Jump to content
Official Discord Server Launched! ×

Australian Government Announces Team to Hack Hackers

MalwareTech

By MalwareTech
in News

 Share

Recommended Posts

MalwareTech Enthusiast

MalwareTech

Posted
Posted

https://www.9news.com.au/national/government-cyber-security-medibank-hack-cybersecurity-australia-national-news/b6cd0227-6c20-43ed-8fd1-a884330c3316

This is something that quite a few countries have started doing in recent years, though few have publicly announced it like Australia has. Usually it's prompted by a major hack (in this case Medibank).

A similar thing happen in the US following the ransomware attack on Colonial Pipeline. the US government expanded its national security policy to enable US Cyber Command to also go after foreign criminal hackers, rather than just nation-states.

Link to comment
Share on other sites
DrDisexon Rookie

DrDisexon

Posted
Posted
7 minutes ago, MalwareTech said:

https://www.9news.com.au/national/government-cyber-security-medibank-hack-cybersecurity-australia-national-news/b6cd0227-6c20-43ed-8fd1-a884330c3316

This is something that quite a few countries have started doing in recent years, though few have publicly announced it like Australia has. Usually it's prompted by a major hack (in this case Medibank).

A similar thing happen in the US following the ransomware attack on Colonial Pipeline. the US government expanded its national security policy to enable US Cyber Command to also go after foreign criminal hackers, rather than just nation-states.

Russian hackers hack the Australia, Australian Kangaroo hack the Russian Embassy🤣

image.png.4ec54771e7ea97b40a9319519f51432c.png

  • Haha 1
Link to comment
Share on other sites
garandou Newbie

garandou

Posted
Posted

Things like this do bring to the forefront the fact that personal data like this is about people. It sounds obvious in the abstract, but having a lot of this kind of intimate information about them just milling out there, ready to be accessed, must really suck. Especially since people tend to get embarrassed about a lot of diagnoses, even if it's not actually embarrassing.

Makes me think about how stalking and doxxing are so much easier now, and how much harder that hits minorities. Even without data dumps, the amount available about people through OSINT alone is scary. 😔

Link to comment
Share on other sites
NeonPayload Apprentice

NeonPayload

Posted
Posted
9 hours ago, garandou said:

Things like this do bring to the forefront the fact that personal data like this is about people. It sounds obvious in the abstract, but having a lot of this kind of intimate information about them just milling out there, ready to be accessed, must really suck. Especially since people tend to get embarrassed about a lot of diagnoses, even if it's not actually embarrassing.

Makes me think about how stalking and doxxing are so much easier now, and how much harder that hits minorities. Even without data dumps, the amount available about people through OSINT alone is scary. 😔

Considering they're entire sites dedicated to go after them. I know far-right groups in Germany using discord to artificially boost video's and target dox critics. As tools and techniques become more and more available I do get more worried.

 

12 hours ago, MalwareTech said:

https://www.9news.com.au/national/government-cyber-security-medibank-hack-cybersecurity-australia-national-news/b6cd0227-6c20-43ed-8fd1-a884330c3316

This is something that quite a few countries have started doing in recent years, though few have publicly announced it like Australia has. Usually it's prompted by a major hack (in this case Medibank).

A similar thing happen in the US following the ransomware attack on Colonial Pipeline. the US government expanded its national security policy to enable US Cyber Command to also go after foreign criminal hackers, rather than just nation-states.

Outside disrupting operations and maybe hacking funds is there really a lot they can do if they don't have the power to arrest? It would be interesting to see three letter agencies drop 0-days on malware.

Link to comment
Share on other sites
kazukidevnull Apprentice

kazukidevnull

Posted
Posted
25 minutes ago, NeonPayload said:

Considering they're entire sites dedicated to go after them. I know far-right groups in Germany using discord to artificially boost video's and target dox critics. As tools and techniques become more and more available I do get more worried.

