Australian police probe purported hacker’s ransom demand

Sep 26, 2022, 6:46 AM | Updated: Sep 27, 2022, 3:54 am
FILE - A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, ...

FILE - A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, 2021. The Australian government said on Monday, Sept. 26, 2022, it was considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported personal data of 9.8 million customers had been breached. (AP Photo/Mark Baker, File)

(AP Photo/Mark Baker, File)

CANBERRA, Australia (AP) — Australian police were investigating a purported hacker’s release of the stolen personal data of 10,000 customers of the nation’s second-largest wireless carrier and demand for a $1 million ransom in cryptocurrency, the company’s chief executive said Tuesday.

The Australian government has blamed lax cybersecurity at Optus for the unprecedented breach last week of the personal data of 9.8 million current and former customers.

Jeremy Kirk, a Sydney-based cybersecurity writer, said the purported hacker, who uses the online name Optusdata, had released 10,000 Optus customer records on the dark web and threatened to release another 10,000 every day for the next four days unless Optus pays the ransom.

Asked if the hacker had threatened to sell the remaining data if Optus did not pay the $1 million within a week, the company’s chief executive, Kelly Bayer Rosmarin, told Australian Broadcasting Corp., “We have seen there is a post like that on the dark web.”

Australian Federal Police said Monday their investigators were working with overseas agencies, including the FBI, to determine who was behind the attack and to help shield the public from identity fraud. Police declined further comment Tuesday as the investigations were ongoing.

“They’re looking into every possibility and they’re using the time available to see if they can track down that particular criminal and verify if they are bona fide,” Bayer Rosmarin said.

Kirk wrote in his website Bank Info Security that Optusdata later deleted the post along with three samples of the stolen data.

Optusdata sent Kirk a link to a new post that withdrew the ransom demand, claimed the stolen data had been deleted and apologized to Optus as well as its customers.

“Too many eyes. We will not sale (sic) data to anyone,” the post said, adding that Optus had not paid a ransom.

Kirk said he asked why Optusdata had changed their mind but received no response.

Australian Information and Privacy Commissioner Angelene Falk, the national data protection authority, said the latest post “indicates … this is a very fast-moving incident.”

“It’s a major incident of significant concern for the community. What we need to focus on here is ensuring that all steps are maintained to protect the community’s personal information from further risk of harm,” Falk said.

Web security consultant Troy Hunt suspected the apology had come from the hacker. But he did not accept that the data was now safe.

“The question now is what happens next? Will we just hear no more from this individual? Will the data appear in a larger volume tomorrow, next week, possibly years from now?” Hunt said.

At least one of the 10,000 Optus customers whose data was released on the dark web Tuesday had received a text message purportedly from the hacker demanding a 2,000 Australian dollar ($1,300) ransom, Nine Network News in Sydney reported.

“Your information will be sold and used for fraudulent activity within two days or until a payment of AU$2,000 is made,” the text said, including details of an Australian bank account in the name Optusdata.

The extortion target, identified only as Belinda and described as a mother of a 5-year-old child with cancer, told Nine, “To be honest, it’s just not what we need.”

“I guess they’re just trying to hopefully pressure people into paying,” she said. Nine did not report whether she intended to pay.

Earlier Tuesday, Kirk said the released personal data appeared to include health care numbers, a form of identification not previously revealed publicly to have been hacked.

Cybersecurity Minister Clare O’Neil urged Optus to give priority to informing customers of what information had been taken.

“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom,” O’Neil said. “Medicare numbers were never advised to form part of compromised information from the breach,” she added.

O’Neil on Monday described the hack as an “unprecedented theft of consumer information in Australian history.”

Of the 9.8 million people affected, 2.8 million had “significant amounts of personal data,” including driver’s licenses and passport numbers, breached and are at significant risk of identity theft and fraud, she said.

Kirk said he used an online forum for criminals who trade in stolen data to ask Optusdata how the Optus information was accessed.

