various sensitive information," he said.

A Telstra spokesman said the company became aware that "a small number" of its Argus customers' computers had been affected by malicious software, or malware, in January.

"We worked with the impacted customers to minimise damage, install a patch and quickly restore their access to the Argus platform," the spokesman said, adding that Telstra informed its entire Argus customer base "multiple times" about the threat, the need to install the patch, and provided technical support.

"We also recommended customers take steps to put in place security measures to remove any open internet access in the configuration of their systems," the spokesman said.

"To date, a majority of our customers have installed this patch.

"No additional incidents have been reported since the issue was addressed in late January."

Ben Grubb

Ben is a freelance writer and former Fairfax technology editor

Morning & Afternoon Newsletter

Delivered Mon–Fri.

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above