tag:theconversation.com,2011:/es/topics/cybercrime-3809/articlesCybercrime – The Conversation2024-02-15T02:32:37Ztag:theconversation.com,2011:article/2235462024-02-15T02:32:37Z2024-02-15T02:32:37ZThe government wants to criminalise doxing. It may not work to stamp out bad behaviour online<figure><img src="https://images.theconversation.com/files/575741/original/file-20240214-26-jtev2h.jpg?ixlib=rb-1.1.0&rect=19%2C9%2C6510%2C4337&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>This week, Prime Minister Anthony Albanese <a href="https://www.theguardian.com/australia-news/2024/feb/12/albanese-government-to-propose-legislation-to-crack-down-on-doxing">announced</a> the government was seeking to strengthen laws to combat doxing. Its ongoing review into Australian privacy law will now be expanded to include doxing, as will other laws covering hate crime and hate speech. </p>
<p>Doxing (sometimes doxxing) is shorthand for “document drop” and is the act of publishing identifying material about someone publicly, without their consent. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1757200478457266258"}"></div></p>
<p>Doxing someone can lead to real-life harms, potentially including job loss, violence against the person, their family members and pets, and serious mental health issues.</p>
<p>What any legislation from that review will look like is hard to say at this point. But how has it worked internationally, and would it work here?</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/doxing-or-in-the-public-interest-free-speech-cancelling-and-the-ethics-of-the-jewish-creatives-whatsapp-group-leak-223323">Doxing or in the public interest? Free speech, 'cancelling' and the ethics of the Jewish creatives' WhatsApp group leak</a>
</strong>
</em>
</p>
<hr>
<h2>What are other countries doing?</h2>
<p>New laws around doxing came into effect in <a href="https://www.government.nl/latest/news/2023/07/12/use-of-personal-data-for-the-objective-of-harassment-to-become-criminal-offence">The Netherlands</a> at the start of the year. This makes it illegal for Dutch citizens to obtain and share other people’s personal information without their permission and then use it to harass or target them. </p>
<p>Dutch conspiracy theorist Huig Plug was <a href="https://nltimes.nl/2024/02/02/conspiracy-theorist-huig-plug-arrested-doxxing-prosecution-office-staffer">arrested</a> earlier this month under the new legislation for allegedly doxing a member of the public prosecutor’s staff.</p>
<p>In the United States, laws like this are state-based. <a href="https://www.simmrinlawgroup.com/california-penal-code-section-653-2/">California</a> has a special part of its law around so-called “indirect cyber harassment”, which is defined essentially as doxing. </p>
<p>In both of these examples, the doxer has to have intent to harm. They are posting the information because they want someone to, say, lose their job or be opened up to harassment. </p>
<p>The Dutch law goes slightly further in that it is also an offence to make someone’s job harder, as opposed to causing them to lose their job completely. The Dutch laws also carry harsher punishments for doxing people such police, lawyers and politicians. </p>
<p>From a legal perspective, showing intent to do someone harm can actually be a harder bar to pass than people might think. So, if Australian law follows this pattern, it could be difficult for plaintiffs to prove that being doxed has caused them genuine harm.</p>
<h2>Not a new problem</h2>
<p>Doxing isn’t a new phenomenon and there have been some high-profile doxing cases over the past few years. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-doxing-and-how-can-you-protect-yourself-223428">What is doxing, and how can you protect yourself?</a>
</strong>
</em>
</p>
<hr>
<p>One of the most famous global events was the <a href="https://www.theatlantic.com/technology/archive/2015/09/organizational-doxing-ashley-madison-hack/403900/">Ashley Madison</a> data breach in 2015, which resulted in <a href="https://www.theguardian.com/technology/2016/feb/28/what-happened-after-ashley-madison-was-hacked">job losses and suicides</a>. The current discussion, however, hinges around the <a href="https://www.theage.com.au/national/hundreds-of-jewish-creatives-have-names-details-taken-in-leak-published-online-20240208-p5f3if.html">sharing of information</a> from a private WhatsApp group of 600 people and in the context of the ongoing war in Gaza.</p>
<p>We’ve seen the hasty introduction of legislation in these types of circumstances in the past, most notably the Sharing of Abhorrent Violent Material Act, which legal scholars <a href="https://theconversation.com/livestreaming-terror-is-abhorrent-but-is-more-rushed-legislation-the-answer-114620">criticised</a> at the time for a lack of detail and it’s rushed introduction to parliament.</p>
<p>We saw similar concerns when the Morrison government introduced anti-trolling laws in 2021. I wrote at the time the law <a href="https://theconversation.com/the-governments-planned-anti-troll-laws-wont-help-most-victims-of-online-trolling-172743">wouldn’t help victims that much</a>, partly because it was practically impossible to police.</p>
<p>While the current discussion into changes in the law around doxing are happening, it’s worth revisiting some of these issues.</p>
<h2>How can we police the internet?</h2>
<p>The first thing to note is that it’s really hard to police what happens on the internet. There are several reasons for this.</p>
<p>The main one is that the internet is what we call inter-jurisdictional. There’s a mess of different laws around the world, and no real way to use them if you’re in a different country. This means if someone in The Netherlands doxes you in Australia, you can’t sue them under their laws, because you aren’t a citizen there. You also can’t do anything under Australia’s laws, because the perpetrator is not a citizen here. In short, to make this work, we would need global cooperation akin to Interpol.</p>
<p>The second reason is because Australian laws apply only to people currently in the country, there are many ways to get around them online. People can use anonymous accounts and virtual private networks (VPNs) to hide and make it hard to trace exactly who the culprit is and where they are.</p>
<p>The third comes down to the definition of what’s considered “public”. For example, a lot of doxing is done in smaller private groups with the express purpose of that community attacking specific people. That private information is still being shared without the consent or knowledge of the victims. In fact, as the journalist Ginger Gorman <a href="https://www.amazon.com.au/Troll-Hunting-Ginger-Gorman-ebook/dp/B07MC4C851">notes</a> this is the type of behaviour that “predatory trolls” often engage in.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/trolling-and-doxxing-graduate-students-sharing-their-research-online-speak-out-about-hate-210874">Trolling and doxxing: Graduate students sharing their research online speak out about hate</a>
</strong>
</em>
</p>
<hr>
<p>Finally, do we really need these laws when existing ones already cover many of the behaviours associated with doxing?</p>
<p>The biggest of these are found in the <a href="https://www.legislation.gov.au/C2004A04868/2022-11-10/text/2">federal criminal code</a>, a piece of legislation that deals with the use of telecommunications for crimes. It outlines the “use a carrier service” to threaten, harass or menace someone. This includes “hoax threats”. Penalties for these behaviours range from five to ten years in jail. There’s similar wording in the <a href="https://www.legislation.gov.au/C2021A00076/latest/text">Online Safety Act</a>.</p>
<p>While it’s great to see the government working to reform and strengthen existing legislation, I’m not convinced that these types of laws will have much impact given the complexity of policing online behaviours.</p><img src="https://counter.theconversation.com/content/223546/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Jennifer Beckett receives funding from the Australian Research Council, through the Discovery grants scheme for work on online hostility in Australia. </span></em></p>Anthony Albanese has flagged a crack-down on people’s personal details being shared online without consent. But like so much of the internet, it’s hard to police.Jennifer Beckett, Lecturer in Media and Communications, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2234282024-02-13T04:57:47Z2024-02-13T04:57:47ZWhat is doxing, and how can you protect yourself?<p>The Australian government has brought forward <a href="https://www.theguardian.com/australia-news/2024/feb/12/albanese-government-to-propose-legislation-to-crack-down-on-doxing">plans to criminalise doxing</a>, bringing nationwide attention to the harms of releasing people’s private information to the wider public.</p>
<p>The government response comes after the <a href="https://www.smh.com.au/national/hundreds-of-jewish-creatives-have-names-details-taken-in-leak-published-online-20240208-p5f3if.html">public release of almost 600 names</a> and private chat logs of a WhatsApp group of Australian Jewish creative artists discussing the Israel-Hamas war.</p>
<p>As a result, some of the people whose details were leaked claim they were harassed, <a href="https://www.theguardian.com/australia-news/2024/feb/09/josh-burns-jewish-whatsapp-group-channel-publication-israel-palestine-clementine-ford">received death threats</a> and even had to go into hiding. </p>
<p>While we wait for <a href="https://www.smh.com.au/national/australia-news-live-federal-laws-on-doxxing-to-be-brought-forward-anniversary-of-stolen-generations-apology-20240213-p5f4eh.html?post=p55nen#p55nen">new penalties</a> for doxers under the federal Privacy Act review, understanding doxing and its harms can help. And there are also steps we can all take to minimise the risk. </p>
<h2>What is doxing?</h2>
<p><a href="https://www.kaspersky.com/resource-center/definitions/what-is-doxing">Doxing</a> (or doxxing) is releasing private information — or “docs”, short for documents — online to the wider public without the user’s consent. This includes information that may put users at risk of harm, especially names, addresses, employment details, medical or financial records, and names of family members.</p>
<p>The Australian government <a href="https://ministers.ag.gov.au/media-centre/transcripts/media-conference-parliament-house-13-02-2024">currently defines doxing</a> as the “malicious release” of people’s private information without their consent.</p>
<p>Doxing began as a form of unmasking anonymous users, trolls and those using hate speech while <a href="https://www.theatlantic.com/technology/archive/2022/04/doxxing-meaning-libs-of-tiktok/629643/">hiding behind a pseudonym</a>. Recently, it has become a weapon for online abuse, harassment, hate speech and adversarial politics. It is often the outcome of online arguments or polarised public views. </p>
<p>It is also becoming more common. Although there is no data for Australia yet, according to media company <a href="https://www.safehome.org/family-safety/doxxing-online-harassment-research/">SafeHome.org</a>, about 4% of Americans report having been doxed, with about half saying their private emails or home addresses have been made public. </p>
<p>Doxing is a crime in some countries such as the Netherlands and South Korea. In other places, including Australia, privacy laws haven’t yet caught up.</p>
<h2>Why is doxing harmful?</h2>
<p>In the context of the <a href="https://theconversation.com/au/topics/israel-hamas-war-146714">Israel-Hamas war</a>, doxing has affected <a href="https://www.haaretz.com/world-news/asia-and-australia/2024-02-06/ty-article/death-threats-boycotts-target-jewish-creatives-in-australia/0000018d-7e43-d636-adef-7eefae580000">both Jewish</a> and <a href="https://edition.cnn.com/2023/10/15/business/palestinian-americans-activists-doxxing/index.html">pro-Palestinian communities and activists</a> in Australia and abroad.</p>
<p>Doxing is harmful because it treats a user as an object and takes away their agency to decide what, and how much, personal information they want shared with the wider public. </p>
<p>This puts people at very real risk of physical threats and violence, particularly when public disagreement becomes heated. From a broader perspective, doxing also damages the digital ecology, reducing people’s ability to freely participate in public or even private debate through social media.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/online-safety-what-young-people-really-think-about-social-media-big-tech-regulation-and-adults-overreacting-196003">Online safety: what young people really think about social media, big tech regulation and adults 'overreacting'</a>
</strong>
</em>
</p>
<hr>
<p>Although doxing is sometimes just inconvenient, it is often used to publicly shame or humiliate someone for their private views. This can take a toll on a person’s mental health and wellbeing. </p>
<p>It can also affect a person’s employment, especially for people whose employers require them to keep their attitudes, politics, affiliations and views to themselves. </p>
<p>Studies have shown doxing particularly impacts <a href="https://journals.sagepub.com/doi/full/10.1177/0306422015605714">women</a>, including those using dating apps or experiencing family violence. In some cases, children and family members have been threatened because a high-profile relative has been doxed. </p>
<p>Doxing is also harmful because it oversimplifies a person’s affiliations or attitudes. For example, releasing the names of people who have joined a private online community to navigate complex views can represent them as only like-minded stereotypes or as participants in a group conspiracy. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A person using a laptop and smartphone simultaneously" src="https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/575225/original/file-20240213-24-b68guc.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">There are steps you can take online to protect yourself from doxing without having to complete withdraw.</span>
<span class="attribution"><a class="source" href="https://www.pexels.com/photo/person-holding-smartphone-3248292/">Engin Akyurt/Pexels</a></span>
</figcaption>
</figure>
<h2>What can you do to protect yourself from doxing?</h2>
<p>Stronger laws and better platform intervention are necessary to reduce doxing. Some experts believe that the fear of <a href="https://dl.acm.org/doi/abs/10.1145/3476075">punishment</a> can help shape better online behaviours.</p>
<p>These punishments may include criminal <a href="https://www.esafety.gov.au/report/what-you-can-report-to-esafety">penalties</a> for perpetrators and <a href="https://www.theaustralian.com.au/breaking-news/doxxing-attack-on-jewish-australians-prompts-call-for-legislative-change/news-story/9a2f3615dbf5594fb521a8959739e1f8#:%7E:text=Alongside%20legislative%20reform%2C%20the%20ECAJ,information%2C%E2%80%9D%20Mr%20Aghion%20said.">deactivating social media accounts</a> for repeat offenders. But better education about the risks and harms is often the best treatment.</p>
<p>And you can also protect yourself without needing to entirely withdraw from social media:</p>
<ol>
<li><p>never share a home or workplace address, phone number or location, including among a private online group or forum with trusted people</p></li>
<li><p>restrict your geo-location settings</p></li>
<li><p>avoid giving details of workplaces, roles or employment on public sites not related to your work </p></li>
<li><p>avoid adding friends or connections on social media services of people you do not know</p></li>
<li><p>if you suspect you risk being doxed due to a heated online argument, temporarily shut down or lock any public profiles</p></li>
<li><p>avoid becoming a target by pursuing haters when it reaches a certain point. Professional and courteous engagement can help avoid the anger of those who might disagree and try to harm you.</p></li>
</ol>
<p>Additionally, hosts of private online groups must be very vigilant about who joins a group. They should avoid the trap of accepting members just to increase the group’s size, and appropriately check new members (for example, with a short survey or key questions that keep out people who may be there to gather information for malicious purposes).</p>
<p>Employers who require their staff to have online profiles or engage with the public should provide information and strategies for doing so safely. They should also provide immediate support for staff who have been doxed.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/as-use-of-digital-platforms-surges-well-need-stronger-global-efforts-to-protect-human-rights-online-135678">As use of digital platforms surges, we'll need stronger global efforts to protect human rights online</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/223428/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rob Cover receives funding from the Australian Research Council.</span></em></p>With doxing suddenly on the national agenda, here’s what you need to know.Rob Cover, Professor of Digital Communication and Co-Director of the RMIT Digital Ethnography Research Centre, RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2226432024-02-08T16:27:56Z2024-02-08T16:27:56ZCybercriminals are creating their own AI chatbots to support hacking and scam users<figure><img src="https://images.theconversation.com/files/574086/original/file-20240207-26-evrzf4.jpg?ixlib=rb-1.1.0&rect=8%2C0%2C5631%2C3754&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/system-hacked-warning-alert-on-notebook-2247888569">Pungu X / Shutterstock</a></span></figcaption></figure><p>Artificial intelligence (AI) tools aimed at the general public, such as ChatGPT, Bard, CoPilot and Dall-E have incredible potential to be used for good. </p>
<p>The benefits range from an enhanced ability by <a href="https://www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development">doctors to diagnose disease</a>, to expanding access to professional and academic expertise. But those with criminal intentions could also exploit and subvert these technologies, posing a threat to ordinary citizens.</p>
<p>Criminals are even creating their own AI chatbots, to support hacking and scams.</p>
<p>AI’s potential for wide-ranging risks and threats is underlined by the publication of the <a href="https://www.gov.uk/government/publications/generative-ai-framework-for-hmg">UK government’s Generative AI Framework</a> and the <a href="https://www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development">National Cyber Security Centre’s</a> guidance on the potential impacts of AI on online threats.</p>
<p>There are an increasing variety of ways that generative AI systems like ChatGPT and Dall-E can be <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/">used by criminals</a>. Because of ChatGPT’s ability to create tailored content based on a few simple prompts, one potential way it could be exploited by criminals is in crafting convincing scams and phishing messages. </p>
<p>A scammer could, for instance, put some basic information –- your name, gender and job title -– into a <a href="https://www.theguardian.com/technology/ng-interactive/2023/nov/01/how-ai-chatbots-like-chatgpt-or-bard-work-visual-explainer">large language model (LLM)</a>, the technology behind AI chatbots like ChatGPT, and use it <a href="https://www.bbc.co.uk/news/technology-67614065">to craft a phishing message tailored just for you</a>. This <a href="https://securityintelligence.com/x-force/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/">has been reported to be possible</a>, even though mechanisms have been implemented to prevent it.</p>
<p>LLMs also make it feasible to conduct <a href="https://ieeexplore.ieee.org/abstract/document/10288940">large-scale phishing scams</a>, targeting thousands of people in their own native language. It’s not conjecture either. Analysis of underground hacking communities has uncovered a variety of instances of criminals using ChatGPT, <a href="https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/">including for fraud</a> and creating software to steal information. In <a href="https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/">another case</a>, it was used to <a href="https://link.springer.com/chapter/10.1007/978-3-031-38530-8_21">create ransomware</a>.</p>
<h2>Malicious chatbots</h2>
<p>Entire malicious variants of large language models are also emerging. <a href="https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wormgpt-and-fraudgpt-the-rise-of-malicious-llms/">WormGPT and FraudGPT</a> are two such examples that can create malware, find security vulnerabilities in systems, advise on ways to scam people, support hacking and compromise people’s electronic devices. </p>
<p><a href="https://blog.avast.com/your-next-online-dating-match-might-actually-be-chatgpt">Love-GPT</a> is one of the newer variants and is used <a href="https://theconversation.com/online-romance-scams-research-reveals-scammers-tactics-and-how-to-defend-against-them-210124">in romance scams</a>. It has been used to create fake dating profiles capable of chatting to unsuspecting victims on Tinder, Bumble, and other apps.</p>
<figure class="align-center ">
<img alt="Person looking at computer screens." src="https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=397&fit=crop&dpr=1 600w, https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=397&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=397&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=499&fit=crop&dpr=1 754w, https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=499&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/574095/original/file-20240207-28-aaoh6g.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=499&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The use of AI to create phishing emails and ransomware is a transnational issue.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/cybersecurity-woman-computer-global-network-phishing-2342311683">PeopleImages.com - Yuri A</a></span>
</figcaption>
</figure>
<p>As a result of these threats, Europol has <a href="https://www.europol.europa.eu/media-press/newsroom/news/criminal-use-of-chatgpt-cautionary-tale-about-large-language-models">issued a press release</a> about criminals’ use of LLMs. The US CISA security agency <a href="https://www.cisa.gov/resources-tools/resources/risk-focus-generative-ai-and-2024-election-cycle">has also warned</a> about generative AI’s potential effect on the upcoming US presidential elections.</p>
<p><a href="https://www.bleepingcomputer.com/news/security/openai-rolls-out-imperfect-fix-for-chatgpt-data-leak-flaw/">Privacy and trust are always at risk</a> as we use ChatGPT, CoPilot and other platforms. As more people look to take advantage of AI tools, there is a high likelihood that personal and confidential corporate information will be shared. This is a risk because LLMs usually use any data input as part of their future training dataset, and second, if they are compromised, they may share that confidential data with others.</p>
<h2>Leaky ship</h2>
<p>Research has already demonstrated the feasibility of ChatGPT <a href="https://www.bleepingcomputer.com/news/security/openai-rolls-out-imperfect-fix-for-chatgpt-data-leak-flaw/">leaking a user’s conversations</a> and <a href="https://mashable.com/article/chatgpt-revealed-personal-data-verbatim-text-attack-researchers">exposing the data used</a> to train the model behind it – sometimes, with simple techniques. </p>
<p>In a surprisingly effective attack, researchers were able to use the prompt, <a href="https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html">“Repeat the word ‘poem’ forever”</a> to cause ChatGPT to inadvertently expose large amounts of training data, some of which was sensitive. These vulnerabilities place person’s privacy or a business’s most-prized data at risk. </p>
<p>More widely, this could contribute to a lack of trust in AI. Various companies, including <a href="https://www.forbes.com/sites/siladityaray/2023/05/19/apple-joins-a-growing-list-of-companies-cracking-down-on-use-of-chatgpt-by-staffers-heres-why/?sh=fa89fd828ffa">Apple, Amazon and JP Morgan Chase</a>, have already banned the use of ChatGPT as a precautionary measure.</p>
<p>ChatGPT and similar LLMs represent the latest advancements in AI and are freely available for anyone to use. It’s important that its users are aware of the risks and how they can use these technologies safely at home or at work. Here are some tips for staying safe.</p>
<p>Be more cautious with messages, videos, pictures and phone calls that appear to be legitimate as these may be generated by AI tools. Check with a second or known
source to be sure.</p>
<p>Avoid sharing sensitive or private information with ChatGPT and LLMs more
generally. Also, remember that AI tools are not perfect and may provide inaccurate responses. Keep this in mind particularly when considering their use in <a href="https://theconversation.com/how-good-is-chatgpt-at-diagnosing-disease-a-doctor-puts-it-through-its-paces-203281">medical diagnoses</a>, <a href="https://www.theguardian.com/technology/2023/jun/23/two-us-lawyers-fined-submitting-fake-court-citations-chatgpt">work</a> and other areas of life.</p>
<p>You should also check with your employer before using AI technologies in your job. There may be specific rules around their use, or they may not be allowed at all. As technology advances apace, we can at least use some sensible precautions to protect against the threats we know about and those yet to come.</p><img src="https://counter.theconversation.com/content/222643/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Jason R.C. Nurse receives funding from The Engineering and Physical Sciences Research Council (EPSRC), The Research Institute for Sociotechnical Cyber Security, and The National Cyber Security Centre (NCSC). He is affiliated with Wolfson College, University of Oxford as a Research Member, CybSafe as the Director of Science and Research, and The Royal United Services Institute (RUSI) as an Associate Fellow.</span></em></p><p class="fine-print"><em><span>Oli Buckley does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Like many technologies, AI can be subverted by cybercriminals.Oli Buckley, Professor of Cyber Security, University of East AngliaJason R.C. Nurse, Associate Professor in Cyber Security, University of KentLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2214012024-01-18T03:32:12Z2024-01-18T03:32:12ZWhat is credential stuffing and how can I protect myself? A cybersecurity researcher explains<figure><img src="https://images.theconversation.com/files/569990/original/file-20240118-23-wz0bip.jpg?ixlib=rb-1.1.0&rect=0%2C16%2C3748%2C1888&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/password-box-internet-browser-on-computer-127894811">kpatyhka/Shutterstock</a></span></figcaption></figure><p>Cyber-skulduggery is becoming the bane of modern life. Australia’s prime minister has called it a “<a href="https://www.news.com.au/finance/work/leaders/prime-minister-calls-major-hack-a-scourge-after-guzman-y-gomez-binge-targeted-in-coordinated-cyber-hack/news-story/d4853d70755478a1f72acb1197a7e287">scourge</a>”, and he is correct. In 2022–23, nearly 94,000 cyber crimes were <a href="https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023">reported</a> in Australia, up 23% on the previous year.</p>