Optus appeared to have left an application programming interface, a piece of software known as an API that allows other systems to communicate and exchange data, open to the public, Kirk said.

The Australian Financial Review newspaper said the theory that Optus “left open an API” had been widely reported.

Bayer Rosmarin rejected such explanations, but said police had told her not to release details.

“It is not the case of having some sort of completely exposed API sitting out there,” Bayer Rosmarin said.

O’Neil didn’t detail how the breach occurred, but described it as a “quite a basic hack.”

Optus had “effectively left the window open for data of this nature to be stolen,” O’Neil said.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Associated Press

Reports: At least 8 dead in landslide on Italian island

MILAN (AP) — A landslide triggered by a storm on the southern Italian island of Ischia has killed at least eight people, Italian Vice Premier Matteo Salvini said Saturday. The news agency ANSA reported that at least 10 buildings had collapsed and more people are missing, including at least three children. At least 100 people […]
1 day ago
Nancy Faeser, Federal Minister of the Interior and Home Affairs talks to members of the press in Em...
Associated Press

German government seeks to ease rules for naturalization

BERLIN (AP) — Germany’s socially liberal government is moving ahead with plans to ease the rules for obtaining citizenship in the European Union’s most populous country, a drive that is being assailed by the conservative opposition. Chancellor OIaf Scholz said in a video message Saturday that Germany has long since become “the country of hope” […]
1 day ago
Lilia Kristenko, 38, cries as city responders collect the dead body of her mother Natalia Kristenko...
Associated Press

Ukraine works to restore water, power after Russian strikes

KYIV, Ukraine (AP) — Ukrainian authorities endeavored Saturday to restore electricity and water services after recent pummeling by Russian military strikes that vastly damaged infrastructure, with President Volodymyr Zelenskyy saying millions have seen their power restored since blackouts swept the war-battered country days earlier. Skirmishes continued in the east and residents from the southern city […]
1 day ago
FILE - Palestinian soccer fans wave Qatari and Palestinian flags as they watch a live broadcast of ...
Associated Press

Flashes of Arab unity at World Cup after years of discontent

DOHA, Qatar (AP) — For a brief moment after Saudi Arabia’s Salem Aldawsari fired a ball from just inside the penalty box into the back of the net to seal a World Cup win against Argentina, Arabs across the divided Middle East found something to celebrate. Such Arab unity is hard to come by and […]
1 day ago
FILE - MGM Grand Macau casino resort is closed in Macao on July 11, 2022. Macao has tentatively ren...
Associated Press

Macao awards casino licenses to MGM, Sands, Wynn, 3 others

BEIJING (AP) — Macao has tentatively renewed the casino licenses of MGM Resorts, Las Vegas Sands, Wynn Resorts and three Chinese rivals after they promised to help diversify its economy by investing in non-gambling attractions, the government said Saturday. The announcement is positive news for owners who have invested billions of dollars to build the […]
1 day ago
FILE - Local authorities inaugurate the Christmas lighting in the streets of Vigo, Spain, Nov. 19, ...
Associated Press

Sober or bright? Europe faces holidays during energy crunch

VERONA, Italy (AP) — Early season merrymakers sipping mulled wine and shopping for holiday decorations packed the Verona Christmas market for its inaugural weekend. But beyond the wooden market stalls, the Italian city still has not decked out its granite-clad pedestrian streets with twinkling holiday lights as officials debate how bright to make the season […]
1 day ago

Sponsored Articles

SHIBA WA...

Medicare open enrollment is here and SHIBA can help!

The SHIBA program – part of the Office of the Insurance Commissioner – is ready to help with your Medicare open enrollment decisions.
Lake Washington Windows...

Choosing Best Windows for Your Home

Lake Washington Windows and Doors is a local window dealer offering the exclusive Leak Armor installation.
Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.
Australian police probe purported hacker’s ransom demand