Sign Up
..... Connect Australia with the world.
Categories

Posted: 2022-11-11 04:13:35

Australian Federal Police (AFP) say Russian criminals are responsible for the devastating cyber attack on Australian health insurer Medibank that is affecting almost 10 million customers.

AFP Commissioner Reece Kershaw said intelligence pointed to a group of cyber criminals operating "as a business" and Australia would seek to speak to Russian authorities about the crime.

"We believe those responsible for the breach are in Russia," Commissioner Kershaw said.

Commissioner Kershaw said the group behind the attack was loosely affiliated with past significant breaches in countries across the world.

"These cyber criminals are operating like a business with affiliate and associates who are supporting the business," he said.

"We also believe that some affiliates may be in other countries."

A head shot of a man in police uniform
AFP Commissioner Reece Kershaw made a short statement on the Medibank cyber hack situation. (ABC News: Matt Roberts )

Commissioner Kershaw said the AFP was scouring the internet and dark web, targeting anyone who was accessing the information and attempting to profit from it.

"This is a time for all Australians, the community, business and law enforcement to stand together and refuse to give these criminals the notoriety they seek," he said.

He also called on businesses to do their part to ensure their systems were protected.

"Cybercrime is the break and enter of the 21st century and personal information is being used as currency," he said.

Commissioner Kershaw reiterated government policy did not condone paying a ransom as it "feeds a cybercrime business model".

A phone showing the Medibank page sits on a laptop open to Medibank's website.
Medibank client data was published by an extortionist on November 9, including details of individuals' medical procedures.(AP: Rick Rycroft)

Earlier on Friday, before the nationality of the criminals was revealed publicly, Prime Minister Anthony Albanese suggested Moscow should be held accountable for the criminal act.

"The fact is that the nation where these attacks are coming from, should also be held accountable for the disgusting attacks, and the release of information including very private and personal information."

On Thursday, the hackers released sensitive details of customers' medical procedures on the dark web and demanded $US1 ($1.60) for each of the 9.7 million Medibank customers. 

Medibank hacker and the nation should be held accountable: Anthony Albanese
The Prime Minister says the Medibank hacker should be held accountable for "disgusting attacks."

Medibank has confirmed the personal information of more than 5 million customers has been released so far.

The AFP is now working with Interpol, which has direct contact with National Central Bureau Moscow, to take the investigation beyond borders.

"To the criminals: We know who you are and, moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system," Commissioner Kershaw said.

Key events

Live updates

Catch up on the update from the AFP

By Bridget Judd

This is where we'll leave Friday's live updates about the Medibank data breach

But you can continue reading the full story right on this page.

I'll leave you with some of your thoughts about today's developments:

When Medibank call you this morning to say you’re in the 2% of the entire data leak with details being viewed and accessed…It shook me to my core. - Marjorie

Good work! I am sure that our “white hats” are now working on strategies to disable the servers if these reprehensible cyber criminals. - Peter E

Aren’t we technically at war with Russia so why would Russian LE help the AFP? - Rick

Well what’s the AFP and the government doing about it? People need to see action not just words - Peter

By Bridget Judd

Medibank has been working closely with the AFP from the outset

Speaking earlier, Commissioner Reece Kershaw said the government does not condone ransoms, because any payments "small or large fuels a cybercrime business model".

The ABC's defence correspondent Andrew Greene says Medibank has made a clear declaration it will not pay.

Andrew: as well as with cyber security authorities – the Australian Signals Directorate and the Australian Cyber Security Centre.

Medibank has made a clear declaration it will not pay a ransom, unlike some other high-profile victims of cybercrimes.

By Bridget Judd

Before today, it was widely believed that Russian hackers were responsible

The ABC's defence correspondent Andrew Greene says none of this is really a shock.

Andrew: No, before today it was widely believed that Russian hackers were responsible for this hack, and although the AFP won’t publicly identify the group responsible, sources have told the ABC it is REvil – which is based in Russia, but has affiliates and associates in other countries

By Bridget Judd

Key Event

Russia benefits from INTERPOL intelligence-sharing, and 'with that comes responsibilities'

As we heard a short time ago, the AFP will hold talks with Russian law enforcement about those they believe to be responsible.

He says the AFP is responsible for the Australian INTERPOL National Central Bureau, which has direct contact with National Central Bureau Moscow.

A man in an AFP uniform and glasses stands behind a podium addressing the media.
(ABC News: Matt Roberts)

"INTERPOL National Central Bureaus cooperate on cross-border investigations, operations and arrests.

"To take investigations beyond national borders, they can seek cooperation from any other National Central Bureau.

"It is important to note that Russia benefits from the intelligence-sharing and data shared through INTERPOL, and with that comes responsibilities and accountability."