<p>In the latest high-profile <a href="https://www.cyberdaily.au/security/10038-customers-of-guzman-y-gomez-dan-murphys-and-more-affected-in-credential-stuffing-campaign">attack</a>, around 15,000 customers of alcohol retailer Dan Murphy, Mexican restaurant chain Guzman y Gomez, Event Cinemas, and home shopping network TVSN had their login credentials and credit card details used fraudulently to buy goods and services in what is known as a “<a href="https://owasp.org/www-community/attacks/Credential_stuffing#">credential stuffing</a>” attack.</p>
<p>So what is credential stuffing – and how can you reduce the risk of it happening to you?</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A Dan Murphy's liquor store sign reflects golden sunlight." src="https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/569988/original/file-20240118-15-jqdixp.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Many customers of alcohol retailer Dan Murphy are among those hit by the latest round of credential stuffing cyber attacks.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/sydney-australia-on-february-7-2018-1019906509">ArliftAtoz2205/Shutterstock</a></span>
</figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/an-expert-reviews-the-governments-7-year-plan-to-boost-australias-cyber-security-here-are-the-key-takeaways-218117">An expert reviews the government’s 7-year plan to boost Australia’s cyber security. Here are the key takeaways</a>
</strong>
</em>
</p>
<hr>
<h2>Re-using the same login details</h2>
<p>Credential stuffing is a type of cyber attack where hackers use stolen usernames and passwords to gain unauthorised access to other online accounts.</p>
<p>In other words, they steal a set of login details for one site, and try it on another site to see if it works there too.</p>
<p>This is possible because many people use the same username and password combination across multiple websites.</p>
<p>It is common for people to use the <a href="https://us.norton.com/blog/privacy/password-statistics#:%7E:text=More%20than%2080%25%20of%20confirmed,to%20their%20accounts%20or%20devices.">same password</a> for multiple accounts (even though this is very risky).</p>
<p>Some even use the same password for all their accounts. This means if one account is compromised, hackers can potentially access many (or all) their other accounts with the same credentials.</p>
<h2>‘Brute force’ attacks</h2>
<p>Hackers purchase job lots of login credentials (obtained from earlier <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-january-to-june-2023#:%7E:text=Large%2Dscale%20data%20breaches,period%20%E2%80%93%20a%2045%25%20decrease.">data breaches</a>) on the “<a href="https://en.wikipedia.org/wiki/Dark_web">dark web</a>”. </p>
<p>They then use automated tools called “bots” to perform credential stuffing attacks. These tools can also be purchased on the dark web. </p>
<p>Bots are programs that perform tasks on the internet much faster and more efficiently than humans can. </p>
<p>In what is colourfully termed a “brute force” attack, hackers use bots to test millions of username and password combinations on different websites until they find a match. It’s easier and quicker than many people realise.</p>
<p>It is happening more often because the barrier to entry for would-be cybercriminals has never been lower. The dark web is readily accessible and the resources needed to launch attacks are available to anyone with cryptocurrency to spend and the will to cross over to the dark side. </p>
<h2>How can you protect yourself from credential stuffing?</h2>
<p>The best way is to <em>never</em> reuse passwords across multiple sites or apps. Always use a unique and strong password for each online account.</p>
<p>Choose a password or pass phrase that is at least 12 characters long, is complex, and hard to guess. It should include a mix of uppercase and lowercase letters, numbers, and symbols. Don’t use pet names, birthdays or anything else that can be found on social media. </p>
<p>You can use a <a href="https://www.forbes.com/advisor/business/are-password-managers-safe/">password manager</a> to generate unique passwords for all your accounts and store them securely. These use strong encryption and are generally regarded as pretty safe.</p>
<p>Another way to protect yourself from credential stuffing is to enable two-factor authentication (2FA) for your online accounts. </p>
<p>Two-factor authentication is a security feature that requires you to enter a code or use a device in addition to your password when you log in.</p>
<p>This adds an extra layer of protection in case your password is stolen. You can use an <a href="https://au.pcmag.com/security/86845/the-best-authenticator-apps">app</a>, a text message, or a <a href="https://www.nytimes.com/wirecutter/reviews/best-security-keys/">hardware device</a> (such as a little “key” you plug into a computer) to receive your two-factor authentication code.</p>
<p>Monitor your online accounts regularly to look for any suspicious activity. You can also check if your email or password has been exposed in a data breach by using the website <a href="https://haveibeenpwned.com/">Have I Been Pwned</a>. </p>
<p>You may be surprised by what you see. If you do discover your login details on there, use this as a timely warning to change your passwords as soon as possible.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/569989/original/file-20240118-17-qxptsb.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Have your passwords and login details been exposed in a data breach?</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/portland-usa-apr-19-2023-closeup-2291663313">Tada Images/Shutterstock</a></span>
</figcaption>
</figure>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-lockbit-the-cybercrime-gang-hacking-some-of-the-worlds-largest-organisations-217679">What is LockBit, the cybercrime gang hacking some of the world's largest organisations?</a>
</strong>
</em>
</p>
<hr>
<h2>Eternal vigilance</h2>
<p>In today’s world of rising cyber crime, your best defence against credential stuffing and other forms of hacking is vigilance. Be proactive, not complacent about online security.</p>
<p>Use unique passwords and a password manager, enable two-factor authentication, monitor your accounts, and check breach notification sites (like Have I Been Pwned). </p>
<p>Remember, the recent attacks on Dan Murphy, Guzman y Gomez and others show how readily our online lives can be disrupted. Don’t let your credentials become another statistic. As you are reading this, the criminals are thinking up new ways to exploit our vulnerabilities. </p>
<p>By adopting good digital hygiene and effective security measures, we can take back control of our online identities.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/an-ai-driven-influence-operation-is-spreading-pro-china-propaganda-across-youtube-219962">An AI-driven influence operation is spreading pro-China propaganda across YouTube</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/221401/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Tuffley is affiliated with the Australian Computer Society (MACS).</span></em></p>In what is colourfully termed a ‘brute force’ attack, hackers use bots to test millions of username and password combinations on different websites – until they find a match.David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2161982023-12-14T13:40:03Z2023-12-14T13:40:03ZPhishing scams: 7 safety tips from a cybersecurity expert<figure><img src="https://images.theconversation.com/files/558278/original/file-20231108-27-qgt394.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Phishers are crafty and their scams are always evolving.</span> <span class="attribution"><span class="source">weerapatkiatdumrong</span></span></figcaption></figure><p>Recently, one of my acquaintances, Frank, received an email late on a Monday afternoon with the subject line, “Are you still in the office?” It appeared to come from his manager, who claimed to be stuck in a long meeting without the means to urgently purchase online gift vouchers for clients. He asked for help and shared a link to an online platform, from which Frank bought R6,000 (about US$325) worth of gift vouchers. Once he’d sent the codes he received a second email from the “boss” requesting one more voucher.</p>
<p>At that point, Frank reached out to his boss through WhatsApp and discovered he’d been duped. Frank had fallen prey to a phishing scam. </p>
<p>This is just one example of many from my own circles. Other friends and relatives – some of them seasoned internet users who know about the importance of cybersecurity – have also fallen prey to phishing scams. </p>
<p>I am a cybersecurity professional who conducts <a href="https://www.wits.ac.za/staff/academic-a-z-listing/m/mau-maz/thembekilemayayisewitsacza/">research</a> on and teaches various cybersecurity topics. In recent years I have noticed (and confirmed through <a href="https://iacis.org/iis/2023/4_iis_2023_294-310.pdf">research</a>) that some organisations and individuals seem fatigued by cybersecurity awareness efforts. Is it possible that they assume most people are technologically astute and constantly well-informed? Or could it simply be that fatigue has set in because of the demanding nature of cybersecurity awareness campaigns? Though I have no definitive answer, I suspect the latter.</p>
<p>The reality is that phishing scams are here to stay and the methods employed in their execution continue to evolve. Given my expertise and experience, I would like to offer seven tips to help you stay safe from phishing scams. This is especially important during the festive season as people shop for gifts and book holidays online. These activities create more opportunities for cybercriminals to net new victims. However, these tips are appropriate throughout the year. Cybercriminals don’t take breaks – so you shouldn’t ever drop your guard.</p>
<h2>What is phishing?</h2>
<p>“Phishing” is a strategy designed to deceive people into revealing sensitive information such as credit card details, login credentials and, in some instances, identification numbers. </p>
<p>The most common form of phishing is via email: phishers send fraudulent emails that appear to be from legitimate sources. The messages often contain links to fake websites designed to steal login credentials or other sensitive information. The same email will be sent to many addresses. Phishers can obtain emails from places such as corporate websites, existing data breaches, social media platforms, business cards or other publicly available company documents.</p>
<p>Cybercriminals know that casting their net wide means they’ll surely catch some.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/meet-the-yahoo-boys-nigerias-undergraduate-conmen-60757">Meet the ‘Yahoo boys’ – Nigeria's undergraduate conmen</a>
</strong>
</em>
</p>
<hr>
<p>Voice phishing (vishing) is another form of this scam. Here, perpetrators use voice communication, like a phone call in which the caller falsely claims to be a bank official and seeks to assist you in resetting your password or updating your account details. Other common vishing scams centre on offering discounts or rewards if you join a vacation club, provided you disclose your personal credit card information.</p>
<p>Social media phishing, meanwhile, happens when scammers create fake accounts purporting to be real people (for instance, posing as Frank’s boss). They then start interacting with the real person’s connections to deceive them into giving up sensitive information or performing financial favours.</p>
<p>Cybercriminals also employ SMS phishing (smishing), using text messages to target individuals to reveal sensitive information such as login credentials or credit card details by clicking on malicious links or downloading harmful attachments. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/online-fraudsters-colonial-legacies-and-the-north-south-divide-in-nigeria-187879">Online fraudsters, colonial legacies and the north-south divide in Nigeria</a>
</strong>
</em>
</p>
<hr>
<p>Who is behind these scams? Typically, these are seasoned and cunning scammers who have honed their skills in the world of phishing over an extended period. Some work alone; others belong to syndicates.</p>
<h2>Phishing skills</h2>
<p>Successful phishers have a variety of skills. They combine psychological tactics and technical prowess. </p>
<p>They are master manipulators, playing on victims’ emotions. Individuals are deceived into believing they’ve secured a substantial sum, often millions, through a jackpot win. This scheme falsely claims that their cellphone number or email was used for entry. Consequently, the victim doesn’t seek clarification. Excited about getting the windfall payment quickly, they give their personal information to cybercriminals.</p>
<p>These scammers even tailor their approach to match individuals’ personal beliefs. For example, if you have an affinity for ancestral worship, be prepared for a message from someone claiming to be a medium, asserting that your great-great-grandfather is requesting a money ritual involving a deposit to a particular account and promising multiplication of your funds – even though your ancestors have communicated no such information. </p>
<p>Likewise, if you are a devout Christian, someone claiming to be “Prophet Profit” might attempt to contact you through a messaging platform, suggesting that a monetary offering to their ministry will miraculously resolve all your financial challenges. It’s simply too good to be true.</p>
<h2>Seven tips</h2>
<p>So, how can you avoid e-mail phishing scams? Here are my tips.</p>
<p><strong>1.</strong> Before acting on an email that seems to be from a trusted colleague or friend – especially if it involves an unusual request – check whether the communication is authentic. Contact them directly through a telephone call.</p>
<p><strong>2.</strong> If you encounter suspicious emails at work and are unsure of what to do, promptly report them to your IT department.</p>
<p><strong>3.</strong> Exercise caution when disclosing your contact information, such as email addresses and phone numbers, on public platforms. Malicious individuals may exploit this information for harmful purposes.</p>
<p><strong>4.</strong> Be vigilant when responding to unsolicited emails or messages that request personal information or immediate action.</p>
<p><strong>5.</strong> Validate the sender’s email address. When in doubt, use official contact details from an organisation’s official website to get in touch instead of replying to the message.</p>
<p><strong>6.</strong> Don’t click on dubious links. Always double-check the URL before entering sensitive data.</p>
<p><strong>7.</strong> Keep your devices, anti-spam and anti-malware software up to date. Use strong and unique passwords or multi-factor authentication.</p><img src="https://counter.theconversation.com/content/216198/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Thembekile Olivia Mayayise received research funding from the Diversifying Academy Grant at Wits University.
</span></em></p>Cybercriminals don’t take breaks, so you shouldn’t ever drop your guard.Thembekile Olivia Mayayise, Senior Lecturer, University of the WitwatersrandLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2182942023-12-08T16:14:45Z2023-12-08T16:14:45ZHow to protect yourself from cyber-scammers over the festive period<figure><img src="https://images.theconversation.com/files/562490/original/file-20231129-26-z85wnz.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6134%2C3228&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">As online shopping increases over the festive period, so does the risk of cyber-scams. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/merry-xmas-eve-online-shopping-store-2089436578">Chay Tee/Shutterstock</a></span></figcaption></figure><p>The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time. </p>
<p>Here are some essential tips to safeguard yourself and your data during the festive period:</p>
<h2>Phishing</h2>
<p>Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data. </p>
<p>This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology. </p>
<p>Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present. </p>
<p>Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre. </p>
<h2>Shopping safely online</h2>
<p>The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online. </p>
<p>Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection. </p>
<p>When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others.</p>
<p>As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is. </p>
<p>And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions. </p>
<figure class="align-center ">
<img alt="A person sits at a laptop with a coffee surrounded by festive packages." src="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Stay vigilant, exercise caution and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/christmas-online-shopping-top-view-female-520279837">Prostock-studio/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Social media</h2>
<p>While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences. </p>
<p>This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share. </p>
<p>Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity. </p>
<p>Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media.</p>
<p>There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Advice for staying safe online.</span></figcaption>
</figure>
<h2>Package delivery scams</h2>
<p>As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>. </p>
<p>Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments.</p>
<p>To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details. </p>
<p>Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls. </p>
<p>Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</p><img src="https://counter.theconversation.com/content/218294/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rachael Medhurst does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber-scams tend to ramp up at this time of year, with criminals and scammers eager to exploit people’s generosity and excitement.Rachael Medhurst, Course Leader and Senior Lecturer in Cyber Security NCSA, University of South WalesLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2180252023-11-22T00:46:23Z2023-11-22T00:46:23ZForgiveness or punishment? The government’s proposed ‘safe harbour’ laws send mixed messages on cyber security<figure><img src="https://images.theconversation.com/files/560567/original/file-20231121-21-5vqtmk.jpg?ixlib=rb-1.1.0&rect=0%2C13%2C4600%2C2485&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/danger-hack-attack-1188038749">Shutterstock</a></span></figcaption></figure><p>Should companies experiencing cyber attacks be forgiven if they cooperate with the government to stop such attacks? That’s the idea the federal government is considering with its possible “safe harbour” laws.</p>
<p>Last week, the defence minister, Richard Marles, <a href="https://www.minister.defence.gov.au/transcripts/2023-11-15/radio-interview-abc-am">floated the idea</a> of introducing a legally binding exemption from punitive government litigation if a company self-reports to the Australian Signals Directorate (the national signals intelligence agency) and invites its help. </p>
<p>The aim would be to drive more effective collaboration between the private sector and the directorate in dealing with cyber attacks, resolving them faster or preventing them altogether. </p>
<p>But the plan risks undermining the government’s attempts to crack down on corporations that don’t do enough to keep their clients’ data safe. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/major-cyberattack-on-australian-ports-suggests-sabotage-by-a-foreign-state-actor-217530">Major cyberattack on Australian ports suggests sabotage by a 'foreign state actor'</a>
</strong>
</em>
</p>
<hr>
<h2>Reluctance to work together</h2>
<p>The government says <a href="https://www.minister.defence.gov.au/transcripts/2023-11-15/radio-interview-abc-am">it’s struggling</a> to overcome resistance by many Australian companies facing a cyber attack to work with the directorate to help defeat intrusions.</p>
<p>Companies are afraid to suffer the inevitable reputation loss if news of the breach leaks out. </p>
<p>They also fear exposing themselves to government fines or customer litigation of <a href="https://www.allens.com.au/insights-news/insights/2023/06/Takeaways-from-the-recent-Optus-and-Medibank-data-breach-class-actions/">the sort being pursued</a> by victims of data breaches at Medibank and Optus. </p>
<p>On the government side, the Australian Signals Directorate <a href="https://www.afr.com/policy/foreign-affairs/cyber-spy-agency-wants-lawyers-out-of-the-room-when-crisis-strikes-20231114-p5ejw4">has complained</a> their efforts to help companies under attack are being hampered by lawyers concerned mostly with minimising the risk of the company being sued in the future.</p>
<p>This is in direct contrast to the practice of leading <a href="https://www.keystonelaw.com/keynotes/crisis-management-for-lawyers">US tech companies</a> who prefer lawyers to be the first people involved in the response. </p>
<h2>A so-called ‘safe harbour’</h2>
<p>The government’s safe harbour offer would involve legislation. </p>
<p>The safe harbour principle is an exemption that can be granted for actions that might otherwise break the law if there’s a larger public good at play.</p>
<p>This is used in other areas of regulation, such as <a href="https://www.hallchadwick.com.au/safe-harbour-insolvency-regime/">bankruptcy law</a> and <a href="https://www.tpb.gov.au/safe-harbour">tax law.</a> It provides legal protections for administrators or accountants who have to take on risky business decisions in order to do their jobs.</p>
<p>Richard Marles claimed a safe harbour regime for self-reporting companies affected by a cyber attack would do two main things. </p>
<p>Firstly, he said, it would deliver the world-class capabilities of the Australian Signals Directorate to the affected company.</p>
<p>Secondly, Marles said it would help drive trust between the government and reticent private sector businesses.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">The $500 million ATO fraud highlights flaws in the myGov ID system. Here's how to keep your data safe</a>
</strong>
</em>
</p>
<hr>
<p>The government has proposed that complying with the cyber safe harbour requirements would shield companies from further legal action by the government. </p>
<p>In its cyber security strategy, <a href="https://www.abc.net.au/news/2023-11-21/federal-government-cyber-safety-framework/103132226">released today</a>, the government committed to consultations with industry on a legislated measure to help build the sort of trust outlined in Marles’ discussion of safe harbour.</p>
<p>But we don’t have any other detail about how this version of safe harbour law would work.</p>
<p>And for most corporations, the government may be the least of their worries in cases of large-scale data breaches or breaches of sensitive intellectual property information. </p>
<p>They will be concerned about the reputational damage first and foremost. </p>
<p>For listed companies, this can lead to a sustained drop in share price and open a pathway to costly law suits from seriously affected clients or business partners.</p>
<p>Safe harbour laws don’t do much to help with that.</p>
<h2>Would laws like this work?</h2>
<p>In cyber security, the concept of safe harbour is complicated and fraught with <a href="https://www.reliasmedia.com/articles/149137-hipaa-safe-harbor-offers-limited-but-important-protection">definitional and regulatory challenges</a>. </p>
<p>Such laws for cyber security are used <a href="https://www.tenfold-security.com/en/cybersecurity-safe-harbor-laws/">in several US states</a> mainly for promoting stronger compliance with industry standards. This is done by promising companies a degree of protection from various types of litigation if they are certified by the government to be reasonably compliant with the standards. </p>
<p><a href="https://about.unimelb.edu.au/__data/assets/pdf_file/0028/296074/Submission-to-Strengthening-Cybersecurity-Regulations-consultation_University-of-Melbourne.pdf">An Australian study</a> throws some doubt on the value of that process. </p>
<p>The research shows such standards are seen as a low bar, or even inappropriate in some situations. </p>
<p>Technology always moves more quickly than standards. For example, in May 2023 <a href="https://www.business-standard.com/world-news/security-specification-in-open-ran-incomplete-quad-working-group-123052100744_1.html">an intergovernmental working group found</a> the security standards for 5G were “incomplete” and did not cover all security requirements. Australia has been using 5G technology since 2019.<br>
The safe harbour laws may also be too weak to achieve what they set out to do.</p>
<p><a href="https://www.reliasmedia.com/articles/149137-hipaa-safe-harbor-offers-limited-but-important-protection">A US study</a> warns a safe harbour law for the US health sector “only offers some protection in certain circumstances”.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/a-cancer-centre-is-the-latest-victim-of-cyber-attacks-why-health-data-hacks-keep-happening-205131">A cancer centre is the latest victim of cyber attacks. Why health data hacks keep happening</a>
</strong>
</em>
</p>
<hr>
<h2>Forgiveness or punishment?</h2>
<p>The new Australian proposal, coming from the defence department in 2023, and <a href="https://www.innovationaus.com/asd-backs-safe-harbour-for-industry-govt-data-sharing-under-duress/">raised in Senate Estimates in 2022</a> by an opposition senator, appears to support the defence portfolio’s interest in better national security. </p>
<p>But there is a reasonable risk it will undermine the mission of the home affairs minister, Clare O’Neil. </p>
<p>She has staked much on the need to punish corporations who may have acted irresponsibly in allowing serious data breaches. </p>
<p>Corporations will remember <a href="https://www.theguardian.com/business/2022/sep/27/government-flags-new-cybersecurity-laws-and-increase-in-fines-after-optus-breach">her statement</a> in September 2022 that fines of hundreds of millions of dollars for large privacy breaches might be more appropriate than the existing cap of $2.2 million. </p>
<p>By December, new legislation imposing penalties up to $50 million <a href="https://www.ashurst.com/en/insights/australias-massive-new-privacy-penalties-become-law-but-will-be-clarified/">had come into force.</a> </p>