 

Outside disrupting operations and maybe hacking funds is there really a lot they can do if they don't have the power to arrest? It would be interesting to see three letter agencies drop 0-days on malware.

well, even if they can't arrest them, they can easier find out who is behind it and make sure if the person can not be arrested within the country, the person can't leave the country without possibilities of getting caught, so all in all, it's more above recovery and scaring wannabe ransom people away or a least make them think twice who they attack.

Also, the ability for the government to hack have likely less to do with them going full speed ahead and random hack who they think is criminals and more a case of

"ok, we found this leak site/C&C/Email/etc which we know 100% belong to a threat actor, how do we get access to it so we can either trace/snoop on them to gain information or take it offline?"

which they weren't available to do before where if they investigated something and came across something owned by the criminals, they couldn't just hack past it, which they should be able to do now. 

Link to comment
Share on other sites
NeonPayload Apprentice

NeonPayload

Posted
Posted
45 minutes ago, kazukidevnull said:

well, even if they can't arrest them, they can easier find out who is behind it and make sure if the person can not be arrested within the country, the person can't leave the country without possibilities of getting caught, so all in all, it's more above recovery and scaring wannabe ransom people away or a least make them think twice who they attack.

Also, the ability for the government to hack have likely less to do with them going full speed ahead and random hack who they think is criminals and more a case of

"ok, we found this leak site/C&C/Email/etc which we know 100% belong to a threat actor, how do we get access to it so we can either trace/snoop on them to gain information or take it offline?"

which they weren't available to do before where if they investigated something and came across something owned by the criminals, they couldn't just hack past it, which they should be able to do now. 

I guess that's true; I started looking into it. A lot of ransomware operators got caught on vacation apparently.

Link to comment
Share on other sites
j91321 Rookie

j91321

Posted
Posted

I'm really interested of the outcomes we are going to see from these (if any). There some very good arguments that can be made for doing this, like you let the new less experienced team go after the the criminals where they can gain experience in conducting real offensive operations against real targets without much risk of screwing an actual important mission. If they manage to actually disrupt some crime operations that's just an additional bonus and maybe some good PR.

The effectiveness I guess would depend on how much are they allowed to do and the difficulty getting approval from the command chain. You could get very creative, I've heard the Grugq and Tom Uren discuss a few interesting (and funny) ideas on Between Two Nerds: Using Offensive Capabilities Against Criminals. (https://risky.biz/BTN8/). Worth listening.

One of the arguments they make is that you don't need to really make arrests, just make their life really frustrating, destroy their reputation or manufacture infighting between groups or individuals inside the group.

The argument against conducting operations against criminals would be that it increases their security posture. And you can't really use the good stuff in these operations.

Link to comment
Share on other sites
kereshnull Newbie

kereshnull

Posted
Posted

Let's go, team "Hack Back."

Will it work, maybe. One thing for sure is creating a precedent for open cyber war. How will they make sure they are hacking the right target? If a mom-and-pop shop has a hacked router used as a relay, then what?

I agree that there are a lot of pros but do they outweigh the cons? I know the bad guys do not have rules; well, that's why they are the bad guys.

I hope we do not wake up one day to this.

ccvzrbwha9tx.jpg.4d76027a1190f083460c21b15161a4a1.jpg

Link to comment
Share on other sites
MalwareTech Enthusiast

MalwareTech

Posted
  • Author
Posted
5 minutes ago, kereshnull said:

Let's go, team "Hack Back."

Will it work, maybe. One thing for sure is creating a precedent for open cyber war. How will they make sure they are hacking the right target? If a mom-and-pop shop has a hacked router used as a relay, then what?

I agree that there are a lot of pros but do they outweigh the cons? I know the bad guys do not have rules; well, that's why they are the bad guys.

I hope we do not wake up one day to this.

ccvzrbwha9tx.jpg.4d76027a1190f083460c21b15161a4a1.jpg

I don't think it creates any new precedent. This has been something happening all over the world for years now. For example, see the CyberCom attack on TrickBot: https://www.wired.com/story/cyber-command-hackers-trickbot-botnet-precedent/

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...