A man in an AFP uniform and glasses stands behind a podium addressing the media
(ABC News: Matt Roberts)

By Bridget Judd

Given the severity of the attack, a decision was made to call Russian criminals out as the culprits

It’s hard to say whether the ransom should have been paid…it’s a fine balance between public policy and the interests of hundreds of thousands of individuals. On balance, I believe the ransom could have been paid quickly and secretly, and a lesson learned. Probably too late now, and hopefully not too many individuals will suffer.

- Dennis

Thanks for writing in Dennis. Commissioner Reece Kershaw spoke about this one a little earlier, saying Australian government policy does not condone paying ransoms to cyber criminals.

The ABC's defence correspondent Andrew Greene says it's generally unusual for Australia to do attributions for cyberattacks at all.

Andrew: But given the severity of this attack and in the context of the current geo-political environment following Russia’s invasion of Ukraine a decision has been made by the government to call Russian criminals out as the culprits for this attack.

By Bridget Judd

Key Event

REvil is not considered part of the Russian state, but it operates with the protection of Vladimir Putin

Good luck with getting Russian authorities to assist!

- Thermal Mass

Thanks for writing in — it's a fair point.

We put this one to the ABC's defence correspondent Andrew Greene.

Andrew: Australia is unlikely to receive any cooperation from Russian authorities. Although REvil is not considered part of the Russian state, it operates with the protection of President Vladimir Putin.

Before Russia’s invasion of Ukraine western nations were already furious at Moscow for harbouring cybercriminals. Australia’s strong support of Ukraine makes it certain that Russia will not want to cooperate.

By Bridget Judd

Key Event

Authorities suspect the perpetrators are members of the REvil group

The ABC's defence correspondent Andrew Greene has dropped in to answer a few questions about that update from the AFP and some of the main takeaways.

So what do we know about those responsible?

Andrew: Authorities suspect the perpetrators of the Medibank hack are members of the REvil group – a Russian based cyber-criminal gang.

Russia is a member of Interpol – and AFP Commissioner Reece Kershaw says Australia will seek to discuss the crime with Russian authorities. 

By Bridget Judd

Key Event

AFP: 'This cyber attack is an unacceptable attack on Australia'

If you missed the update from Commissioner Reece Kershaw a short time ago, the AFP has now released a full statement:

This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing.

The AFP is undertaking covert measures and working around the clock with our domestic agencies and our international networks, including INTERPOL.

By Bridget Judd

AFP: Cyber crime is the 'break and enter of the 21st century'

Commissioner Kershaw says cyber crime is the "break and enter of the 21st century", adding that "personal information is being used as currency".

"Finally, I want to reiterate, the Australian government policy does not condone paying... ransoms to cyber criminals.

"Any ransom payment, small or large, fuels a cybercrime business model, putting other Australians at risk."

That brings the press conference to a close.

By Bridget Judd

Do not aid 'these criminals by posting or publishing' leaked data

Commissioner Kershaw is asking the media and those on social media to "do the right thing" and not aid "these criminals" by posting or publishing sensitive information.

"This is a time for all Australians, the community, business and law enforcement to stand together," he says.

By Bridget Judd

Key Event

Police 'scouring the internet and dark web' to find those accessing leaked personal info

Commissioner Kershaw says authorities will not give up "bring those responsible to justice".

He adds that investigators are also "scouring the internet and the dark web" to identify people who are accessing leaked personal information.

"So the criminals, we know who you are and moreover, the AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system."

By Bridget Judd

AFP to hold talks with Russian law enforcement

Commissioner Kershaw says he won't be naming the individuals responsible, but authorities believe they know who they are.

"What I will say is that we'll be holding talks with Russian law enforcement about these individuals."

By Bridget Judd

Key Event

AFP believe those responsible for Medibank breach are in Russia

Commissioner Reece Kershaw says police intelligence points to a "group of loosely affiliated cyber criminals who are likely responsible for past significant breaches in countries across the world".

"These cyber criminals are operating like a business with affiliate and associates who are supporting the business.

"We also believe that some affiliates may be in other countries."

By Bridget Judd

Key Event

AFP Commissioner Reece Kershaw is speaking now

He says it's a "very complex and serious ongoing investigation".

"But I do want to address Australians today to give us much information as I can...  without putting at risk the criminal investigation.

"I know Australians are angry, distressed and seeking answers about the highly sensitive and deeply personal information that is been released by criminals who breach Medibank Private database."

By Bridget Judd

What can we expect from the update?

The ABC's Dan Ziffer says the AFP is expected to name who is behind the Medibank hack.

"The Australian Federal Police will release their information on the country they think has sponsored or been behind the attack," he says.

By Bridget Judd

We're about to hear from the AFP about the Medibank data breach

 AFP Commissioner Reece Kershaw will make a statement about the current investigation into the Medibank data breach.

It comes after Prime Minister Anthony Albanese said authorities know "who is responsible".

"We know where they're coming from, we know who is responsible, and we say that they should be held to account," Mr Albanese said.

We'll have live updates from the press conference in a few short moments at 3:30pm (AEDT), but you can read more below in the interim.

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above