<p>The moves were designed in part to dampen community outrage over the data breaches.</p>
<p>But the safe harbour idea might increase the consumer concerns O'Neil has been working to allay.</p>
<p>Not all cyber attacks involve a risk of exposing large amounts of personal data, so there would be instances where the safe harbour option would not affect a person’s rights to seek redress. </p>
<p>But by its very nature, the proposal will impact the rights of businesses and consumers to know if they have suffered damage or loss from a cyber attack. </p>
<p>The government has a <a href="https://theconversation.com/should-cyber-officials-be-required-to-tell-victims-of-cyber-crimes-theyve-been-hacked-109510">moral obligation</a> to inform victims of cyber crime. </p>
<p>At a time of escalating cyber uncertainties, <a href="https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023#:%7E:text=Responded%20to%20over%201%2C100%20cyber%20security%20incidents%2C%20similar%20to%20last,a%207%20per%20cent%20increase.">increasing ransomware attacks</a>, and stepped up Russian and Chinese cyber attacks, the safe harbour proposal will need careful consideration. </p>
<p>The government will want to avoid antagonising public sentiment by limiting the rights of consumers. </p>
<p>So a solution that promises protection only against government litigation, but not civil litigation, may not be worth the political balancing act.</p><img src="https://counter.theconversation.com/content/218025/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Greg Austin is an Adjunct Professor in the Australia China Relations Institute at the University of Technology Sydney and co-founder of the Social Cyber Group. He consults for the International Institute for Strategic Studies.</span></em></p>The Australian government has promised to crack down on companies that aren’t prepared to defend themselves against cyber crime, but their proposed new laws may offer those same businesses a reprieve.Greg Austin, Adjunct Professor, Australia-China Relations Institute, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2176792023-11-16T23:59:02Z2023-11-16T23:59:02ZWhat is LockBit, the cybercrime gang hacking some of the world’s largest organisations?<p>While ransomware incidents have been occurring for more than 30 years, only in the last decade has the term “ransomware” appeared regularly in popular media. Ransomware is a type of malicious software that blocks access to computer systems or encrypts files until a ransom is paid.</p>
<p>Cybercriminal gangs have adopted ransomware as a get-rich-quick scheme. Now, in the era of “ransomware as a service”, this has become a prolific and highly profitable tactic. Providing ransomware as a service means groups benefit from affiliate schemes where commission is paid for successful ransom demands.</p>
<p>Although only one of the many gangs operating, LockBit has been increasingly visible, with several high-profile victims recently appearing on the group’s website.</p>
<p>So what is LockBit? Who has fallen victim to them? And how can we protect ourselves from them?</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/international-ransomware-gangs-are-evolving-their-techniques-the-next-generation-of-hackers-will-target-weaknesses-in-cryptocurrencies-211233">International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies</a>
</strong>
</em>
</p>
<hr>
<h2>What, or who, is LockBit?</h2>
<p>To make things confusing, the term LockBit refers to both the malicious software (malware) and to the group that created it.</p>
<p>LockBit <a href="https://www.kaspersky.com/resource-center/threats/lockbit-ransomware">first gained attention in 2019</a>. It’s a form of malware deliberately designed to be secretly deployed inside organisations, to find valuable data and steal it.</p>
<p>But rather than simply stealing the data, LockBit is a form of ransomware. Once the data has been copied, it is encrypted, rendering it inaccessible to the legitimate users. This data is then held to ransom – pay up, or you’ll never see your data again.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1723850461898281180"}"></div></p>
<p>To add further incentive for the victim, if the ransom is not paid, they are threatened with publication of the stolen data (often described as double extortion). This threat is reinforced with a countdown timer on LockBit’s blog on <a href="https://theconversation.com/explainer-what-is-the-dark-web-46070">the dark web</a>.</p>
<p>Little is known about the LockBit group. Based on their website, the group doesn’t have a specific political allegiance. Unlike some other groups, they also don’t limit the number of affiliates:</p>
<blockquote>
<p>We are located in the Netherlands, completely apolitical and only interested in money. We always have an unlimited amount of affiliates, enough space for all professionals. It does not matter what country you live in, what types of language you speak, what age you are, what religion you believe in, anyone on the planet can work with us at any time of the year.</p>
</blockquote>
<p>Notably, LockBit have rules for their affiliates. Examples of forbidden targets (victims) include:</p>
<ul>
<li>critical infrastructure</li>
<li>institutions where damage to the files could lead to death (such as hospitals)</li>
<li>post-Soviet countries such as Armenia, Belarus, Estonia, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine and Uzbekistan.</li>
</ul>
<p>Other ransomware providers have also claimed they won’t target institutions like hospitals – but this doesn’t guarantee victim immunity. Earlier this year a <a href="https://www.theregister.com/2023/01/04/lockbit_sickkids_ransomware/">Canadian hospital was a victim of LockBit</a>, triggering the group behind LockBit to post an apology, offer free decryption tools and allegedly expel the affiliate who hacked the hospital. </p>
<p>While rules may be in place, there is always potential for rogue users to <a href="https://www.scmagazine.com/analysis/ransomware-groups-dont-abide-by-promises-not-to-target-healthcare">target forbidden organisations</a>.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1609857321315835906"}"></div></p>
<p>The final rule in the list above is an interesting exception. According to the group, these countries are off limits because a high proportion of the group’s members were “born and grew up in the Soviet Union”, despite now being “located in the Netherlands”.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/putins-russia-people-increasingly-identify-with-the-soviet-union-heres-what-that-means-181129">Putin's Russia: people increasingly identify with the Soviet Union – here's what that means</a>
</strong>
</em>
</p>
<hr>
<h2>Who’s been hacked by LockBit?</h2>
<p>High-profile victims include the United Kingdom’s Royal Mail and Ministry of Defence, and Japanese cycling component manufacturer Shimano. Data stolen from aerospace company Boeing was leaked just this week after the company refused to pay ransom to LockBit.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="LockBit website screenshot showing download links for stolen data" src="https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=562&fit=crop&dpr=1 600w, https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=562&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=562&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=706&fit=crop&dpr=1 754w, https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=706&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/559314/original/file-20231114-19-vcp8j5.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=706&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">LockBit’s website on the dark web is used to publish stolen data if the ransom is not paid.</span>
<span class="attribution"><span class="source">Screenshot sourced by authors.</span></span>
</figcaption>
</figure>
<p>While not yet confirmed, the recent ransomware incident experienced by the Industrial and Commercial Bank of China has been <a href="https://www.scmagazine.com/news/lockbit-takes-credit-for-ransomware-attack-on-us-subsidiary-of-chinese-bank%20https://www.scmagazine.com/news/lockbit-takes-credit-for-ransomware-attack-on-us-subsidiary-of-chinese-bank">claimed by LockBit</a>.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1723060456888193238"}"></div></p>
<p>Since appearing on the cybercrime scene, LockBit has been linked to almost <a href="https://www.cyber.gov.au/about-us/advisories/understanding-ransomware-threat-actors-lockbit">2,000 victims in the United States alone</a>.</p>
<p>From the list of victims seen below, LockBit is clearly being used in a scatter-gun approach, with a wide variety of victims. This is not a series of planned, targeted attacks. Instead, it shows LockBit software is being used by a diverse range of criminals in a service model.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="LockBit blog screenshot showing victims with countdown timer" src="https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=294&fit=crop&dpr=1 600w, https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=294&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=294&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=369&fit=crop&dpr=1 754w, https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=369&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/559313/original/file-20231114-21-syppv0.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=369&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">LockBit’s blog on the dark web provides a showroom for public shaming of their victims.</span>
<span class="attribution"><span class="source">Screenshot sourced by authors.</span></span>
</figcaption>
</figure>
<h2>How we can protect ourselves</h2>
<p>In recent years, ransomware as a service (RaaS for short) has become popular.</p>
<p>Just as organisations use software-as-a-service providers – such as licensing for office tools like Microsoft 365, or accounting software for payroll – malicious services are providing tools for cybercriminals.</p>
<p>Ransomware as a service enables an inexperienced criminal to deliver a ransomware campaign to multiple targets quickly and efficiently – often at minimal cost and usually on a profit-sharing basis.</p>
<p>The RaaS platform handles the malware management, data extraction, victim negotiation and payment handling, effectively outsourcing criminal activities.</p>
<p>The process is so well developed, such groups even provide guidelines on how to become an affiliate, and what benefits one will gain. With a 20% commission of the ransom being paid to LockBit, this system can generate significant revenue for the group – including the deposit of 1 Bitcoin (approximately A$58,000) required from new users.</p>
<p>While ransomware is a growing concern around the globe, good cybersecurity practices can help. Updating and patching our systems, good password and account management, network monitoring and reacting to unusual activity can all help to minimise the likelihood of any compromise – or at least limit its extent.</p>
<p>For now, whether or not to pay a ransom is a matter of preference and ethics for each organisation. But if we can make it more difficult to get in, criminal groups will simply shift to easier targets.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australia-is-considering-a-ban-on-cyber-ransom-payments-but-it-could-backfire-heres-another-idea-194516">Australia is considering a ban on cyber ransom payments, but it could backfire. Here's another idea</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/217679/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Prolific and highly profitable, LockBit provides ransomware as a service. Aspiring cybercriminals sign up to the scheme, and the group takes a cut. Here’s how it works.Jennifer Medbury, Lecturer in Intelligence and Security, Edith Cowan UniversityPaul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2151602023-11-13T19:46:20Z2023-11-13T19:46:20ZCan you spot the AI impostors? We found AI faces can look more real than actual humans<figure><img src="https://images.theconversation.com/files/559021/original/file-20231113-29-hr031k.jpg?ixlib=rb-1.1.0&rect=29%2C0%2C3934%2C1994&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">These photos are of real people.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Does ChatGPT ever give you the eerie sense you’re interacting with another human being? </p>
<p>Artificial intelligence (AI) has reached an astounding level of realism, to the point that some tools can even <a href="https://www.science.org/doi/10.1126/sciadv.adh1850">fool people</a> into thinking they are interacting with <a href="https://www.pnas.org/doi/10.1073/pnas.2120481119">another human</a>. </p>
<p>The eeriness doesn’t stop there. In a <a href="https://doi.org/10.1177/09567976231207095">study published today</a> in Psychological Science, we’ve discovered images of white faces generated by the popular <a href="https://en.wikipedia.org/wiki/StyleGAN">StyleGAN2 algorithm</a> look more “human” than actual people’s faces.</p>
<h2>AI creates hyperrealistic faces</h2>
<p>For our research, we showed 124 participants pictures of many different white faces and asked them to decide whether each face was real or generated by AI. </p>
<p>Half the pictures were of real faces, while half were AI-generated. If the participants had guessed randomly, we would expect them to be correct about half the time – akin to flipping a coin and getting tails half the time.</p>
<p>Instead, participants were systematically wrong, and were more likely to say AI-generated faces were real. On average, people labelled about 2 out of 3 of the AI-generated faces as human. </p>
<p>These results suggest AI-generated faces look more real than actual faces; we call this effect “hyperrealism”. They also suggest people, on average, aren’t very good at detecting AI-generated faces. You can compare for yourself the portraits of real people at the top of the page with the ones embedded below.</p>
<p>But perhaps people are aware of their own limitations, and therefore aren’t likely to fall prey to AI-generated faces online? </p>
<p>To find out, we asked participants how confident they felt about their decisions. Paradoxically, the people who were the worst at identifying AI impostors were the most confident in their guesses. </p>
<p>In other words, the people who were most susceptible to being tricked by AI weren’t even aware they were being deceived.</p>
<p><div data-react-class="InstagramEmbed" data-react-props="{"url":"https://www.instagram.com/p/Cqjacb8L2Ut","accessToken":"127105130696839|b4b75090c9688d81dfd245afe6052f20"}"></div></p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<h2>Biased training data deliver biased outputs</h2>
<p>The <a href="https://theconversation.com/the-fourth-industrial-revolution-a-seductive-idea-requiring-critical-engagement-184475">fourth industrial revolution</a> – which includes technologies such as AI, robotics and advanced computing – has profoundly changed the kinds of “faces” we see online. </p>
<p>AI-generated faces are readily available, and their use comes with both risks and benefits. Although they have been used to <a href="https://apnews.com/article/argentina-disappeared-children-military-dictatorship-artificial-intelligence-b847832cbaa940889d2448c0ff6d8a20">help find missing children</a>, they have also been used in <a href="https://www2.deloitte.com/uk/en/blog/auditandassurance/2023/generative-ai-and-fraud-what-are-the-risks-that-firms-face.html">identity fraud</a>, <a href="https://nypost.com/2023/04/12/my-girlfriend-was-really-an-ai-catfish-i-feel-cheated/">catfishing</a> and <a href="https://www.bbc.co.uk/news/technology-60780142">cyber warfare</a>. </p>
<p>People’s misplaced confidence in their ability to detect AI faces could make them more susceptible to deceptive practices. They may, for instance, readily hand over sensitive information to cybercriminals masquerading behind hyperrealistic AI identities.</p>
<p>Another worrying aspect of AI hyperrealism is that it’s racially biased. Using <a href="https://www.pnas.org/doi/10.1073/pnas.2120481119">data from another study</a> which also tested Asian and Black faces, we found only white AI-generated faces looked hyperreal.</p>
<p>When asked to decide whether faces of colour were human or AI-generated, participants guessed correctly about half the time – akin to guessing randomly. </p>
<p>This means white AI-generated faces look more real than AI-generated faces of colour, as well as white human faces.</p>
<h2>Implications of bias and hyperrealistic AI</h2>
<p>This racial bias likely stems from the fact that AI algorithms, including the one we tested, are often trained on images of mostly white faces. </p>
<p>Racial bias in algorithmic training can have serious implications. One recent study found self-driving cars are <a href="https://arxiv.org/abs/2308.02935">less likely to detect Black people</a>, placing them at greater risk than white people. Both the companies producing AI, and the governments overseeing them, have a responsibility to ensure diverse representation and mitigate bias in AI.</p>
<p>The realism of AI-generated content also raises questions about our ability to accurately detect it and protect ourselves. </p>
<p><div data-react-class="InstagramEmbed" data-react-props="{"url":"https://www.instagram.com/p/Coq5FumtOWJ","accessToken":"127105130696839|b4b75090c9688d81dfd245afe6052f20"}"></div></p>
<p>In our research, we identified several features that make white AI faces look hyperreal. For instance, they often have proportionate and familiar features, and they lack distinctive characteristics that make them stand out as “odd” from other faces. Participants misinterpreted these features as signs of “humanness”, leading to the hyperrealism effect. </p>
<p>At the same time, AI technology is advancing so rapidly it will be interesting to see how long these findings apply. There’s also no guarantee AI faces generated by other algorithms will differ from human faces in the same ways as those we tested. </p>
<p>Since our study was published, we have also tested the ability of AI detection technology to identify our AI faces. Although this technology claims to identify the particular type of AI faces we used with a high accuracy, it performed as poorly as our human participants. </p>
<p>Similarly, software for detecting AI writing has also had high rates of <a href="https://www.cell.com/patterns/fulltext/S2666-3899(23)00130-7?_returnURL=https%3A%2F%2Flinkinghub.elsevier.com%2Fretrieve%2Fpii%2FS2666389923001307%3Fshowall%3Dtrue">falsely accusing people of cheating</a> – especially people whose native language is not English.</p>
<h2>Managing the risks of AI</h2>
<p>So how can people protect themselves from misidentifying AI-generated content as real? </p>
<p>One way is to simply be aware of how poorly people perform when tasked with separating AI-generated faces from real ones. If we are more wary of our own limitations on this front, we may be less easily influenced by what we see online – and can take additional steps to verify information when it matters.</p>
<p>Public policy also plays an important role. One option is to require the use of AI to be declared. However, this might not help, or may inadvertently provide a false sense of security when AI is used for deceptive purposes – in which case it is almost impossible to police.</p>
<p>Another approach is to focus on authenticating trusted sources. Similar to the “Made in Australia” or “European CE tag”, applying a trusted source badge – which can be verified and has to be earned through rigorous checks – could help users select reliable media.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ai-image-generation-is-advancing-at-astronomical-speeds-can-we-still-tell-if-a-picture-is-fake-191674">AI image generation is advancing at astronomical speeds. Can we still tell if a picture is fake?</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/215160/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Amy Dawel receives funding from the Australian Research Council. The funder had no role in the design and execution of this study, analyses, interpretation of the data, or decision to submit results.</span></em></p><p class="fine-print"><em><span>Ben Albert Steward receives funding from the Australian Government Research Training Program. The funder had no role in the design and execution of this study, analyses, interpretation of the data, or decision to submit results.</span></em></p><p class="fine-print"><em><span>Clare Sutherland receives funding from the Australian Research Council. The funder had no role in the design and execution of this study, analyses, interpretation of the data, or decision to submit results.</span></em></p><p class="fine-print"><em><span>Eva Krumhuber and Zachary Witkower do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>AI-generated faces are now readily available, and have been used in identity fraud, catfishing and cyber warfare.Amy Dawel, Clinical psychologist and Lecturer, Research School of Psychology, Australian National UniversityBen Albert Steward, Australian National UniversityClare Sutherland, Senior lecturer, University of AberdeenEva Krumhuber, Associate professor, UCLZachary Witkower, Assistant Professor, University of AmsterdamLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2175302023-11-13T02:19:18Z2023-11-13T02:19:18ZMajor cyberattack on Australian ports suggests sabotage by a ‘foreign state actor’<figure><img src="https://images.theconversation.com/files/558984/original/file-20231112-17-mgtyva.jpg?ixlib=rb-1.1.0&rect=98%2C44%2C5793%2C3574&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/aerial-shipping-containers-botany-bay-sydney-699787051">Janelle Lugge/Shutterstock</a></span></figcaption></figure><p>A serious cyberattack has disrupted operations at several of Australia’s largest ports, causing delays and congestion. Late on Friday, port operator <a href="https://www.dpworld.com/supply-chain-solutions/ports-and-terminals">DP World</a> detected an IT breach that affected critical systems used to coordinate shipping activity.</p>
<p>DP World is one of Australia’s largest port operators, handling approximately <a href="https://www.news.com.au/technology/online/hacking/cybersecurity-incident-major-aussie-ports-locked-down-after-breach-rocks-ports-operator-dp-world/news-story/5f9b85e0009f26d1027592d0634fff05">40% of the nation’s container trade</a> across terminals in Brisbane, Sydney, Melbourne and Fremantle.</p>
<p><a href="https://www.abc.net.au/news/2023-11-11/dp-world-australian-ports-cyber-security-incident/103094358">DP World reacted</a> quickly to contain the breach, including shutting down access to their port networks on land, to prevent further unauthorised access. This means they essentially “pulled the plug” on their internet connection to limit possible further harm.</p>
<p>DP World <a href="https://www.channelnewsasia.com/world/port-operator-dp-world-australia-cyber-incident-police-investigating-3915016">senior director Blake Tierney said</a> it is still possible to unload containers from ships, but the trucks that transport the containers cannot drive in or out of the terminals. This is a precaution when the full extent of a data breach is not known. </p>
<p>The latest media reports suggest cargo could be stranded at the ports <a href="https://www.theguardian.com/australia-news/2023/nov/13/australian-port-operator-hit-by-cyber-attack-says-cargo-may-be-stranded-for-days">for several days</a>.</p>
<p>Australian Federal Police and the Australian Cyber Security Centre <a href="https://www.msn.com/en-ae/news/world/dp-world-australia-makes-significant-progress-to-restore-operations-after-cyber-attack/ar-AA1jMEHJ">are investigating</a> the source and nature of the attack, <a href="https://www.msn.com/en-gb/news/world/australia-locks-down-ports-after-nationally-significant-cyberattack/ar-AA1jKAFg">deemed a</a> “nationally significant incident” by federal cybersecurity coordinator Darren Goldie.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1723578782416814170"}"></div></p>
<h2>Is there evidence of this being a malicious attack?</h2>
<p>The timing, scale and impact of the disruption do suggest this was a targeted attack.</p>
<p>It occurred on a Friday night, when most staff were off duty and less likely to notice or respond to the incident. The target was a major port operator that handles a significant share of Australia’s trade and commerce. Such an attack can have serious consequences for Australia’s economy, security and sovereignty.</p>
<p>The identity and motive of the attackers are not yet known, but the skills needed to mount such an attack suggest a foreign state actor trying to undermine Australia’s national security or economic interests.</p>
<p>In recent years, cyberattacks on ports and shipping have become more common. For instance, in February 2022, several <a href="https://www.euronews.com/2022/02/03/oil-terminals-disrupted-after-european-ports-hit-by-cyberattack">European ports</a> were hit by a cyberattack that disrupted oil terminals. In another incident early this year, a <a href="https://therecord.media/ransomware-attack-on-maritime-software-impacts-1000-ships">ransomware attack</a> on maritime software impacted more than 1,000 ships. Also in January 2023, the <a href="https://maritime-executive.com/article/cyberattack-threatens-release-of-port-of-lisbon-data">Port of Lisbon</a> was targeted by a ransomware attack which threatened the release of port data. </p>
<p>These incidents <a href="https://www.navy.gov.au/media-room/publications/soundings-42">highlight the vulnerability</a> of the maritime industry to cyber threats and the need for increased cybersecurity measures. </p>
<h2>How might the attack have happened?</h2>
<p>So far, the details have not been disclosed. But based on what we know about similar cases, it is possible the attack took advantage of vulnerabilities in DP World’s system. These vulnerabilities are normally closed by applying a “patch” in the same way your browser needs updating every week or two to keep it safe from being hacked.</p>
<p>Once hackers gained access, the breach likely pivoted to infiltrate the operational systems that directly manage port activities. Failing to isolate and secure these control networks allowed the incident to impact operations. </p>
<p>It is also possible access was gained via a phishing email or a malicious link. Such an attack may have tricked an employee or a contractor into opening an attachment or clicking on a link that installed malware or ransomware on the network.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dont-click-that-link-how-criminals-access-your-digital-devices-and-what-happens-when-they-do-109802">Don't click that link! How criminals access your digital devices and what happens when they do</a>
</strong>
</em>
</p>
<hr>
<h2>Now what?</h2>
<p>DP World is working urgently to rebuild affected systems from backups. However, resetting port management networks is a complicated process that could take days or weeks. Until the operator’s core systems are securely restored, cargo flows may face ongoing delays.</p>
<p>The Australian government is <a href="https://australiancybersecuritymagazine.com.au/australian-government-monitors-significant-stevedore-cyber-attack/">closely involved in managing the situation</a>, providing support and advice to DP World and other affected parties through the <a href="https://www.cisc.gov.au/">Critical Infrastructure Centre</a> and the <a href="https://www.cisc.gov.au/engagement/trusted-information-sharing-network">Trusted Information Sharing Network</a>. These government agencies are equipped to provide timely support in times of crisis. </p>
<h2>How can we prevent future attacks?</h2>
<p>The DP World cyberattack is a clear warning of the risks to the essential transportation services that power Australia’s trade and commerce. </p>
<p>Ports are difficult targets. To cause such a disruption, the attackers would have to be highly skilled and plan ahead. The fact ports have been successfully hacked more than once in recent times suggests threats from cybercriminals are steadily increasing. </p>
<p>For companies such as DP World, it’s important to continuously monitor networks in real time, promptly install security updates and keep critical systems separated from each other. </p>
<p>Dedicated, well-resourced cybersecurity personnel, employee training and incident response plans are key to improving preparedness.</p>
<p>Ports should closely coordinate with government counterparts and industry partners on intelligence sharing and cybersecurity best practices. Cyberthreats evolve so quickly, always being prepared for the latest one is a significant challenge. </p>
<p>For a seamless flow of goods, we need to be constantly vigilant of potential threats to our supply chain infrastructure. This latest attack is an urgent reminder that cyber resilience must be a top priority.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-to-make-fragile-global-supply-chains-stronger-and-more-sustainable-169310">How to make fragile global supply chains stronger and more sustainable</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/217530/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Tuffley does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Port operator DP World handles roughly 40% of Australia’s sea freight. Over the weekend its ports were disrupted by what appears to be a malicious, targeted cyberattack.David Tuffley, Senior Lecturer in Applied Ethics & CyberSecurity, Griffith UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2110812023-08-08T13:41:05Z2023-08-08T13:41:05ZInternet shutdowns: here’s how governments do it<figure><img src="https://images.theconversation.com/files/541286/original/file-20230804-17-3ju57z.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">BigNazik/GettyImages</span></span></figcaption></figure><p>Senegal’s government has shut down internet access in response to <a href="https://www.reuters.com/world/africa/senegal-government-cuts-mobile-internet-access-amid-deadly-rioting-2023-06-04/">protests about the sentencing of opposition leader Ousmane Sonko</a>. This is a <a href="https://www.accessnow.org/campaign/keepiton/">tactic</a> governments are increasingly using during times of political contention, such as elections or social upheaval. The shutdowns can be partial or total, temporary or prolonged. They may target specific platforms, regions, or an entire country.</p>
<p>I’m a researcher who investigates the <a href="https://link.springer.com/article/10.1007/s11558-022-09483-z">causes</a> and <a href="https://journals.sagepub.com/doi/full/10.1177/00223433231168190">consequences</a> of internet access disruptions and censorship in various African countries. This includes understanding how shutdowns work. </p>
<p>It’s important to understand the complex technicalities behind internet shutdowns, for at least two reasons. </p>
<p>First, understanding how an internet shutdown works shows whether or how it can be circumvented. This makes it possible to support affected communities. </p>
<p>Second, the way a shutdown works shows who is responsible for doing it. Then the responsible actors can be held to account, both legally and ethically. </p>
<p>Different forms of shutdowns require different levels of technical sophistication. More sophisticated forms are harder to detect and attribute. </p>
<p>There are two common strategies governments use to disrupt internet access: <a href="https://ieeexplore.ieee.org/document/6678649">routing disruptions and packet filtering</a>.</p>
<h2>How to shut down the internet</h2>
<p><strong>Routing disruptions</strong></p>
<p>Every device connected to the internet, whether it’s your computer, smartphone, or any other device, has an IP (internet protocol) address assigned to it. This allows it to send and receive data across the network. </p>
<p>An autonomous system is a collection of connected IP networks under the control of a single entity, for instance an internet service provider or big company. </p>
<p>These autonomous systems rely on protocols – called border gateway protocols – to coordinate routing between them. Each system uses the protocol to communicate with other systems and exchange information about which internet routes they can use to reach different destinations (websites, servers, services etc). </p>
<p>So, if an autonomous system, like an internet service provider, suddenly withdraws its border gateway protocol routes from the internet, the block of IP addresses they administer disappears from the routing tables. This means they can no longer be reached by other autonomous systems. </p>
<p>As a consequence, customers using IP addresses from that autonomous system can’t connect to the internet.</p>
<p>Essentially this tactic stops information from being transmitted. Information can’t find its destination, and people using the internet will not be able to connect. </p>
<p>The disruption of border gateway protocols can easily be detected from the outside due to changes in the global routing state. They can also be attributed to the internet service provider administering a certain autonomous system. </p>
<p>For instance, data suggests that the infamous <a href="https://policycommons.net/artifacts/1302785/egyptian-government-attacks-egypts-internet/1906077/">internet shutdown in Egypt in 2011</a> – an unprecedented blackout of internet traffic in the entire country – was the result of tampering with border gateway protocols. It could be <a href="https://ieeexplore.ieee.org/document/6678649">traced back to individual autonomous systems</a> and hence internet service providers. </p>
<p>Border gateway protocol disruptions that entirely disconnect customers from the internet are rare. These disruptions can easily be detected by outside observers and traced back to individual organisations or service providers. In addition, shutting down entire networks is the most indiscriminate form of an internet shutdown and can <a href="https://freemyinternet.info/3_about_internet_shutdowns">cause significant collateral damage</a> to a country’s economy.</p>
<p><strong>Packet filtering</strong></p>
<p>To target specific content, governments often use packet filtering – shutting down only parts of the internet. </p>
<p>Governments can use packet filtering techniques to block or disrupt specific content or services. For instance, internet service providers can block access to specific IP addresses associated with websites or services they wish to restrict, such as 15.197.206.217 associated with the social media platform WhatsApp. </p>
<p>Governments also increasingly use <a href="https://democracyinafrica.org/a-new-anti-democratic-tool-the-deep-packet-inspection-technique/">deep packet inspection</a> technology as a tool to filter and block specific content. It’s commonly used for surveillance. Deep packet inspection infrastructure enables the inspection of data packets and hence the content of communication. It’s a more tailored approach to blocking content and makes circumvention more difficult. </p>
<p>In <a href="https://ooni.org/post/2023-senegal-social-media-blocks/">Senegal</a>, internet service providers likely used deep packet inspection to block access to WhatsApp, Telegram, Facebook, Instagram, Twitter and YouTube. </p>
<p>When internet shutdowns are done through packet filtering, only individuals within the affected network are able to detect the shutdown. Therefore, <a href="https://ensa.fi/active-probing/">active probing</a> is required to detect the shutdown. This is a technique that’s used by cybersecurity researchers and civil society actors to study the extent and methods of internet censorship in different regions.</p>
<h2>Violation of rights</h2>
<p>Though the two most common strategies are <a href="https://ieeexplore.ieee.org/document/6678649">routing disruptions and packet filtering</a>, there are many other tools governments can use. For instance, <a href="https://www.ncr-iran.org/en/news/iran-protests/iran-is-moving-towards-a-complete-internet-shutdown-one-bite-at-a-time/">domain name system manipulation</a>, <a href="https://www.cambridge.org/core/journals/political-science-research-and-methods/article/hot-topics-denialofservice-attacks-on-news-websites-in-autocracies/A50BD0533D1132765F64C2700E5822FC">denial of service attacks</a>, or the blunt sabotage of physical infrastructure. A <a href="https://www.accessnow.org/wp-content/uploads/2022/06/A-taxonomy-of-internet-shutdowns-the-technologies-behind-network-interference.pdf">detailed overview</a> of techniques is provided by Access Now, an NGO defending digital civil rights of people around the world.</p>
<p>There is wide agreement that internet shutdowns are a violation of fundamental rights such as freedom of expression. However, governments are developing increasingly sophisticated means to block or restrict access to the internet. It’s therefore important to closely monitor the ways in which internet shutdowns are being implemented. This will help to provide circumvention strategies and hold the implementers to account.</p><img src="https://counter.theconversation.com/content/211081/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Lisa Garbe does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>There are different tactics that governments can use to block the internet, some more sophisticated than others.Lisa Garbe, Research Fellow, WZB Berlin Social Science Center.Licensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2063102023-07-11T13:54:48Z2023-07-11T13:54:48ZAI might eventually be an extinction threat, but it poses more pressing risks<figure><img src="https://images.theconversation.com/files/535861/original/file-20230705-23-xm2j7m.jpg?ixlib=rb-1.1.0&rect=17%2C5%2C3799%2C2149&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">AI has major potential in medical diagnostics.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/female-patient-lying-on-ct-pet-2213585573">Gorodenkoff / Shutterstock</a></span></figcaption></figure><p>Since the AI chatbot <a href="https://openai.com/chatgpt">ChatGPT</a> was released in 2020, we’ve been hearing about the threat posed by artificial intelligence. A <a href="https://www.bbc.co.uk/news/uk-65746524">statement</a> signed by academic experts and tech industry figures even branded AI an “extinction risk”. </p>
<p>But whatever you think of such warnings, an existential threat to humanity is likely to be a threat only in the longer term. There are much more tangible risks in the near and medium term. So what are these and how worried should we be?</p>
<p>One longstanding and often-raised concern is the possibility that AI could take our jobs away. This is something I’ve been considering since 1997, when I wrote my first <a href="https://link.springer.com/chapter/10.1007/978-1-349-14620-8_47">artificial intelligence paper on neural networks </a>. </p>
<p>Our aim was to develop an intelligent manufacturing machine that is more capable than humans at detecting faults during machining operations. This would make the production system more efficient. </p>
<p>At that time, we wondered whether this would cause people to become unemployed when machines displaced humans on the shop floor. However, automation and other advances created new job opportunities for people, <a href="https://www.holtengineering.co.uk/news/cnc-jobs-how-technology-is-changing-the-way-we-approach-them/">such as programming the machines</a>. So, an answer to the quick pace of change in technology can be to retrain people for the new roles that technological disruption creates. </p>
<p>It’s not just manufacturing jobs that are at risk. <a href="https://www.bing.com/create">AI image creation software</a> has been the subject of claims that it could put artists and designers out of work. However, again I think history offers some lessons. </p>
<p>The invention of photography did not replace painting and I don’t believe image generators will either. It’s unlikely that AI systems will be able to produce novel artistic works in the short to medium term. </p>
<p>It’s possible, however, that in the medium term, machines could replace humans in many work positions. For example, in medicine, AI systems could integrate laboratory results, medical images and a patient’s medical history to provide a reliable diagnosis and prognosis.</p>
<p>They could also replace humans for many of the <a href="https://www.bbc.co.uk/news/uk-scotland-50745316">tasks carried out in surgery</a>. Other fields that could eventually depend on AI include market data analysis, investment decisions and computer programming. </p>
<p>Despite the risks of unemployment, AI could have many positive effects in the workplace. For example, AI can act as a tool to enhance human capabilities, resulting in greater productivity. </p>
<p>In the short to medium term, the technology could have a similar impact to that of calculators in the 1970s, to the computers that replaced <a href="http://news.bbc.co.uk/1/hi/7427237.stm">typewriters</a> in the 1980s and the automation and robotics that transformed <a href="https://www.sciencedirect.com/science/article/abs/pii/016974399290030J">many factories in the 1990s</a>.</p>
<figure class="align-center ">
<img alt="Factory robots." src="https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=376&fit=crop&dpr=1 600w, https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=376&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=376&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=473&fit=crop&dpr=1 754w, https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=473&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/536574/original/file-20230710-16372-2dl36i.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=473&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Automation can lead to job losses, but other opportunities open as a result.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/team-welding-robots-represent-movement-automotive-399874480">Praphan Jampala</a></span>
</figcaption>
</figure>
<h2>Bad education?</h2>
<p>In education, there have been concerns that ChatGPT could negatively affect the <a href="https://elearningindustry.com/pros-and-cons-of-using-ai-in-learning-chatgpt-helping-or-hindering-learning-outcomes">learning process of students</a>, or their <a href="https://www.nature.com/articles/d41586-023-01693-8">health</a>. For example, a student could ask ChatGPT to write their coursework for them, bypassing the research and writing effort that leads to a better understanding of the topic in question. Perhaps a better approach would be to modify and enhance how we <a href="https://theconversation.com/chatgpt-students-could-use-ai-to-cheat-but-its-a-chance-to-rethink-assessment-altogether-198019">teach and assess</a> the outcomes of learning.</p>
<p>Making education more focused on practical skills and the implementation of knowledge in problem solving could ensure a deeper understanding on the part of students. AI could be used for guidance, in much the same way we currently use calculators, to help enrich people’s knowledge. </p>
<p>In the near future, it’s vital that students pick university courses that understand how to use AI and choose subjects that will still be in high demand with the continued expansion of that technology. </p>
<p>However, we have assumed up until now that AI systems work as designed to provide accurate information. Unfortunately, we know that this isn’t the case. </p>
<p>In May 2023, for example, <a href="https://www.bbc.co.uk/news/world-us-canada-65735769">a US lawyer admitted using ChatGPT for case research</a>. The lawyer’s filing was found to reference legal cases that didn’t exist. The chatbot had made them up. It’s not the first time that these “AI hallucinations” have been <a href="https://www.cnbc.com/2023/05/31/openai-is-pursuing-a-new-way-to-fight-ai-hallucinations.html">reported</a>. </p>
<p>Then we have the very real risk that AI could be used for nefarious purposes such as identity theft. For example, criminals could use AI to <a href="https://theconversation.com/ai-clones-made-from-user-data-pose-uncanny-risks-206357">clone someone’s voice</a>. They could then phone family members and try to convince them to give out sensitive information that could be helpful for accessing bank accounts. </p>
<p>A variant of AI-driven identity theft is the use of <a href="https://www.bbc.co.uk/news/technology-63669711">deepfake videos</a>. Among the many possible uses, there are fears they could be used to impersonate politicians, influencing elections. Recently, Martin Lewis, an English financial journalist and broadcaster <a href="https://www.bbc.co.uk/news/av/uk-66131229">was the subject of a scam advert</a> using a deepfake video.</p>
<p>But what of the longer-term “existential risk” to humanity? Warnings about the possibility that AI could wipe out our species go back <a href="https://www.bbc.co.uk/news/technology-30290540">long before ChatGPT</a>. </p>
<p>Whatever one thinks of this possibility, we should be mindful that AI will “live forever”. The technology is here to stay, which means that it will accumulate knowledge, data and experience gathered from billions of people over multiple generations. </p>
<p>If AI is designed to mimic human beings, its survival instinct and consciousness might develop gradually over decades. As such, it might stop being merely a tool to support us and become an entity in its own right. If that happens, there’s a real possibility it could then become capable of taking self-interested decisions.</p><img src="https://counter.theconversation.com/content/206310/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Amin Al-Habaibeh receives funding from Innovate UK, UKRI, European Commission and Royal Academy of Engineering.</span></em></p>We need to be mindful of the potential short- and medium-term risks of AI.Amin Al-Habaibeh, Professor of Intelligent Engineering Systems, Nottingham Trent UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2079442023-06-22T16:04:31Z2023-06-22T16:04:31ZFour ways criminals could use AI to target more victims<figure><img src="https://images.theconversation.com/files/532713/original/file-20230619-25-f0xjc9.jpg?ixlib=rb-1.1.0&rect=16%2C0%2C5341%2C3566&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Building a profile of someone can make it easier for criminals to gain access to their personal accounts.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/ai-artificial-intelligence-concept-763283053">Metamorworks / Shutterstock</a></span></figcaption></figure><p>Warnings about artificial intelligence (AI) are ubiquitous right now. They have included <a href="https://www.safe.ai/statement-on-ai-risk">fearful messages</a> about AI’s potential to cause the extinction of humans, invoking images of the Terminator movies. The UK Prime Minister Rishi Sunak has even <a href="https://www.gov.uk/government/news/pm-urges-tech-leaders-to-grasp-generational-opportunities-and-challenges-of-ai">set up a summit to discuss AI safety</a>.</p>
<p>However, we have been using AI tools for a long time – from the algorithms used to <a href="https://online.york.ac.uk/ai-search-and-recommendation-algorithms/">recommend relevant products</a> on shopping websites, to cars with technology that <a href="https://en.wikipedia.org/wiki/Traffic-sign_recognition">recognises traffic signs</a> and <a href="https://journals.sagepub.com/doi/full/10.1177/17298814211002974">provides lane positioning</a>. AI is a tool to increase efficiency, process and sort large volumes of data, and offload decision making.</p>
<p>Nevertheless, these tools are open to everyone, including criminals. And we’re already seeing the early stage adoption of AI by criminals. Deepfake technology has been used to <a href="https://www.bbc.co.uk/news/entertainment-arts-65854112">generate revenge pornography</a>, for example. </p>
<p>Technology <a href="https://www.europol.europa.eu/crime-areas-and-statistics/crime-areas/cybercrime">enhances the efficiency of criminal activity</a>. It allows lawbreakers to target a greater number of people and helps them be more plausible. Observing how criminals have adapted to, and adopted, technological advances in the past, can provide some clues as to how they might use AI. </p>
<h2>1. A better phishing hook</h2>
<p>AI tools like <a href="https://openai.com/blog/chatgpt">ChatGPT</a> and <a href="https://bard.google.com">Google’s Bard</a> provide writing support, allowing inexperienced writers to craft effective marketing messages, for example. However, this technology could also help criminals sound more believable when contacting potential victims.</p>
<p>Think about all those spam phishing emails and texts that are badly written and easily detected. Being plausible is key to being able to elicit information from a victim. </p>
<figure class="align-center ">
<img alt="Woman holding a smartphone." src="https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/532909/original/file-20230620-15-in15vt.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Criminals could create a deepfake version of you who could interact with family members over the phone, text and email.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/hands-woman-holding-smartphone-using-online-2062352315">Fizkes / Shutterstock</a></span>
</figcaption>
</figure>
<p>Phishing is a numbers game: an <a href="https://www.securitymagazine.com/articles/90345-more-than-three-billion-fake-emails-are-sent-worldwide-every-day">estimated 3.4 billion spam emails</a> are sent every day. My own calculations show that if criminals were able to improve their messages so that as little as 0.000005% of them now convinced someone to reveal information, it would result in 6.2 million more phishing victims each year.</p>
<h2>2. Automated interactions</h2>
<p>One of the early uses for AI tools was to automate interactions between customers and services over text, chat messages and the phone. This enabled a faster response to customers and optimised business efficiency. Your first contact with an organisation is likely to be with an AI system, before you get to speak to a human.</p>
<p>Criminals can use the same tools to create automated interactions with large numbers of potential victims, <a href="https://www.scmagazine.com/news/emerging-technology/attackers-using-ai-to-enhance-conversational-scams-over-mobile-devices">at a scale not possible</a> if it were just carried out by humans. They can impersonate legitimate services like banks over the phone and on email, in an attempt to elicit information that would allow them to steal your money. </p>
<h2>3. Deepfakes</h2>
<p>AI is really good at generating mathematical models that can be “trained” on large amounts of real-world data, making those models better at a given task. Deepfake technology in video and audio is an example of this. A deepfake act called <a href="https://blogs.nvidia.com/blog/2022/09/13/metaphysic-ai-avatars-americas-got-talent/">Metaphysic</a>, recently demonstrated the technology’s potential when they unveiled a video of <a href="https://www.youtube.com/watch?v=mJeE9BNEa-o">Simon Cowell singing opera on the television show America’s Got Talent</a>.</p>
<p>This technology is beyond the reach of most criminals, but the ability to use AI to mimic the way a person would respond to texts, write emails, leave voice notes or make phone calls is freely available using AI. So is the data to train it, which can be gathered from videos on social media, for example. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/mJeE9BNEa-o?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">The deepfake act Metaphysic perform on America’s Got Talent.</span></figcaption>
</figure>
<p>Social media has always been a rich seam for criminals mining information on potential targets. There is now the potential for AI to be used to create a deepfake version of you. This deepfake can be exploited to interact with friends and family, convincing them to hand criminals information on you. Gaining a <a href="https://dl.acm.org/doi/abs/10.1145/3372297.3417892">better insight into your life</a> makes it <a href="https://www.itpro.com/security/34616/the-top-password-cracking-techniques-used-by-hackers">easier to guess</a> passwords or pins.</p>
<h2>4. Brute forcing</h2>
<p>Another technique used by criminals called “brute forcing” could also benefit from AI. This is where many combinations of characters and symbols are tried in turn to see if they match your passwords. </p>
<p>That’s why long, complex passwords are safer; they are harder to
guess by this method. Brute forcing is resource intensive, but it’s easier if you know something about the person. For example, this allows lists of potential passwords to be ordered according to priority – increasing the efficiency of the process. For instance, they could start off with combinations that relate to the names of family members or pets.</p>
<p>Algorithms trained on your data could be used to help build these prioritised lists more accurately and target many people at once – so fewer resources are needed. Specific AI tools could be developed that harvest your online data, then analyse it all to build a profile of you.</p>
<p>If, for example, you frequently posted on social media about Taylor Swift, manually going through your posts for password clues would be hard work. Automated tools do this quickly and efficiently. All of this information would go into making the profile, making it easier to guess passwords and pins.</p>
<h2>Healthy scepticism</h2>
<p>We should not be frightened of AI, as it could bring real benefits to society. But as with any new technology, society needs to adapt to and understand it. Although we take smart phones for granted now, society had to adjust to having them in our lives. They have largely been beneficial, but uncertainties remain, such as a good amount of screen time for children. </p>
<p>As individuals, we should be proactive in our attempts to understand AI, not complacent. We should develop our own approaches to it, maintaining a healthy sense of scepticism. We will need to consider how we verify the validity of what we are reading, hearing or seeing. </p>
<p>These simple acts will help society reap the benefits of AI while ensuring we can protect ourselves from potential harms.</p><img src="https://counter.theconversation.com/content/207944/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Daniel Prince receives funding from UKRI via the PETRAS The National Centre of Excellence for IoT Systems Cyber Security.</span></em></p>AI could allow cybercriminals to operate with greater efficiency, targeting more people at once.Daniel Prince, Professor of Cyber Security, Lancaster UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2068932023-06-21T11:58:44Z2023-06-21T11:58:44ZHeists Worth Billions: An investigation found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and little being done to combat the fraud<p>In January 2020, Debi Gamber studied a computer screen filled with information on scores of check deposits. As a manager for eight years at a TD Bank branch in the Baltimore suburb of Essex, she had reviewed a flurry of account activity as a security measure. These transactions, though, from the ATM of a tiny TD location nestled in a nearby mall, <a href="https://www.documentcloud.org/documents/23808373-23-02-14-tdc-jt-2-usa-v-seck-diape-v-vaduva-et-al_exc-dg-dir_p-2">struck her as suspicious</a>.</p>
<p>Time and again, Gamber saw that these checks were payable to churches – many states away from the Silver Spring shopping center branch – <a href="https://www.documentcloud.org/documents/23808369-diape-seck-indictment">yet had been deposited into personal accounts</a>, a potential sign of theft.</p>
<p>Digging deeper, she determined that the same customer service representative, Diape Seck, had opened at least seven of the accounts, which had received more than 200 church check deposits. Even fishier, the purported account holders had used Romanian passports and driver’s licenses to prove their identities. Commercial bankers rarely see those forms of ID. So why were all these Romanians streaming into a small branch located above a Marshall’s clothing store?</p>
<p>Suspecting crimes, Gamber submitted an electronic fraud intake form, then contacted TD’s security department to inform them directly of what she had unearthed. Soon, the bank discovered that Seck had relied on Romanian documents for not just seven accounts but for <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-convicted-after-trial-fraudulently-opening-bank-accounts">412 of them</a>. The bank phoned local police and federal law enforcement to report that an insider appeared to be helping criminals cheat churches and TD.</p>
<p>Nine months after TD’s tip, agents started rounding up conspirators, eventually arresting <a href="https://www.documentcloud.org/documents/23808369-diape-seck-indictment">nine</a> of them for crimes that netted more than <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-sentenced-three-years-federal-prison-fraudulently-opening-bank">US$1.7 million</a> in stolen checks. They all <a href="https://www.documentcloud.org/documents/23809801-district-of-maryland-cmecf-live-nextgen-1">pleaded guilty</a> to financial crimes except for Seck, who was <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-convicted-after-trial-fraudulently-opening-bank-accounts">convicted</a> in February 2023 for bank fraud, accepting a bribe and other crimes. He was <a href="https://www.justice.gov/usao-md/pr/former-bank-employee-sentenced-three-years-federal-prison-fraudulently-opening-bank">sentenced in June 2023</a> to three years in prison. </p>
<p><iframe id="zhfmR" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/zhfmR/1/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<h2>Sophisticated crimes</h2>
<p>How could it happen? How could criminals engineer a yearlong, multimillion-dollar fraud just by relying on a couple of employees at two small bank branches in a scheme with victims piling up into hundreds? </p>
<p>The answer is, because it’s easy. Crimes like these happen every day across the country. Scams facilitated by deceiving financial institutions – from international conglomerates to regional chains, community banks, and credit unions – are robbing millions of people and institutions out of billions and billions of dollars. At the heart of this unprecedented crime wave are so-called drop accounts created by street gangs, hackers and even rings of friends. These fraudsters are leveraging technology to obtain fake or stolen information to create the drop accounts, which are then used as the place to first “drop” and then launder purloined funds. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A person in a white hooded sweatshirt walks toward a U.S. postal carrier" src="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=428&fit=crop&dpr=1 600w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=428&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=428&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=537&fit=crop&dpr=1 754w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=537&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/531032/original/file-20230608-20-gs66fj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=537&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An October 2022 surveillance photo of an armed robber approaching a mail carrier.</span>
<span class="attribution"><a class="source" href="https://www.documentcloud.org/documents/23809211-usa_v_capers__flmdce-23-01027__00010">The Conversation/court records</a></span>
</figcaption>
</figure>
<p>To better understand the growing phenomenon of drop accounts and their role in far-reaching crime, the <a href="https://ebcs.gsu.edu/">Evidence-Based Cybersecurity Research Group</a> at Georgia State University joined The Conversation in a four-month investigation of this financial underworld. The inquiry involved extensive surveillance of criminals’ interactions on the dark web and secretive messaging apps that have become hives of illegal activity. The reporting shows:</p>
<ul>
<li><strong>The technological skills of street gangs</strong> and other criminal groups are exceptionally sophisticated, allowing them to loot billions from individuals, businesses, municipalities, states and the federal government.</li>
<li><strong>Robberies of postal workers have <a href="https://www.durbin.senate.gov/imo/media/doc/Letter%20to%20PMG%20DeJoy%20on%20Carrier%20Robberies%20Signed.pdf">escalated sharply</a></strong> as fraudsters steal public mailbox keys in the first step of a chain of crimes that ends with drop accounts’ being loaded with millions in stolen funds.</li>
<li><strong>A robust, anonymous online marketplace</strong> provides everything an aspiring criminal needs to commit drop account fraud, including <a href="https://www.documentcloud.org/documents/23824400-binder1">video tutorials and handbooks</a> that describe tactics for each bank. The dark web and encrypted chat services have become one-stop shops for cybercriminals to buy, sell and share stolen data and hacking tools.</li>
<li><strong>The federal government and banks know the scope</strong> and impact of the crime but have so far failed to take meaningful action.</li>
</ul>
<p>“What we are seeing is that the fraudsters are collaborating, and they are using the latest tech,” said Michael Diamond, general manager of digital banking at Mitek Systems, a San Diego-based developer of digital identity verification and counterfeit check detection systems. “Those two things combined are what are driving the fraud numbers way, way up.”</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/7BrqAMx2vMg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Criminals target letter carriers for their arrow keys, giving them access to public mailboxes. Via Evidence-Based Cybersecurity Research Group.</span></figcaption>
</figure>
<h2>Billions stolen</h2>
<p>The growth is staggering. Financial institutions <a href="https://www.fincen.gov/sites/default/files/shared/FinCEN%20Alert%20Mail%20Theft-Related%20Check%20Fraud%20FINAL%20508.pdf">reported more than 680,000</a> suspected check frauds in 2022, nearly double the 350,000 such reports the prior year, according to the Treasury Department’s Financial Crimes Enforcement Network, also known as FinCEN. Through internet transactions alone, swindles typically facilitated by drop accounts cost individuals and businesses almost $4.8 billion last year, a jump of about 60% from comparable fraud losses of more than $3 billion in 2020, the Federal Bureau of Investigation <a href="https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf">reported</a>.</p>
<p>Plus, a portion of the <a href="https://www.documentcloud.org/documents/23834834-ssrn-id3906395">estimated $64 billion</a> stolen from just one COVID-19 relief fund went to gangsters who rely on drop accounts, according to a <a href="https://www.documentcloud.org/documents/23808364-20221201-how-fintechs-facilitated-fraud-in-the-paycheck-protection-program-compressed">congressional report</a> and an analysis from the <a href="https://www.documentcloud.org/documents/23834834-ssrn-id3906395">University of Texas at Austin</a>. Criminals using drop accounts also hit the pandemic unemployment relief funds, which experienced improper payments of as much as $163 billion, the <a href="https://www.oig.dol.gov/doloiguioversightwork.htm">Labor Department found</a>. Indeed, experts say the large sums of government money meant to combat economic troubles from COVID-19 fueled the rapid growth of drop account fraud, as trillions of dollars in rescue funds were disbursed in the form of wires and paper checks.</p>
<p>“There were a huge range of criminals who were trained in this during the pandemic,” said one banking industry official who spoke on condition of anonymity because of the sensitivity of the matter. “A lot of them have grown up in the pandemic and seen that it is easy to make a lot of money with these schemes, with very little risk of prosecution.”</p>
<hr>
<p></p><div style="float:right;width:205px;">
<a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz"><img alt="Graphic showing a masked criminal on a stamp and saying 'Heists worth billions'" class="ls-is-cached lazyloaded" data-src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip" src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip"></a></div>
<em>This article is an excerpt from <strong><a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a></strong>, an investigation from The Conversation that found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and uncovered just how little being done to combat the fraud.</em><p></p>
<p>• <strong><a href="https://theconversation.com/how-to-protect-yourself-from-drop-account-fraud-tips-from-our-investigative-unit-206840">How to protect yourself from drop account fraud – tips from our investigative unit</a>.</strong></p>
<p>• <strong><a href="https://theconversation.com/behind-the-scenes-of-the-investigation-heists-worth-billions-207158">Behind the scenes of the investigation</a></strong></p>
<p>• <strong><a href="https://theconversation.com/announcing-the-conversations-new-investigative-unit-were-looking-for-collaborators-in-academia-207394">Announcing The Conversation’s new investigative unit</a></strong></p><img src="https://counter.theconversation.com/content/206893/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from the National Science Foundation, the Criminal Investigations and Network Analysis Center at George Mason University, and other private grants which support the Evidence Based Cybersecurity research group. </span></em></p><p class="fine-print"><em><span>Kurt Eichenwald does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Check fraud is one of history’s oldest financial crimes and criminals are finding new ways to use it to steal billions from banks.David Maimon, Professor of Criminal Justice and Criminology, Georgia State UniversityKurt Eichenwald, Senior Investigative Editor, The ConversationLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2068402023-06-20T13:40:12Z2023-06-20T13:40:12ZHow to protect yourself from drop account fraud – tips from our investigative unit<figure><img src="https://images.theconversation.com/files/532280/original/file-20230615-15-z17k8.png?ixlib=rb-1.1.0&rect=11%2C187%2C2546%2C1388&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Loot stolen from the U.S. Postal Service is displayed on the dark web.</span> <span class="attribution"><span class="source">Via Evidence-Based Cybersecurity Research Group</span></span></figcaption></figure><h2>The types of crimes that use drop accounts are multiplying rapidly, but there are ways to decrease your chances of becoming a victim.</h2>
<ul>
<li>Do not mail checks from anywhere but your local post office. Not even your own mailbox is safe. <a href="https://theconversation.com/how-cybercriminals-turn-paper-checks-stolen-from-mailboxes-into-bitcoin-173796">The best option? Pay bills and send money online</a>.</li>
</ul>
<h2>Protect your identity online by following these steps</h2>
<ul>
<li>Guard your Social Security number. Never use it on medical forms - if asked, write “available upon request” - for a job interview, when applying for a grocery store reward card or when booking travel. If you believe the number has been compromised, <a href="https://faq.ssa.gov/en-us/Topic/article/KA-02220">contact the Social Security Administration to get a new one</a>.</li>
<li>Use only one credit card for online shopping, and never use a debit card.</li>
<li><a href="https://theconversation.com/choose-better-passwords-with-the-help-of-science-82361">Strengthen your online and mobile phone passwords</a>.</li>
<li>If you don’t expect to apply for a credit card or loan soon, <a href="https://www.consumerfinance.gov/ask-cfpb/what-does-it-mean-to-put-a-security-freeze-on-my-credit-report-en-1341/">freeze your credit with all three credit rating agencies</a>.</li>
<li><a href="https://theconversation.com/your-credit-report-is-a-key-part-of-your-privacy-heres-how-to-find-and-check-it-116999">Check your credit reports</a>.</li>
<li>Do not respond to preapproved credit card or loan offers delivered by mail, and, to reduce offers, consider <a href="https://www.optoutprescreen.com/">opting out of receiving these mailings</a>.</li>
<li>Shred your financial information; don’t simply throw it out.</li>
<li>Never give out personal information to anyone contacting you through unsolicited phone calls or emails. </li>
</ul>
<h2>To prevent fraud involving a tax return refund or any other tax issue</h2>
<ul>
<li>Complete and send in your tax return as early as possible, which makes it more difficult for someone to steal your refund. </li>
<li><a href="https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin">Establish an identity protection PIN with the IRS</a>, which only you and the agency will know. </li>
<li>If the IRS rejects your attempt to file your tax return, or if you receive any unusual mail from the agency such as a tax transcript you didn’t request, or it notifies you of suspicious activity, contact the agency at the number <a href="https://www.irs.gov/individuals/understanding-your-cp01c-notice">listed here</a> to report possible identity theft. </li>
<li>Pay any <a href="https://www.irs.gov/payments">taxes owed online</a>, not by check.</li>
</ul>
<h2>To prevent losses through business email compromise scams</h2>
<ul>
<li>Learn and teach employees basic email safety techniques. </li>
<li>Confirm urgent emails from supervisors or vendors demanding immediate wire transfers. In fact, urgent requests are the most suspicious.</li>
<li>Assure employees that double-checking whether these purportedly urgent emails came from the listed sender will not result in criticism or punishment. </li>
<li>Never purchase a gift card requested by a supervisor through email or text.</li>
<li>Human resources officials should never change bank accounts for direct deposit if employees ask by email or text. Always call to double-check that the request is real.</li>
</ul>
<hr>
<p></p><div style="float:right;width:205px;">
<a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz"><img alt="Graphic showing a masked criminal on a stamp and saying 'Heists worth billions'" class="ls-is-cached lazyloaded" data-src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip" src="https://images.theconversation.com/files/532510/original/file-20230618-28-hh0pox.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=200&fit=clip"></a></div>
<em>This article accompanies <strong><a href="https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz">Heists Worth Billions</a></strong>, an investigation from The Conversation that found criminal gangs using sham bank accounts and secret online marketplaces to steal from almost anyone – and uncovered just how little being done to combat the fraud.</em><p></p>
<ul>
<li><p><strong><a href="https://theconversation.com/behind-the-scenes-of-the-investigation-heists-worth-billions-207158">Behind the scenes of the investigation</a></strong></p></li>
<li><p><strong><a href="https://theconversation.com/announcing-the-conversations-new-investigative-unit-were-looking-for-collaborators-in-academia-207394">Announcing The Conversation’s new investigative unit</a></strong></p></li>
</ul><img src="https://counter.theconversation.com/content/206840/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Kurt Eichenwald does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber bank fraud is on the rise. Here are some important ways to protect yourself.Kurt Eichenwald, Senior Investigative Editor, The ConversationLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2064032023-05-26T05:04:02Z2023-05-26T05:04:02ZThe highly secretive Five Eyes alliance has disrupted a China-backed hacker group – in an unusually public manner<figure><img src="https://images.theconversation.com/files/528460/original/file-20230526-17-odlsck.jpg?ixlib=rb-1.1.0&rect=69%2C59%2C3233%2C2092&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Dennis Desmond</span>, <span class="license">Author provided</span></span></figcaption></figure><p>This week the Five Eyes alliance – an intelligence alliance between Australia, the United Kingdom, Canada, New Zealand and the United States – <a href="https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF">announced its investigation</a> into a China-backed threat targeting US infrastructure. </p>
<p>Using stealth techniques, the attacker – referred to as “Volt Typhoon” – exploited existing resources in compromised networks in a technique called “<a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3406058/nsa-and-partners-identify-china-state-sponsored-cyber-actor-using-built-in-netw/">living off the land</a>”.</p>
<p>Microsoft made a concurrent <a href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">announcement</a>, stating the attackers’ targeting of Guam was telling of China’s plans to potentially disrupt critical communications infrastructure between the US and Asia region in the future.</p>
<p>This comes hot on the heels <a href="https://www.nknews.org/pro/how-new-us-cybersecurity-task-force-can-effectively-target-north-korean-hackers/">of news</a> in April of a North Korean supply chain attack on Asia-Pacific telecommunications provider 3CX. In this case, hackers gained access to an employee’s computer using a compromised desktop app for Windows and a compromised signed software installation package.</p>
<p>The Volt Typhoon announcement has led to a rare admission by the US National Security Agency that Australia and other Five Eyes partners are engaged in a targeted search and detection scheme to uncover China’s clandestine cyber operations.</p>
<p>Such public admissions from the Five Eyes alliance are few and far between. Behind the curtain, however, this network is persistently engaged in trying to take down foreign adversaries. And it’s no easy feat. </p>
<p>Let’s take a look at the events leading up to Volt Typhoon – and more broadly at how this secretive transnational alliance operates.</p>
<h2>Uncovering Volt Typhoon</h2>
<p>Volt Typhoon is an “advanced persistent threat group” that has been active since at least mid-2021. It’s believed to be sponsored by the Chinese government and is targeting critical infrastructure organisations in the US. </p>
<p>The group has focused much of its efforts on Guam. Located in the Western Pacific, this US island territory is home to a significant and growing US military presence, including the air force, a contingent of the marines, and the US navy’s nuclear-capable submarines. </p>
<p>It’s likely the Volt Typhoon attackers intended to gain access to networks connected to US critical infrastructure to disrupt communications, command and control systems, and maintain a persistent presence on the networks. The latter tactic would allow China to influence operations during a potential conflict in the South China Sea. </p>
<p>Australia wasn’t directly impacted by Volt Typhoon, according to official statements. Nevertheless, it would be a primary target for similar operations in the event of conflict.</p>
<p>As for how Volt Typhoon was caught, this hasn’t been disclosed. But Microsoft documents highlight previous observations of the threat actor attempting to dump credentials and stolen data from the victim organisation. It’s likely this led to the discovery of compromised networks and devices.</p>
<h2>Living-off-the-land</h2>
<p>The hackers initially gained access to networks through internet-facing Fortinet FortiGuard devices, such as routers. Once inside, they employed a technique called “living-off-the-land”. </p>
<p>This is when attackers rely on using the resources already contained within the exploited system, rather than bringing in external tools. For example, they will typically use applications such as PowerShell (a Microsoft management program) and Windows Management Instrumentation <a href="https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/">to access</a> data and network functions.</p>
<p>By using internal resources, attackers can bypass safeguards that alert organisations to unauthorised access to their networks. Since no malicious software is used, they appear as a legitimate user. As such, living-off-the-land allows for lateral movement within the network, and provides opportunity for a persistent, long-term attack.</p>
<p>The simultaneous announcements from the Five Eyes partners points to the seriousness of the Volt Typhoon compromise. It will likely serve as a warning to other nations in the Asia-Pacific region.</p>
<h2>Who are the Five Eyes?</h2>
<p><a href="https://www.theguardian.com/world/2013/dec/02/history-of-5-eyes-explainer">Formed in 1955</a>, the Five Eyes alliance is an intelligence-sharing partnership comprising Australia, Canada, New Zealand, the UK and the US. </p>
<p>The alliance was formed after World War II to counter the potential influence of the Soviet Union. It has a specific focus on signals intelligence. This involves intercepting and analysing signals such as radio, satellite and internet communications. </p>
<p>The members share information and access to their respective signals intelligence agencies, and collaborate to collect and analyse vast amounts of global communications data. A Five Eyes operation might also include intelligence provided by non-member nations and the private sector.</p>
<p>Recently, the member countries expressed concern about China’s de facto military control <a href="https://theconversation.com/explainer-why-is-the-south-china-sea-such-a-hotly-contested-region-143435">over the South China Sea</a>, its suppression of <a href="https://theconversation.com/china-is-taking-a-risk-by-getting-tough-on-hong-kong-now-the-us-must-decide-how-to-respond-139294">democracy in Hong Kong</a>, and threatening moves towards Taiwan. The latest public announcement of China’s cyber operations no doubt serves as a warning that Western nations are paying strict attention to their critical infrastructure – and can respond to China’s digital aggression.</p>
<p>In 2019, Australia was <a href="https://theconversation.com/a-state-actor-has-targeted-australian-political-parties-but-that-shouldnt-surprise-us-111997">targeted</a> by Chinese state-backed threat actors gaining unauthorised access to Parliament House’s computer network. Indeed, there is evidence that China is engaged in a concerted <a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">effort to target</a> Australia’s public and private networks.</p>
<p>The Five Eyes alliance may well be one of the only deterrents we have against long-term, persistent attacks against our critical infrastructure.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/deterring-china-isnt-all-about-submarines-australias-cyber-offence-might-be-its-most-potent-weapon-204749">Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon</a>
</strong>
</em>
</p>
<hr>
<p> </p><img src="https://counter.theconversation.com/content/206403/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dr Desmond previously received funding through an ARC Linkage Grant and has worked with the US intelligence community and Five Eyes partners in the past. </span></em></p>The Five Eyes alliance is critical to hunting and detecting foreign cyber actors, but tends to work in secret.Dennis B. Desmond, Lecturer, Cyberintelligence and Cybercrime Investigations, University of the Sunshine CoastLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2054052023-05-11T05:16:47Z2023-05-11T05:16:47ZIt’s being called Russia’s most sophisticated cyber espionage tool. What is Snake, and why is it so dangerous?<figure><img src="https://images.theconversation.com/files/525550/original/file-20230511-15-nzjt8r.jpeg?ixlib=rb-1.1.0&rect=6%2C41%2C1016%2C981&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock AI</span></span></figcaption></figure><p>Like most people I check my emails in the morning, wading through a combination of work requests, spam and news alerts peppering my inbox.</p>
<p>But yesterday brought something different and deeply disturbing. I noticed an alert from the American Cybersecurity and Infrastructure Security Agency (<a href="https://www.cisa.gov/news-events/cybersecurity-advisories">CISA</a>) about some very devious <a href="https://www.bing.com/videos/search?q=what+is+malware&qft=+filterui:duration-short&view=detail&mid=FE061B5C45296C83E456FE061B5C45296C83E456&&FORM=VRDGAR&ru=/videos/search?&q=what+is+malware&qft=+filterui:duration-short&FORM=VRFLTR">malware</a> that had infected <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a">a network of computers</a>.</p>
<p>The malware in question is Snake, a cyber espionage tool deployed by Russia’s Federal Security Service that has been around for about 20 years. </p>
<p>According to CISA, the Snake implant is the “most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service for long-term intelligence collection on sensitive targets”.</p>
<h2>The stealthy Snake</h2>
<p>The Russian Federal Security Service developed the Snake network in 2003 to conduct global <a href="https://www.techtarget.com/searchsecurity/definition/cyber-espionage">cyber espionage</a> operations against NATO, companies, research institutions, media organisations, financial services, government agencies and more. </p>
<p>So far, it has been detected on Windows, Linux and macOS computers in more than 50 countries, including <a href="https://www.cyber.gov.au/about-us/advisories/hunting-russian-intelligence-snake-malware">Australia</a>. </p>
<p>Elite Russian cyber espionage teams put the malware on a target’s computer, copy sensitive information of interest and then send it to Russia. It’s a simple concept, cloaked in masterful technical design.</p>
<p>Since its creation, Russian cyber spies have regularly <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">upgraded the Snake malware</a> to avoid detection. The current version is cunning in how it <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">persistently</a> evades detection and protects itself.</p>
<p>Moreover, the Snake network can disrupt critical <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a">industrial control systems</a> that manage our buildings, hospitals, energy systems, water and wastewater systems, among others – so the risks went beyond just intelligence collection. </p>
<p>There are warnings that in a couple of years bad actors may gain the capability to hijack critical Australian infrastructure and cause unprecedented harm by interfering <a href="https://ia.acs.org.au/article/2021/industrial-cyber-attacks-will-kill-someone-by-2025.html">with physical operations</a>. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1656064279148396546"}"></div></p>
<h2>Snake hunting</h2>
<p>On May 9, the US Department of Justice <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">announced</a> the Federal Bureau of Investigation had finally disrupted the global Snake <a href="https://www.digitalcitizen.life/what-is-p2p-peer-to-peer/">peer-to-peer network</a> of infected computers.</p>
<p>The covert network allowed infected computers to collect sensitive information. The Snake malware then disguised the sensitive information through sophisticated <a href="https://us.norton.com/blog/privacy/what-is-encryption">encryption</a>, and sent it to the spy masters.</p>
<p>Since the Snake malware used custom <a href="https://www.comptia.org/content/guides/what-is-a-network-protocol">communication protocols</a>, its covert operations remained undetected for decades. You can think of custom protocols as a way to transmit information so it can go undetected.</p>
<p>However, with Russia’s war in Ukraine and the rise in cybersecurity activity over the past few years, the FBI has increased its monitoring of Russian cyber threats.</p>
<p>While the Snake malware is an elegantly designed piece of code, it is complex and needs to be precisely deployed to avoid detection. According to the Department of Justice’s press release, Russian cyber spies were careless in more than a few instances and did not deploy it as designed. </p>
<p>As a result, the Americans discovered Snake, and crafted a response.</p>
<h2>Snake bites</h2>
<p>The FBI received a court order to <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">dismantle Snake</a> as part of an operation code-named MEDUSA.</p>
<p>They developed a tool called PERSEUS that causes the Snake malware to <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">disable</a> itself and stop further infection of other computers. The <a href="https://www.cyber.gov.au/about-us/advisories/hunting-russian-intelligence-snake-malware">PERSEUS</a> tool and instructions are freely available to guide detection, patching and remediation.</p>
<p>The Department of Justice <a href="https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled">advises</a> that PERSEUS only stops this malware on computers that are already infected; it does not <a href="https://blogs.iuvotech.com/what-is-patching-and-why-is-it-important">patch</a> vulnerabilities on other computers, or search for and remove other malware. </p>
<p>Even though the Snake network has been disrupted, the department warned <a href="https://www.splunk.com/en_us/blog/learn/vulnerability-vs-threat-vs-risk.html">vulnerabilities</a> may still exist for users, and they should follow safe <a href="https://www.digitalguardian.com/blog/what-cyber-hygiene-definition-cyber-hygiene-benefits-best-practices-and-more">cybersecurity hygiene</a> practices. </p>
<h2>Snake bite treatment</h2>
<p>Fortunately, effective cybersecurity hygiene isn’t overly complicated. <a href="https://www.microsoft.com/en/security/business/microsoft-digital-defense-report-2022">Microsoft</a> has identified five activities that protect against 98% of cybersecurity attacks, whether you’re at home or work.</p>
<ol>
<li><p><a href="https://www.onelogin.com/learn/what-is-mfa">Enable multi-factor authentication</a> across all your online accounts and apps. This login process requires multiple steps such as entering your password, followed by a code received through a SMS message – or even a biometric fingerprint or secret question (favourite drummer? Ringo!).</p></li>
<li><p><a href="https://www.csoonline.com/article/3695697/what-is-zero-trust-and-why-is-it-so-important.html">Apply “zero trust” principles</a>. It’s best practice to authenticate, authorise and continuously validate all system users (internal and external) to ensure they have the right to use the systems. The zero trust approach should be applied whether you’re using computer systems at work or home.</p></li>
<li><p><a href="https://www.cyber.gov.au/protect-yourself/securing-your-devices/how-secure-your-device/anti-virus-software">Use modern anti-malware</a> programs. Anti-malware, also known as antivirus software, protects and removes malware from our systems, big and small.</p></li>
<li><p><a href="https://www.techtarget.com/whatis/feature/5-reasons-software-updates-are-important">Keep up to date</a>. Regular system and software updates not only help keep new applications secure, but also patch vulnerable areas of your system.</p></li>
<li><p><a href="https://geekflare.com/data-backup-best-practices/">Protect your data</a>. Make a copy of your important data, whether it’s a physical printout or on an external device disconnected from your network, such as an external drive or USB.</p></li>
</ol>
<p>Like most Australians, I have been a victim of a cyberattack. And between the recent <a href="https://www.abc.net.au/news/2023-04-21/optus-hack-class-action-customer-privacy-breach-data-leaked/102247638">Optus</a> data breach and the <a href="https://www.abc.net.au/news/2022-10-15/woolworths-mydeal-cyber-attack-hack-information-leaked/101539686">Woolworths MyDeal</a> and <a href="https://www.afr.com/technology/cyber-experts-worry-as-medibank-puts-hack-behind-it-20230223-p5cn10">Medibank</a> attacks, people are catching on to just how dire the consequences of these events can be. </p>
<p>We can expect malicious cyberattacks to increase in the future, and their impact will only become more severe. The Snake malware is a sophisticated piece of software that raises yet another concern. But in this case, we have the antidote and can protect ourselves by proactively following the above steps. </p>
<p>If you have concerns about the Snake malware you can read more <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3389044/us-agencies-and-allies-partner-to-identify-russian-snake-malware-infrastructure/">here</a>, or speak to the fine folks at your IT service desk.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">Holding the world to ransom: the top 5 most dangerous criminal organisations online right now</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/205405/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Greg Skulmoski works at Bond University and having it's academics comment on the news elevates Bond University's reputation. </span></em></p>The Snake network has been detected in more than 50 countries, including Australia.Greg Skulmoski, Associate Professor, Project Management, Bond UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2009852023-03-20T18:51:40Z2023-03-20T18:51:40ZProtecting children from exploitation means rethinking how we approach online behaviour<figure><img src="https://images.theconversation.com/files/514964/original/file-20230313-1698-qqk3ao.jpg?ixlib=rb-1.1.0&rect=0%2C86%2C5248%2C3406&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Perpetrators often utilize the numerous social media, messaging apps, games and forums available online to initiate contact with potential victims.</span> <span class="attribution"><span class="source">(Shutterstock)</span></span></figcaption></figure><p>Raising children in the digital age is increasingly challenging. Many younger people are relying more on screens for social interactions. They experiment with new media sharing options, such as TikTok, Snapchat and BeReal, but without necessarily having the ability to consider long-term consequences. </p>
<p>This is normal, as children still have an <a href="https://www.aacap.org/AACAP/Families_and_Youth/Facts_for_Families/FFF-Guide/The-Teen-Brain-Behavior-Problem-Solving-and-Decision-Making-095.aspx">underdeveloped prefrontal cortex</a>: the part of the brain that is responsible for reasoning, decision-making and impulse control.</p>
<p>Parents, who are tasked with anticipating the consequences of digital interactions, are overwhelmed. Many parents might lack the digital literacy to guide their children through the numerous social media options, messaging apps and other online platforms available today. </p>
<p>This situation can lead to children falling victim to online sexual exploitation. <a href="https://doi.org/10.17705/1jais.00652">In our research</a>, we collected data from a diverse group of experts in the U.S. and U.K. This included interviews with internet safety non-profits, safeguarding teams, cybercrime police officers, digital forensics staff and directors of intelligence. A main cause behind the <a href="https://2017-2021.state.gov/online-sexual-exploitation-of-children-an-alarming-trend/index.html">rapid escalation</a> of online child sexual exploitation is the ability to share explicit content online. </p>
<p>Our research unveiled four distinct stages used by perpetrators. </p>
<h2>Perpetrators and escalation</h2>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=444&fit=crop&dpr=1 600w, https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=444&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=444&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=558&fit=crop&dpr=1 754w, https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=558&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/514769/original/file-20230311-20-9x2k1u.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=558&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A figure showing how child sexual exploitation takes place online.</span>
<span class="attribution"><span class="source">Author provided</span></span>
</figcaption>
</figure>
<p>In <strong>Stage 1</strong>, perpetrators utilize various technological tools and networks, such as social media, messaging apps, games and online forums, to initiate contact with potential victims. They often create false identities by using fake images to develop convincing digital personas, through which they approach children, such as pretending to be a “new kid on the block” seeking new friends.</p>
<p>In <strong>Stage 2</strong>, perpetrators use tactics like posing as a similar-aged child to build trust with potential victims. This can happen over a considerable period of time. In one case we studied, a 12-year-old in Lee County, N.C., received 1,200 messages from the same perpetrator over 2 years. During this stage, offenders may send their own explicit images to lower a victim’s suspicion, and may target multiple victims until successful.</p>
<p>In <strong>Stage 3</strong>, perpetrators engage in online extortion. <a href="https://www.cbc.ca/news/canada/manitoba/teen-boys-sextortion-scams-data-1.6541791">They use photographs provided by victims or manipulate innocent photos to appear sexual or pornographic</a>. Perpetrators then share these images to their victims to keep them in a state of suspended humiliation. This is further escalated when perpetrators threaten to share these embarrassing images with the victim’s friends, teachers or family unless their victims send more explicit photos or videos.</p>
<p>Many extortion techniques and direct threats are being used at this stage. It is difficult to imagine the psychological pressures this can create for children. In one case described to us, a 12-year-old girl uploaded 660 sexually explicit images of herself to a cloud-based storage account controlled by a 25-year-old perpetrator before seeking help.</p>
<p>In <strong>Stage 4</strong>, perpetrators start trafficking these images on <a href="https://www.computerworld.com/article/2588287/networking-peer-to-peer-network.html">peer-to-peer networks</a>, the dark web and even child pornographic networks.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/3vDe0EVUYMI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A video outlining how child sexual exploitation can take place online.</span></figcaption>
</figure>
<h2>Preventing online exploitation</h2>
<p>There are common mistakes that parents can avoid to help prevent exploitation. By sharing these, it is our hope that parents, policymakers, school boards and even children will rethink their approach to online behaviour.</p>
<p><strong>1. “That won’t happen to us!”</strong>
Many victims and their families fall prey to <a href="https://thedecisionlab.com/biases/optimism-bias">optimism bias</a>, thinking that negative events are unlikely to happen to them. However, online crimes can affect anyone. Unfortunately, these incidents occur more frequently than most people realize. No family is exempt from the potential dangers of the online world.</p>
<p><strong>2. “Everyone else is doing it!”</strong>
Parents oversharing pictures of their children online has become commonplace. Many cannot resist the pressure or temptation to post photos of their children on social media. Very often, it is these photographs that are edited and distorted to appear as pornographic. All family members need to resist the pressure to overshare pictures online.</p>
<p><strong>3. “My kids don’t mind!”</strong>
Many children today have a digital presence that was initiated and maintained by their parents without their consent. This disregard for children’s privacy not only undermines their autonomy, but can also have a <a href="https://www.nytimes.com/2019/09/02/opinion/children-internet-privacy.html">lasting impact on their self-confidence</a>, their personal and professional future, and the parent-child relationship. </p>
<p>Creating a digital life for children at a young age could also desensitize them to the importance of online privacy. The assumption that children will not mind is erroneous. In one case, a court in Rome <a href="https://www.independent.co.uk/news/world/europe/facebook-fines-woman-son-photos-post-social-media-court-italy-rome-a8155361.html">decided that a mother should take down all images of her son from Facebook</a> and pay a €10,000 fine if she continued to post photos without his consent.</p>
<p><strong>4. “We cannot keep up with their technology!”</strong>
Many parents are overwhelmed and intimidated when they cannot keep up with their kids. As technology continues to play a critical role in children’s lives, improving digital literacy of parents through online resources and schools needs to become a priority. Parents need to seek and receive support to understand the technology their children are using.</p>
<p><strong>5. “They’re just online, talking to friends!”</strong>
Despite being very involved and interested in who their children talk to on the way home from school or at their friends’ houses, parents might not be as aware of who their children talk to online. Just like they show an interest in their child’s real-world interactions, the benefits and dangers of online behaviour need to be an equally important and frequent topic of conversation. </p>
<p>Online child sexual exploitation is a grave and multifaceted issue that demands our unwavering attention. Only by carefully considering these critical concerns can we hope to prevent children from falling victim to these crimes.</p><img src="https://counter.theconversation.com/content/200985/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dionysios Demetis has received funding from HEIF. </span></em></p><p class="fine-print"><em><span>Jan Kietzmann does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Many children and adolescents fall victim to online exploitation, but there are some steps parents can take to protect their children online.Jan Kietzmann, Professor, Gustavson School of Business, University of VictoriaDionysios Demetis, Senior Lecturer in Management Systems, University of HullLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2006442023-03-20T04:45:51Z2023-03-20T04:45:51ZScammers can slip fake texts into legitimate SMS threads. Will a government crackdown stop them?<figure><img src="https://images.theconversation.com/files/515987/original/file-20230317-16-etb4gn.jpeg?ixlib=rb-1.1.0&rect=0%2C0%2C4500%2C2775&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Are you tired of receiving SMS scams pretending to be from Australia Post, the tax office, MyGov and banks? You’re not alone. Each year, thousands of Australians fall victim <a href="https://theconversation.com/being-bombarded-with-delivery-and-post-office-text-scams-heres-why-and-what-can-be-done-167975">to SMS scams</a>. And losses <a href="https://www.scamwatch.gov.au/scam-statistics">have surged</a> in recent years. </p>
<p>In 2022 SMS scam losses exceeded A$28 million, which is nearly triple the amount from 2021. This year they’ve already reached A$4 million – more than the 2020 total. These figures are probably much higher if you include unreported losses, as victims often won’t speak up due to shame and social stigma. </p>
<p>Last month, the federal government announced plans to fight SMS-based scams by implementing an SMS sender ID registry. Under this system, organisations that want to SMS customers will first have to register their sender ID with a government body. </p>
<p>What kinds of scams would the proposed registry help prevent? And is it too little, too late? </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/we-have-filed-a-case-under-your-name-beware-of-tax-scams-theyll-be-everywhere-this-eofy-162171">'We have filed a case under your name': beware of tax scams — they'll be everywhere this EOFY</a>
</strong>
</em>
</p>
<hr>
<h2>Sender ID manipulation</h2>
<p>One of the more concerning types of SMS scams is when fraudulent messages creep into legitimate message threads, making it difficult to differentiate between a <a href="https://7news.com.au/business/finance/major-aussie-banks-warn-of-new-text-message-scam-c-6257180">legitimate service and a scam</a>.</p>
<p>SMS is an older technology that lacks many modern security features, including end-to-end encryption and origin authentication (which lets you verify whether a message is sent by the claimed sender). The absence of the latter is the reason we see highly believable scams like the one below.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=694&fit=crop&dpr=1 600w, https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=694&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=694&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=872&fit=crop&dpr=1 754w, https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=872&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/514108/original/file-20230308-14-5zv41z.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=872&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">An example of a scam SMS message ending up in a legitimate message thread.</span>
<span class="attribution"><span class="source">Luu Y Nhi Nguyen</span></span>
</figcaption>
</figure>
<p>There are two main types of SMS:</p>
<ul>
<li><p>peer-to-peer (P2P) is what most people use to send messages to friends and family</p></li>
<li><p>application-to-person (A2P) is a way for companies to send messages in bulk through the use of a web portal or application. </p></li>
</ul>
<p>The problem with A2P messaging is that applications can be used to enter any text or number (or combination) in the sender ID field – and the recipient’s phone uses this sender ID to group messages into threads. </p>
<p>In the example above, the scammer would have simply needed to write “ANZ” in the sender ID field for their fraudulent message to show up in the real message thread with ANZ. And, of course, they could still impersonate ANZ even if no previous legitimate thread existed, in which case it would show up in a new thread.</p>
<p>Web portals and apps offering A2P services generally don’t do their due diligence and check whether a sender is the actual owner of the sender ID they’re using. There are also no requirements for telecom companies to verify this. </p>
<p>Moreover, telecom providers generally can’t block scam SMS messages due to how difficult it is to distinguish them from genuine messages.</p>
<h2>How would sender ID registration help?</h2>
<p>Last year the Australian Communications and Media Authority introduced <a href="https://www.acma.gov.au/articles/2022-07/new-rules-fight-sms-scams">new rules</a> for the telecom industry to combat SMS scams by tracing and blocking them. The Reducing Scam Calls and Scam Short Messages Industry Code required providers to share threat intelligence about scams and report them to authorities.</p>
<p>In January, A2P texting solutions company Modica <a href="https://www.acma.gov.au/sites/default/files/2023-02/Direction%20to%20Comply%20-%20Modica.pdf">received a warning</a> for failing to comply with the rules. <a href="https://www.acma.gov.au/sites/default/files/2023-02/Investigation%20report%20-%20Modica%20Group%20Limited_0.pdf">ACMA found</a> Modica didn’t have proper procedures to verify the legitimacy of text-based SMS sender IDs, which allowed scammers to reach many mobile users in Australia.</p>
<p>Although ACMA’s code is useful, it’s challenging to identify all A2P providers who aren’t following it. More action was needed. </p>
<p>In February, the <a href="https://www.smh.com.au/business/consumer-affairs/proposed-sms-registry-could-block-scams-that-cost-australians-over-1m-a-day-20230212-p5cjw2.html">government instructed</a> ACMA to explore establishing an SMS sender ID registry. This would essentially be a whitelist of all alphanumeric sender IDs that can be legitimately used in Australia (such as “ANZ”, “T20WorldCup” or “Uber”).</p>
<p>Any company wanting to use a sender ID would have to provide identification and register it. This way, telecom providers could refer to the registry and block suspicious messages at the network level – allowing an extra defence in case A2P providers don’t do their due diligence (or become compromised).</p>
<p>It’s not yet decided what identification details an Australia registry would collect, but these could include sender numbers associated with an organisation, and/or a list of A2P providers they use. </p>
<p>So, if there are messages being sent by “ANZ” from a number that ANZ hasn’t registered, or through an A2P provider ANZ hasn’t nominated, the telecom provider could then flag these as scams.</p>
<p>An SMS sender ID registry would be a positive step, but arguably long overdue and sluggishly taken. The <a href="https://mobileecosystemforum.com/2020/04/22/industries-unite-to-tackle-sms-fraudsters-exploiting-covid-19-text-alerts/">UK</a> and <a href="https://www.sgnic.sg/smsregistry/rules-of-registration">Singapore</a> have had similar systems in place since 2018 and last year, respectively. But there’s no clear timeline for Australia. Decision makers must act quickly, bearing in mind that adoption by telecom providers will take time.</p>
<h2>Remaining alert</h2>
<p>An SMS sender ID registry will reduce company impersonation, but it won’t prevent all SMS scams. Scammers can still use regular sender numbers for scams such as the “<a href="https://www.accc.gov.au/media-release/accc-warning-of-suspicious-messages-as-hi-mum-scams-spike">Hi Mum</a>” scam.</p>
<p>Also, as SMS security comes under increased scrutiny, bad actors may shift to messaging apps such as WhatsApp or Viber, in which case regulatory control will be challenging. </p>
<p>These apps are often end-to-end encrypted, which makes it very difficult for regulators and service providers to detect and block scams sent through them. So even once a registry is established, whenever that may be, users will need to <a href="https://www.sydney.edu.au/news-opinion/news/2019/10/11/how-to-stay-safe-online.html">remain alert</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australians-lost-more-than-10-million-to-scammers-last-year-follow-these-easy-tips-to-avoid-being-conned-109728">Australians lost more than $10 million to scammers last year. Follow these easy tips to avoid being conned</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/200644/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A new proposal aims to prevent SMS scams by introducing a national SMS sender ID registry.Suranga Seneviratne, Senior Lecturer - Security, University of SydneyCarol Hsu, Professor of Business Information Systems, University of SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1942692023-01-18T12:02:53Z2023-01-18T12:02:53ZHow to spot a cyberbot – five tips to keep your device safe<figure><img src="https://images.theconversation.com/files/504652/original/file-20230116-12-67n97i.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C4704%2C2682&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Malware is designed to hide in your device </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-illustration/illustration-insecure-network-world-wide-computer-1093142627">Jaiz Anuar/Shutterstock</a></span></figcaption></figure><p>You may know nothing about it, but your phone – or your laptop or tablet – could be taken over by someone else who has found their way in through a back door. They could have infected your device with malware to make it a “bot” or a “zombie” and be using it – perhaps with hundreds of other unwitting victims’ phones – to launch a cyberattack. </p>
<p>Bot is short for robot. But cyberbots don’t look like the robots of science fiction such as R2-D2. They are software applications that perform repetitive tasks they have been programmed to do. They only become malicious when a human operator (a “botmaster”) uses it to infect other devices. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=222&fit=crop&dpr=1 600w, https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=222&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=222&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=279&fit=crop&dpr=1 754w, https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=279&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/504005/original/file-20230111-12-lolh45.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=279&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The botmaster controls their zombies via a command and control server (C&C)</span>
<span class="attribution"><span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>Botmasters use thousands of zombies to form a network (“botnets”), unknown to their owners. The botnet lies dormant until the number of infected computers reaches a critical mass. This is when the botmaster initiates an attack. An attack could involve hundreds of thousands of bots, which target a single or very small number of victims. </p>
<p>This type of attack is called a <a href="https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/">distributed denial-of-service (DDoS)</a> attack. Its aim is to overwhelm the resources of a website or service with network data traffic.</p>
<p>Attacks are measured by how many connection requests (for example website/browser connections) and by how much data they can generate per second. Usually a lone bot can only generate a few Mbps of traffic. The power of a botnet is in its numbers.</p>
<h2>Are bots illegal?</h2>
<p>Not entirely. Anyone can buy a botnet. “Botnets-for-hire” services <a href="https://www.imperva.com/learn/ddos/booters-stressers-ddosers/">start from $23.99</a> (£19.70) monthly from private vendors. The largest botnets tend to be sold by reference. These services are sold so you can test your personal or company service against such attacks. However, it wouldn’t take much effort to launch an illegal attack on someone you disagree with later on. </p>
<p>Other <a href="https://netacea.com/glossary/good-bots-vs-bad-bots/">legitimate uses</a> of bots include chatting online to customers with automated responses as well as collecting and aggregating data, such as digital marketing. Bots can also be used for online transactions.</p>
<p>Botnet malware is designed to work undetected. It acts like a sleeper agent, keeping a low profile on your system once it’s installed. However, there are some simple ways to check if you think you might be part of a botnet.</p>
<h2>Antivirus protection</h2>
<p>Computer operating systems (such as Windows) come with antivirus protection installed by default, which offers the first line of defence. Antivirus software uses signature analysis. When a security company detects malware, it will make a unique signature for the malware and add it to a database. </p>
<p>But not all malware is known. </p>
<p>More advanced types of antivirus detection solutions include “heuristic” and “behaviour” techniques. Heuristic detection scans algorithm code for suspect segments. Behaviour detection tracks programs to check if they’re doing something they should not (such as Microsoft Word trying to change antivirus rules). Most antivirus packages have these features to a greater or lesser degree but <a href="https://www.av-comparatives.org/">compare different products side by side to side</a> to see if they meet your needs.</p>
<h2>Use a firewall</h2>
<p>Computers are more vulnerable when connected to the internet. Ports, input devices with an assigned number that run on your computer, are one of the parts that become more exposed. These ports allow your computer to send and receive data. </p>
<p>A firewall will block specific data or ports to keep you safe. But bots are harder to detect if the botmaster uses encrypted channels (the firewall can’t read encrypted data like Hypertext Transfer Protocol Secure (https) data). </p>
<p>Investing in a new broadband router rather than using the one your broadband provider sends can help, especially if it features advanced network-based firewalls, web security/URL filtering, flow detection and intrusion detection and prevention systems.</p>
<h2>Behaviour and decisions</h2>
<p>Ignoring system and software updates leaves you vulnerable to security threats. Your computer data should also be backed up on a regular basis. </p>
<p>Don’t use <a href="https://heimdalsecurity.com/blog/why-removing-admin-rights-closes-critical-vulnerabilities-in-your-organization/">administrator accounts</a>for regular computer access for both home and business use. Create a separate user account even for your personal laptop, without admin privileges. It is much easier for attackers to introduce malware via a phishing attack or gain those credentials by using impersonation when you are logged into an administrator account. Think twice before downloading new apps and only install programs that are digitally verified by a trusted company. </p>
<p>Many attacks, such as ransomware, only work when <a href="https://www.ncsc.gov.uk/information/how-cyber-attacks-work">people lack awareness</a>. So keep up to date with the latest information about techniques cybercriminals use. </p>
<h2>Use an alternative domain name service</h2>
<p>Usually your internet provider handles this automatically for you (linking website addresses to network addresses and vice versa). But botnets often use domain name services to distribute malware and issue commands. </p>
<figure class="align-center ">
<img alt="Young hacker in the dark breaks the access to steal information and infect computers and systems." src="https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=401&fit=crop&dpr=1 600w, https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=401&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=401&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/504653/original/file-20230116-20-vp6fjx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Botmasters need to infect thousands of devices to create their network of zombies.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-hacker-dark-breaks-access-steal-574105036">Artem Oleshko/Shutterstock</a></span>
</figcaption>
</figure>
<p>You can manually check patterns of known botnet attacks <a href="https://www.opendns.com/home-internet-security/">from sites such as OpenDNS</a> against your computer records. </p>
<h2>What if I think I have a botnet infection?</h2>
<p>Signs your device is a zombie include websites opening slowly, the device running slower than usual or behaving oddly such as app windows opening unexpectedly. </p>
<p>Have a look at what programs are running. On Windows for example, open Task Manager to do a brief survey to see if anything looks suspicious. For example, is a web browser running despite the fact you have not opened any websites?</p>
<p>For more information look at guides to <a href="https://thegeekpage.com/view-the-running-processes/">viewing Windows computer processes</a>. Other tools include <a href="https://www.netlimiter.com/">Netlimiter for Windows</a> and <a href="https://www.obdev.at/products/littlesnitch/index.html">Little Snitch for Mac</a>.</p>
<p>When there have been news reports of a botnet attack, you might want to take a look at <a href="https://checkip.kaspersky.com/">reputable botnet status sites</a> which offer <a href="https://capturelabs.sonicwall.com/m/feature/ip-reputation-lookup/">free checks</a> to see if your network has an infected computer.</p>
<p>If your computer has a botnet infection it either needs to be removed by antivirus software. Some types of malware with features like <a href="https://www.crowdstrike.com/cybersecurity-101/malware/rootkits/">rootkit functionality</a> are notoriously hard to remove. In this case your computer’s data (including the operating system) should be deleted and restored. Another reason to back your computer up on a regular basis - anything not backed up will be lost.</p><img src="https://counter.theconversation.com/content/194269/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>How to know if your computers are infected for use in a distributed denial of service attack.Adrian Winckles, Senior Lecturer, School of Computing and Information Science, Anglia Ruskin UniversityAndrew Moore, Senior Lecturer Practitioner in Cyber and Networking, Anglia Ruskin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1945322022-11-16T02:35:21Z2022-11-16T02:35:21ZA new cyber taskforce will supposedly ‘hack the hackers’ behind the Medibank breach. It could put a target on Australia’s back<figure><img src="https://images.theconversation.com/files/495540/original/file-20221116-23-4j6jho.jpeg?ixlib=rb-1.1.0&rect=287%2C0%2C7700%2C4311&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The Australian government is launching an offensive against cybercriminals, following a data breach that has exposed millions of people’s personal information.</p>
<p>On November 12, Minister for Cyber Security Clare O'Neil <a href="https://www.abc.net.au/news/2022-11-12/medibank-cyber-hack-optus-data-breach-task-force-afp/101647168">announced a taskforce</a> to “hack the hackers” behind the recent Medibank data breach. </p>
<p>The taskforce will be a first-of-its-kind permanent, joint collaboration between Australian Federal Police and the Australian Signals Directorate. Its 100 or so operatives will use the same cyber weapons and tactics as cybercriminals use, to hunt them down and eliminate them as a threat.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1591591081526775809"}"></div></p>
<p>Details on how the taskforce will operate remain murky, partly because it needs to keep this information away from criminals. But the fact remains that taking an offensive stance, while it <em>could</em> deter further attacks, could also put a big red cross on Australia’s back. </p>
<h2>Australia punches back</h2>
<p>It was only in 2016 that the Australian government first <a href="https://www.aspi.org.au/report/australias-offensive-cyber-capability">publicly acknowledged</a> it has <a href="https://www.theguardian.com/technology/2016/apr/21/malcolm-turnbull-reveals-cyber-attacks-breached-agencies">offensive cyber capabilities</a> housed in the Australian Signals Directorate – and that these are used against offshore cybercriminals. The admission came from then prime minister, Malcolm Turnbull, following attacks on the Bureau of Meteorology and Department of Parliamentary Services. </p>
<p>Australia has <a href="https://www.aspi.org.au/report/australias-offensive-cyber-capability">used cyber offensive</a> strategies a number of times in the past. This has included <a href="https://www.theguardian.com/technology/2016/nov/23/australia-taking-cyber-fight-to-isis-malcolm-turnbull-to-confirm#top">operations against</a> ISIS and, more recently, efforts to <a href="https://www.zdnet.com/article/australia-on-the-cyber-offence-to-bring-down-covid-19-scammers">disable scammers’ infrastructure</a> and access to stolen data at the start of the pandemic. Details of intelligence operations are generally kept under wraps, especially where the Australian Signals Directorate is involved.</p>
<h2>How might the taskforce operate?</h2>
<p>Minister O'Neil has said <a href="https://minister.homeaffairs.gov.au/ClareONeil/Pages/david-speers-interview-minister-clare-oneil-20221113.aspx">the new taskforce will</a>: </p>
<blockquote>
<p>scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber attacks and disrupt their efforts. </p>
</blockquote>
<p>As to whether it could launch a counterattack on the Medibank hackers, the resources are there, but working out the kinks will be crucial. Australia’s intelligence agencies have more resources than the average organised cyber gang, not to mention connections to other advanced intelligence agencies around the world.</p>
<p>However, one key issue with holding cybercriminals to account is attribution. A legitimate counterattack requires identifying the source of an attack beyond reasonable doubt. The Medibank data leak has been attributed to criminals based in Russia – most likely from, or at least associated with, the REvil cyber gang. </p>
<p>This assumption is based on similarities between existing REvil sites on the dark web and the extortion site hosting the stolen Medibank data, as well as other similarities between the Medibank attack and REvil’s previous attacks.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-do-we-know-about-revil-the-russian-ransomware-gang-likely-behind-the-medibank-cyber-attack-194337">What do we know about REvil, the Russian ransomware gang likely behind the Medibank cyber attack?</a>
</strong>
</em>
</p>
<hr>
<p>That said, hackers can hide their identity by routing through (often unaware) third parties. So even if this attack is attributable to REvil, or its close associates, the attackers could easily deny involvement if taken to court.</p>
<p>The group could say its systems were used as unwitting hosts by another external perpetrator. Plausible deniability can almost always be maintained in such cases. Russia (and China) have had a <a href="https://www.afr.com/technology/scott-morrison-condemns-russia-for-cyber-attacks-20181004-h167iq">track record</a> of denying involvement in cyber espionage.</p>
<p>As such, it’s very difficult to prosecute cybercriminals – especially in cases where these criminals may be backed (officially or unofficially) <a href="https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801">by their government</a>. And if perpetrators can’t be put behind bars, they can simply lie low for a while before popping up somewhere else in cyberspace. </p>
<p>Beyond the Medibank hackers, the taskforce will also target other potential threats to Australia. In the case of inaccurate attribution in any of these operations, we might see tit-for-tat escalation. In a worst-case scenario, attacks based on incorrect attribution could start a cyberwar with another country.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know</a>
</strong>
</em>
</p>
<hr>
<h2>Defence before offence</h2>
<p>By actively seeking and trying to neutralise offshore gangs, Australia will put a target on its back. Russian-linked criminal gangs and others might be encouraged to retaliate and target our sectors, including critical infrastructure. </p>
<p>Boosting Australia’s cyber defences should be the top priority – arguably more so than retaliating. Especially since, even if the taskforce successfully mounts a counterattack on the Medibank hackers, it’s unlikely to recover any data stolen (since criminals make copies of stolen data). </p>
<p>Going after cybercriminals addresses the symptoms of the problem, not the root: the fact that our systems were vulnerable enough to be hacked in the first place. The Medibank breach, and <a href="https://www.abc.net.au/news/2022-11-12/medibank-cyber-hack-optus-data-breach-task-force-afp/101647168">the major Optus breach</a> preceding it, have both demonstrated that even businesses with seemingly strong cybersecurity protocols are vulnerable to attacks.</p>
<p>The best option from a rational and technical standpoint is to prevent, as much as possible, data being stolen in the first place. It might not be as flashy a solution, but it’s the best one in the longer term.</p><img src="https://counter.theconversation.com/content/194532/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mamoun Alazab does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Beyond neutralising the cybercriminals behind the Medibank breach, the taskforce will also seek out and attack other potential threats.Mamoun Alazab, Associate Professor, College of Engineering, IT and Environment, Charles Darwin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1945162022-11-14T04:25:00Z2022-11-14T04:25:00ZAustralia is considering a ban on cyber ransom payments, but it could backfire. Here’s another idea<figure><img src="https://images.theconversation.com/files/495021/original/file-20221114-22-36d2ni.jpeg?ixlib=rb-1.1.0&rect=0%2C0%2C2955%2C1971&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>First Optus, now Medibank; in less than two months we’ve experienced two of the largest personal data breaches in Australia’s history. In both cases the hackers attempted, and failed, to extort a ransom in exchange for not releasing personal data. </p>
<p>So far the Optus hackers have released only a small sample of data, and claim to have <a href="https://theconversation.com/the-optus-hacker-claims-theyve-deleted-the-data-heres-what-experts-want-you-to-know-191494">deleted the rest</a>. On the other hand, the Medibank hackers have released the records of more than one million people – and have threatened to release more <a href="https://www.theguardian.com/australia-news/2022/nov/14/medibank-mental-health-data-posted-on-dark-web-as-russian-hackers-vow-to-keep-our-word">data on Friday</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know</a>
</strong>
</em>
</p>
<hr>
<p>With this looming threat, the Australian government is looking to bolster its cybersecurity defences — including through a taskforce set up <a href="https://www.sbs.com.au/news/article/elaines-data-was-stolen-in-the-medibank-hack-she-says-sorry-isnt-enough/4c7ktafnx">to retaliate against</a> the Medibank hackers. </p>
<p>Minister for Cyber Security Clare O'Neil has said the government is also considering making ransom payments <a href="https://au.finance.yahoo.com/news/australia-consider-banning-paying-ransoms-233202285.html">to cybercriminals illegal</a>. The idea has picked up steam – but would this cure be worse than the disease?</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1591591081526775809"}"></div></p>
<h2>The response to the Medibank hack</h2>
<p>The group behind the latest Medibank hack, currently being called “BlogXX”, has been linked to <a href="https://www.abc.net.au/news/2022-11-11/afp-reveal-more-information-on-medibank-hacker/101643794">Russian cybercriminal organisations</a> by the Australian Federal Police. It has known links to the notorious <a href="https://theconversation.com/what-do-we-know-about-revil-the-russian-ransomware-gang-likely-behind-the-medibank-cyber-attack-194337">REvil cyber gang</a> (which <a href="https://www.bbc.com/news/technology-59998925">was dismantled by</a> Russia’s Federal Security Service in January).</p>
<p>Large-scale cybercriminal gangs are able to extort high ransom payments from their victims. During <a href="https://www.bbc.com/news/technology-59998925">REvil’s arrest</a>, authorities seized the equivalent of A$12.8 million in cash, $7 million in crytpocurrency and 20 luxury cars. </p>
<p>There are multiple ways to decrease the profitability of data breaches for criminal organisations. The first is to make hacks more difficult, making it more time-consuming for the hackers to break into computers. </p>
<p>This could be achieved by increasing fines for organisations that fail to follow best practices in cybersecurity – a <a href="https://www.theguardian.com/australia-news/2022/oct/22/australian-companies-to-face-fines-of-50m-for-data-breaches">privacy reform that</a> was recently introduced in Australia and has passed through the lower house.</p>
<p>A second potential solution is to make ransomware payments illegal in Australia. Under some circumstances, it may <a href="https://www.homeaffairs.gov.au/cyber-security-subsite/files/tackling-ransomware-threat.pdf">already be illegal</a> for Australian organisations to pay a ransom, such as if the payment funds further criminal or terrorist activity of groups under sanction by the United Nations. </p>
<p>However, the <a href="https://www.wired.com/2016/12/hacker-lexicon-attribution-problem/">attribution of cyberattacks</a> is difficult, and it’s not always possible to know whether paying a particular group would be a crime. An organisation may pay a ransom, only to find out much later it has broken the law.</p>
<h2>When banning ransom payments works</h2>
<p>The idea of banning ransom payments isn’t new. In April, Nigeria criminalised <a href="https://www.aljazeera.com/news/2022/4/27/nigeria-outlaws-ransom-payments-abduction-punishable-by-death">ransom payments to kidnappers</a>. However, not paying kidnap ransoms in Nigeria has also resulted in deaths, which suggests this approach may end up <a href="https://theconversation.com/why-nigerian-kidnap-law-banning-families-from-paying-ransoms-may-do-more-harm-than-good-189427">punishing victims</a>. </p>
<p>Still, survey results show citizens and cybersecurity experts are generally in favour of banning ransomware payments. In a recent survey of UK residents by <a href="https://talion.net/wp-content/uploads/2021/06/RansomAware-press-release.pdf">security firm Talion</a>, 78% of respondents from the general public supported a ban, as did 79% of cybersecurity professionals.</p>
<p>A ban on ransom payments could quickly reduce the profits racked up by criminal gangs targeting Australia. </p>
<p>In cases like the recent Optus and Medibank hacks, where the ransom was demanded to “not leak” sensitive information, banning ransom payments may be a good idea. It could take the burden of making a decision away from the organisation targeted, and mitigate the public’s judgment of that decision. </p>
<p>It would also reduce (but not entirely remove) the possibility of criminals receiving ransom payments – and therefore make their operations less profitable. </p>
<h2>The problems with a ban</h2>
<p>However, unlike the Optus and Medibank breaches, many ransoms are paid to unlock encrypted computers. Some ransomware attacks involve the hackers encrypting all of the computers, data and backups a company has. Failing to restore those data can, in many cases, cause the business to collapse. </p>
<p>In such instances, banning ransom payments may discourage organisations from declaring breaches. They may pay the ransom to be able to move on with business – even if it is a crime. Should this happen, it would reduce the overall transparency of reporting on breaches, and could lead to hackers blackmailing victims to not divulge the hack.</p>
<p>This particular concern has led the US Federal Bureau of Investigation to recommend to the US Senate Judiciary Committee to not <a href="https://edition.cnn.com/2021/07/27/politics/senate-judiciary-ransomware-hearing/index.html">ban all ransom payments</a>.</p>
<p>For a ban on ransom payments to be effective, the penalties for paying the ransom would need to be more severe than the impact of the ransom itself. If the penalties are inadequate, organisations may simply pay the ransom and deal with the legal consequences so they can move on with normal operations.</p>
<h2>An alternative solution</h2>
<p>Cyberinsurance policies often provide reimbursement for ransomware payments. In fact, it’s a common tactic for cybercriminals to demand a ransom equivalent to <a href="https://www.homeaffairs.gov.au/cyber-security-subsite/files/tackling-ransomware-threat.pdf">the insurance reimbursement</a>. While this means the organisation suffers fewer losses, the cybercriminals still profit.</p>
<p>A more nuanced approach may be to ban cyberinsurance reimbursements for ransom payments, which would reduce the overall percentage of breaches that result in a payment. This could reduce profits for criminal gangs, while still allowing a company to salvage its operations under the worst-case scenarios. </p>
<p>The decision to ban or not to ban ransomware payments is complicated, and a blanket ban is likely to cause more problems than it fixes. We need change, but the best solution would be a case-by-case approach. </p>
<p>In the end, these kinds of cybercrimes are unlikely to be eradicated by any single policy change. They will require a wide range of policies, laws and regulations that each chip away at specific problems. If we do this, eventually the cost to criminals could outweigh the profits.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/budget-2022-9-9-billion-towards-cyber-security-aims-to-make-australia-a-key-offensive-cyber-player-180321">Budget 2022: $9.9 billion towards cyber security aims to make Australia a key 'offensive' cyber player</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/194516/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Banning cyber ransom payments might help ward off attacks, but there are some cases where organisations feel intense pressure to pay up.Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie UniversityJennifer J. Williams, PhD Candidate, Department of Security Studies and Criminology, Macquarie UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1898422022-11-11T17:00:58Z2022-11-11T17:00:58ZCybercrime insurance is making the ransomware problem worse<figure><img src="https://images.theconversation.com/files/483557/original/file-20220908-9399-yew7dm.jpg?ixlib=rb-1.1.0&rect=0%2C29%2C5000%2C3285&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Many businesses simply choose to pay a ransom than suffer the consequences of a cyber attack</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-asian-male-frustrated-confused-headache-709192198">Zephyr_p/Shutterstock</a></span></figcaption></figure><p>Cybercrime insurance is making the ransomware problem worse
During the COVID-19 pandemic, there was another <a href="https://www.bleepingcomputer.com/news/security/finalsite-ransomware-attack-shuts-down-thousands-of-school-websites/">outbreak in cyberspace</a>: a digital epidemic <a href="https://onlinelibrary.wiley.com/doi/full/10.1002/itl2.247">driven by ransomware</a>.</p>
<p>Several organisations worldwide fell victim to cyber-extortionists who stole data either to sell to other criminals or held it as a ransom for a profit. The sheer number of attacks indicates that cyber security and anti-ransomware defences did not work or have limited effectiveness.</p>
<p>Businesses are turning to cyberinsurance companies in <a href="https://www.wired.com/story/ransomware-insurance-payments/">desperation to protect themselves from attack</a>. But the growth of the <a href="https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/cyber-insurers-could-risk-being-held-for-ransom-as-extortion-attacks-escalate-55329254">cyberinsurance market</a> is only encouraging criminals to target companies that have extortion insurance. </p>
<p>A 2021 study from the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3908159">University of Leeds</a> found there was a massive acceleration in major cyber-attacks on organisations during the pandemic. The paper also showed a “shift in offender tactics which scale up levels of fear in victims … such tactics include a shift towards naming and shaming victims, the theft of commercially sensitive data and attacks targeting organisations which provide services to other organisations.” </p>
<p>A report by <a href="https://www.sophos.com/en-us/press-office/press-releases/2022/04/ransomware-hit-66-percent-of-organizations-surveyed-for-sophos-annual-state-of-ransomware-2022">global cybersecurity firm Sophos</a> found that 66% of organisations surveyed, from across 31 countries, were hit with ransomware in 2021, up from 37% in 2020. The average ransom paid increased <a href="https://www.cybersecuritydive.com/news/ransomware-attacks-payouts-2021/622784/#:%7E:text=Ransomware%20hit%2066%25%20of%20mid,with%20%24170%2C000%20the%20prior%20year">nearly fivefold to US$812,360 (£706,854)</a>. Insurance companies often opt to pay the ransoms that cybercriminals demand – 82% of UK companies <a href="https://www.meartechnology.co.uk/2022/03/04/ransomware-study-most-uk-firms-pay/">pay up</a>. </p>
<h2>Where are the attacks coming from</h2>
<p>According to US think tank the <a href="https://www.cfr.org/cyber-operations/">Council on Foreign Relations</a> 22 countries are suspected of <a href="https://blogs.thomsonreuters.com/answerson/state-sponsored-cyberattacks/">sponsoring cyberattacks</a>, including the United States.</p>
<p>And a <a href="https://cybernews.com/security/crimeware-as-a-service-model-is-sweeping-over-the-cybercrime-world/">new black market</a> in which cybercriminals provide products and services to other cybercriminals is <a href="https://www.avertium.com/blog/crimeware-as-a-service-explained">flourishing and driving the surge</a> in ransomware attacks. So-called ransomware allows everyone from teenagers to skilled amateurs to professional criminals to rent malware, encryption tools, and even Bitcoin wallets. </p>
<p>It is like a criminal renting a gun from another criminal who manufactured it. </p>
<p>In July 2020, <a href="https://www.theguardian.com/technology/2020/jul/31/twitter-hack-arrests-florida-uk-teenagers">three teenagers hacked Twitter</a>. The attack resulted in the hijacking of 130 accounts – some of which included high-profile targets including Joe Biden, Barack Obama, Apple, Elon Musk and Bill Gates. The bitcoin accounts associated with their ransomware scam received more than 400 transfers <a href="https://krebsonsecurity.com/2020/07/three-charged-in-july-15-twitter-compromise/">totalling over US$100,000</a> (£87,000).</p>
<figure class="align-center ">
<img alt="Woman stares at computer screen in shock" src="https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=256&fit=crop&dpr=1 600w, https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=256&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=256&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=322&fit=crop&dpr=1 754w, https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=322&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/483556/original/file-20220908-9722-c2wy2x.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=322&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Ransomware can devastate a business.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/ransomware-business-computer-malware-privacy-breach-1925465261">Andrey Popov/Shutterstock</a></span>
</figcaption>
</figure>
<h2>What’s the problem with insurance?</h2>
<p>The past few years have seen a surge in <a href="https://www.gao.gov/blog/rising-cyberthreats-increase-cyber-insurance-premiums-while-reducing-availability">specialist cybercrime insurance policies</a>. The global cybercrime insurance market is <a href="https://www.abi.org.uk/news/blog-articles/2022/02/cyber-insurance-growing-the-market-to-meet-the-global-threat/">predicted to grow</a> from US$7 billion in gross written premiums (GWP) in 2020 to US$20.6 billion by 2025. </p>
<p>Insurers need to do more to <a href="https://eiopa.europa.eu/Publications/Reports/EIOPA%20Understanding%20cyber%20insurance.pdf">discourage incompetent security practices</a>. Car drivers must pass theory and practical driving tests. But cyberinsurance policies rarely audit the IT security of an organisation before the policy is finalised.</p>
<p>A <a href="https://www.softkraft.co/software-development-standards/">standardised ISO norm</a> (quality management standards internationally agreed by experts) for software did not exist until 2015. It means customers have no way of judging the security standards of anything produced before 2015. Even now, some of the <a href="https://www.sciencedirect.com/science/article/pii/S1877050921002799">risk assessments</a> a software would go through in its lifetime could be less rigorous than for the kettle in our home. And ISO testing is voluntary. </p>
<p>The market lacks understanding of large-scale, sophisticated, cyber-attacks. The insurance sector works by determining the probability of an incident happening and the impact it would have. The cyberinsurance market struggles to forecast the likelihood of cyber-attacks because changes in digital technology can be so unpredictable. Attackers’ capabilities and intentions shift rapidly. </p>
<p>Most insurers currently have <a href="https://ieeexplore.ieee.org/document/9139703">no long-term data</a> for cyberincidents or ransomware. This has led to underfunded cyberinsurance programs, which rely heavily on <a href="https://intpolicydigest.org/2019/04/03/virulent-ransomware-strains-trust-in-cyber-insurance/">optimistic financial models</a>. </p>
<p>As a result it is getting more difficult to secure cyberinsurance as the growing number of claims is forcing valuers to be more discerning in the clients they accept. Lloyds of London <a href="https://techmonitor.ai/technology/cybersecurity/cost-of-cyber-insurance-lloyds-market-association">released new rules</a> in December 2021 stating that underwriters will no longer cover damage caused by “war or a cyberoperation that is carried out in the course of the war”. </p>
<p>Insurance premiums <a href="https://www.securitymagazine.com/articles/96549-the-rising-tide-of-cyber-insurance-premiums-in-the-age-of-ransomware">increased by 22%</a> in 2020 and a <a href="https://www.itpro.co.uk/security/cyber-security/360131/cyber-insurance-premiums-increased-by-a-third-in-the-last-12-months">further 32% in 2021</a> across 38 countries. The cost incurred by the business gets <a href="https://www.theregister.com/2022/07/29/ibm_data_inflation/">passed on to customers</a>. The ransomware demand will contribute to the overall rise in living costs as <a href="https://www.bleepingcomputer.com/news/security/school-district-reports-a-334-percent-hike-in-cybersecurity-%20insurance-costs/">ransomware costs</a> are being passed on to the customers. </p>
<p>As part of my work with the <a href="https://northerncloudcrimecentre.org/about/">Northern Cloud Crime Centre</a>, I looked at the
effectiveness of laws in the UK to regulate criminal activity in the Cloud. I found the cybercrime legislation in the UK has failed to keep pace with technological and market developments over the past 30 years. The Computer Misuse Act 1990 needs updating to make it more effective at policing cybercrime. If we cannot fix the situation, it will threaten jobs and investment in the UK.</p>
<h2>What is the solution</h2>
<p>Ransomware attacks are so effective because they <a href="https://expertinsights.com/insights/how-to-stop-ransomware-attacks/">exploit human weaknesses</a> and organisations’ lack of technological defences.</p>
<p>Law enforcement authorities advise ransomware victims <a href="https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/07/ico-and-%20ncsc-stand-together-against-ransomware-payments-being-made/">not to pay the ransom</a> because it encourages further attacks and fuels a <a href="https://therecord.media/ransomware-group-demands-500000-from-british-schools-citing-cyber-insurance-policy/">vicious cycle</a>. </p>
<p>But prevention is the best solution. Organisations need to put more effort into developing security measures such as a multifactor authentication system. Managers also need to carry out penetration testing, where a cybersecurity expert searches for vulnerabilities in a computer system. </p>
<p>Businesses are legally obliged to have a fire plan in place. The time has come for
mandatory ransomware and phishing resilience testing. The insurance industry needs to set minimum security requirements as part of the risk assessment. Organisations need greater transparency regarding what security they do and do not have in place. </p>
<p>Consensus is growing among researchers that solid cybersecurity can’t be achieved with technology alone because a human errors are to blame for a huge amount of incidents. The UK government is <a href="https://www.gov.uk/government/consultations/proposal-for-legislation-to-improve-the-uks-cyber-resilience">proposing new laws</a> to regulate cybersecurity standards. But these laws won’t work if it doesn’t invest in public education about phishing threats. </p>
<p>Cybercrime insurance can help minimise business disruption, provide financial protection, and even help with legal and regulatory actions after a cyberincident. But it will not solve the problems that created the vulnerability to an attack in the first place.</p><img src="https://counter.theconversation.com/content/189842/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Part of the research for this article was carried out as Co-I of EPSRC funded CRITiCaL - Combatting cRiminals In The Cloud (EPSRC) June 2015 - May 2022.
<a href="https://northerncloudcrimecentre.org/">https://northerncloudcrimecentre.org/</a>
<a href="https://essl.leeds.ac.uk/education-social-sciences-law/dir-record/research-projects/350/critical-combatting-criminals-in-the-cloud">https://essl.leeds.ac.uk/education-social-sciences-law/dir-record/research-projects/350/critical-combatting-criminals-in-the-cloud</a></span></em></p>In a viscous cycle, it’s also becoming harder to get cyberinsurance.Subhajit Basu, Associate Professor in Cyberlaw; Editor-in-Chief International Review of Law Computers and Technology, University of LeedsLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1943402022-11-10T04:10:09Z2022-11-10T04:10:09ZMedibank hackers are now releasing stolen data on the dark web. If you’re affected, here’s what you need to know<p>On October 13 one of Australia’s largest medical insurers, Medibank, announced it had suffered a cyberattack – one which has resulted in the breached personal details of 9.7 million <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">customers in Australia</a>. We now know the hackers, who are almost certainly Russian, demanded a ransom of US$9.7 million (about A$15 million) – or else they would leak the data on the dark web. </p>
<p>It’s believed the hackers are linked to the notorious <a href="https://www.sbs.com.au/news/article/who-is-revil-the-russia-backed-hacker-group-thought-to-be-behind-the-medibank-data-breach/b44xvb1ya">REvil cyber gang</a> which, according to Russian sources, was allegedly <a href="https://www.bbc.com/news/technology-59998925">dismantled and arrested</a> earlier this year.</p>
<p>The Medibank breach consists of an <a href="https://www.theguardian.com/australia-news/2022/oct/20/medibank-says-sample-of-stolen-customer-data-includes-details-of-medical-procedures">alleged 200GB of data</a> that contain personally identifiable information such as names, dates of birth, addresses, phone numbers, Medicare numbers, credit card details, and ID documents. Importantly, it also contains sensitive personal information about medical diagnoses and procedures covered by Medibank and <a href="https://ahm.com.au/about">ahm health insurance</a>.</p>
<p>Medibank did not have a <a href="https://www.theguardian.com/australia-news/2022/oct/28/medibank-cyber-attack-should-the-health-insurer-pay-a-ransom-for-its-customers-data">cyber insurance plan</a>, and so decided it would not pay the ransom. This choice is consistent with <a href="https://www.cyber.gov.au/ransomware">Australian government recommendations</a>.</p>
<p>The deadline to pay was around midnight on Tuesday. With no ransom received, the hackers kept their promise and the first batch of data was released in the early hours of Wednesday, November 9. </p>
<p>This breach comes with clear risks, and a lot of people will understandably be concerned. Here’s what to know if your data have been exposed, or is exposed in the coming days. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/medibank-wont-pay-hackers-ransom-is-it-the-right-choice-194162">Medibank won't pay hackers ransom. Is it the right choice?</a>
</strong>
</em>
</p>
<hr>
<h2>What has been leaked so far?</h2>
<p>Here’s what the hacker group divulged in the first batch of leaked data:</p>
<ul>
<li><p>screenshots of failed negotiations with Medibank</p></li>
<li><p>a list of Medibank employees, with their full names, work emails, details of the mobile phones and computers they use, as well as some home wifi names (which can be used to find a person’s home address)</p></li>
<li><p>the personally identifiable information (including what appear to be passport numbers) of more than 500,000 international students, either currently or formerly in Australia</p></li>
<li><p>the personally identifiable information (including what appear to be ID document numbers) of an additional 500,000 people</p></li>
<li><p>and the personal information (including addresses and phone numbers) of 200 people. Most concerningly, this includes details of medical diagnoses and procedures, and a <a href="https://www.abc.net.au/news/2022-11-09/medibank-yet-to-contact-customers-whose-data-has-been-leaked/101633598">“naughty list”</a> of 100 people singled-out for having medical diagnoses of psychological disorders and drug addiction. </p></li>
</ul>
<p>On the following day, November 10, the hackers released an additional 300 records of personally identifying information on account holders who had abortions charged against their accounts. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1590552114543366144"}"></div></p>
<h2>How might criminals use the stolen data?</h2>
<p>Blackmail, fraud, identity theft and targeted scams are the three most obvious options for the hackers now in possession of Medibank customers’ data. </p>
<p>Personal information and information about medical treatments considered “controversial” – such as treatments related to sexual health, mental health, and addiction – could be used to blackmail victims, including high profile people and foreign nationals. </p>
<p>Foreign nationals may be particularly vulnerable if they have undergone procedures considered socially unacceptable – or even illegal – in their home country. This could even make it dangerous for them to return. </p>
<p>Personally identifying information, such as ID documents and contact details, may be used to impersonate victims and seize financial accounts, open lines of credit, or impersonate a victim to extort their friends and family for money.</p>
<p>Personal information can also be used to carry out targeted scams. For instance, cybercriminals may target data breach victims with highly personalised – and therefore highly believable – phishing attacks. </p>
<p>There are also data recovery scams, in which scammers contact victims and make the impossible claim to remove their data from the internet for a fee. </p>
<h2>What to do if you’re targeted</h2>
<p>We don’t yet know of every single individual who has been directly affected by this breach. Medibank will need to notify individual customers that have been affected, <a href="https://www.medibank.com.au/livebetter/newsroom/post/medibank-cybercrime-update8nov">and has said it will continue to do so</a>.</p>
<p>However, concerned customers can take some pro-active steps, such as securing critical accounts and being aware of potential scams – as we describe above, and also as we described in relation to the <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus breach</a> previously. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide</a>
</strong>
</em>
</p>
<hr>
<p>While passports and drivers licenses <a href="https://www.abc.net.au/news/2022-09-30/how-do-i-replace-my-passport-drivers-licence-medicare-care-optus/101491414">can be replaced</a>, there’s no protection against your medical history being released to the public. Hackers may try to exploit this information in extortion scams. </p>
<p>If you are targeted for an extortion scam as a result of the leak, you should notify law enforcement immediately, either through <a href="https://www.cyber.gov.au/acsc/report">ReportCyber</a> or your local police office. There won’t be any hiding of information that is already posted online, and these criminals can’t keep it a secret for you, no matter what they promise. </p>
<p>If you receive a text or email from scammers related to your medical history, <em>do not reply</em> as it will only encourage them to harass you further.</p>
<h2>What do we expect to happen next?</h2>
<p>So far, the <a href="https://www.abc.net.au/news/2022-11-10/medibank-data-breach-latest/101637160">hackers have released</a> less than 1GB of the 200GB allegedly stolen, with already serious consequences for more than a million Australians. But this is just the tip of the iceberg. </p>
<p>The communications leaked by the hacking group suggest two things. First, they appear to still be trying to extort their US$9.7 million ransom from Medibank. This explains the trickling release of data, rather than all of it being leaked at once. </p>
<p>Second, they seem intent on releasing the data if Medibank does not pay. Their own stated reason for releasing the data is to market their “ransomware as a service” offerings to other cybercriminals. This is when an initial hacker first gains access to a company, and then hires a hacking group such as REvil to actually run the complicated ransomware scheme – a service made (in)famous by <a href="https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/">REvil</a>. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=233&fit=crop&dpr=1 600w, https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=233&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=233&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=293&fit=crop&dpr=1 754w, https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=293&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/494587/original/file-20221110-16841-ceobss.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=293&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Among the leaked data the hackers also posted screenshots of their ‘negotiations’ with Medibank.</span>
<span class="attribution"><span class="source">Screenshot</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>It seems unlikely Medibank will (or should) <a href="https://www.abc.net.au/news/2022-11-07/medibank-ceo-says-ransom-amount-irrelevant-10-million-hacked/101625012">pay the ransom</a>, and likely the unnamed ransomware gang will release the entire dataset to the public. </p>
<p>Should that happen, we may be facing an unprecedented exposure of personally identifiable information with potentially 9.7 million identity documents and credit card details stolen.</p>
<p>This possibility dwarfs even the worst case scenarios of the recent Optus breach, and will require an unprecedented effort to update and secure the identity documents and credit card details of those affected.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015">Why are there so many data breaches? A growing industry of criminals is brokering in stolen data</a>
</strong>
</em>
</p>
<hr>
<img src="https://counter.theconversation.com/content/194340/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>It’s reported the stolen data of more than one million Australians have already been leaked – and more is expected.Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie UniversityJennifer J. Williams, PhD Candidate, Macquarie UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1941622022-11-08T05:48:43Z2022-11-08T05:48:43ZMedibank won’t pay hackers ransom. Is it the right choice?<figure><img src="https://images.theconversation.com/files/494018/original/file-20221108-21-8dok4d.jpeg?ixlib=rb-1.1.0&rect=69%2C57%2C4163%2C2767&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Medibank is still refusing to pay a ransom of <a href="https://www.abc.net.au/news/2022-11-07/medibank-ceo-says-ransom-amount-irrelevant-10-million-hacked/101625012">an undisclosed amount</a> to cybercriminals, despite the hackers now allegedly threatening to <a href="https://www.theguardian.com/technology/2022/nov/08/medibank-data-hack-ransomware-group-threatens-to-release-customer-information">release the stolen data</a> on the dark web. </p>
<p>It’s reported the data of about 9.7 million current and former Medibank customers were <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">compromised in a breach</a> first confirmed by Medibank on October 13. </p>
<p>The data are said to include customers’ names, dates of birth, addresses, phone numbers and email addresses – as well as some 500,000 health claims with information such as patients’ service provider details, where they received medical services and the types of treatments they claimed.</p>
<p>Medibank’s chief executive has said the company won’t be paying up – a decision endorsed by Home Affairs Minister Clare O'Neil. But what does the evidence say?</p>
<h2>How were the data stolen?</h2>
<p>According to <a href="https://www.afr.com/technology/medibank-mystery-was-a-user-credential-all-that-was-needed-for-hack-20221021-p5brqv">various</a> <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">reports</a>, it all started when a hacker compromised the credentials of a Medibank employee who had access to a number of the company’s data repositories. It’s unclear whether the employee would have needed multifactor authentication to access these data – and, if so, whether this was also compromised.</p>
<p>It’s believed this hacker then sold the employee’s credentials to notorious cybercriminal group REvil via an online Russian language forum. Around midnight, REvil posted on the dark web threatening it would release the data in the next 24 hours should the ransom not be paid. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">Holding the world to ransom: the top 5 most dangerous criminal organisations online right now</a>
</strong>
</em>
</p>
<hr>
<p>While there’s no evidence REvil does indeed have access to the stolen data, historically <a href="https://theconversation.com/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977">the REvil group</a> has not been found to bluff. There’s no reason to believe this time is different. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1589600814594949120"}"></div></p>
<p>Medibank first identified unusual activity on its network on October 12. It then launched a follow-up investigation that <a href="https://www.medibank.com.au/health-insurance/info/cyber-security/timeline/">confirmed the breach</a>. We don’t know how long the cybercriminals may have had access to its systems before then.</p>
<p>It’s reported they stole some 200GB of data in total. This is quite a large amount, and it would be unusual not to notice the exportation of <a href="https://www.theguardian.com/technology/2022/oct/24/medibank-hack-started-with-theft-of-staff-members-credentials-investigation-suggests">this much sensitive data</a>.</p>
<p>In this case, however, it seems the criminals used some sort of compression algorithm to minimise the data file size. This may have allowed the data extraction to be less obvious, perhaps also through splitting the data into smaller data packages.</p>
<h2>To pay or not to pay?</h2>
<p>Medibank chief executive David Koczkar has said the ransom request would not be paid, and “making any payment would increase the risk of extortion for our customers, and put more Australians at risk”. He said the decision is consistent with advice from cybersecurity experts and the <a href="https://www.abc.net.au/news/2022-11-07/medibank-refuses-to-pay-ransom-data-hack-cyber-attack/101622914">Australian government</a>. </p>
<p>This is, in fact, a smart decision. Even if the ransom is paid, it does not guarantee the cybercriminals will not use the stolen data for other malicious purposes, or won’t undertake further attacks against Medibank. </p>
<p>Law enforcement agencies across the world are against paying <a href="https://www.forbes.com/sites/edwardsegal/2022/07/29/why-experts-disagree-on-whether-businesses-should-pay-ransomware-demands/?sh=744a53ae4fca">ransoms</a>. However, there are life-threatening situations in a healthcare context, such as during <a href="https://www.news-medical.net/health/What-is-Remote-SurgeryTelesurgery.aspx">remote surgery</a>, when there may be no choice.</p>
<p>Cybercriminals take advantage of vulnerabilities in healthcare IT infrastructure – largely because there’s a higher chance of getting a ransom paid in healthcare than in any <a href="https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/">other sector</a>. </p>
<p>Often, organisations targeted will have to pay a ransom to get back access to data and continue providing healthcare services. According to one recent report the majority of ransomware attack victims in healthcare end up paying <a href="https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/">the ransom</a>.</p>
<p>As to why Medibank hasn’t disclosed the specific ransom amount, this is because this information could encourage other cybercriminals to aim for similar targets in future ransom events. </p>
<p>If the ransom were disclosed, and later had to be paid, Medibank’s reputation as an insurance provider would hit rock bottom. When Colonial Pipeline’s fuel pipeline infrastructure in the US was hit by a ransomware attack, the hefty ransom payment of US$4.4 million left a permanent scar on <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636">the operator’s reputation</a>. </p>
<h2>The risks as the situation unfolds</h2>
<p>The risks for victims of the Medicare data breach must not be underestimated. This sensitive information could be used in various types of fraud. For example, hackers may call victims of the data breach pretending to be Medibank, and ask for a service charge to have their data safeguarded. Healthcare data can also be used for blackmail and fraudulent billing. </p>
<p>What’s more, hackers can identify the most vulnerable individuals among the list of victims and create customised attack vectors. For example, individuals with implanted devices (such as <a href="https://www.upi.com/Health_News/2022/06/01/medical-devices-pacemakers-cybersecurity/7041653656330/">pacemakers</a>) can be targeted with blackmail and threats to their life. </p>
<p>Beyond this, cybercriminals could also use victims’ personal information to conduct a number of other scams unrelated to Medibank or healthcare. After all, if you have someone’s details it’s much easier to pretend to be any organisation or company with authority.</p>
<p>For those potentially affected by the Medicare data breach, the most important thing now is to remain vigilant about all types of online activity. You can start by replacing your passwords with more secure <a href="https://www.cyber.gov.au/learn/passphrases.">passphrases</a>. You should also consider running a credit check to see if any suspicious activity has been conducted in your name. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1587970252033368066"}"></div></p><img src="https://counter.theconversation.com/content/194162/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A well-known cybercrime group has threatened to release the data should the ransom not be paid.Mohiuddin Ahmed, Senior Lecturer in Cyber Security, Edith Cowan UniversityPaul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.