Peter A Clarke

The European Union has activated its cyber security team to help Ukrainians from Russian cyber attacks.  Actually, more Russian cyber attacks given the US attributed a DDoS cyber attack on the Ukrainian Ministry of Defence to the Russian Main Intelligence Directorate.  On the back of that the Australian Government issued a joint media release by Ministers Andrews, Payne and Dutton (is there an election in the air?) saying the same thing as the US providing:

The Australian Government joins the United States and the United Kingdom in publicly attributing the cyber attacks against the Ukrainian banking sector on 15 and 16 February 2022 to the Russian Main Intelligence Directorate (GRU).

In consultation with our partners, the Australian Government assesses that the GRU was responsible for these distributed denial of service (DDoS) attacks.

The Australian Government stands in solidarity with Ukraine and our allies and partners to hold Russia to account for its ongoing unacceptable and disruptive pattern of malicious cyber activity.

The international community must not tolerate Russia’s misuse of cyberspace to undermine Ukraine’s national security, sovereignty and territorial integrity by seeking to disrupt essential services, businesses and community confidence.

Russia’s actions pose a significant risk to global economic growth and international stability.

The global community must be prepared to shine a light on malicious cyber activity and hold the actors responsible to account. All members of the international community – including Russia – should abide by existing international law and norms of responsible state behaviour which apply in cyberspace. Australia calls on all countries to honour and uphold their commitments.

Australia is committed to upholding the rules-based order online, just as we do offline, and supporting our partners in the face of cyber threats.

Australia will continue providing cyber security assistance to the Ukrainian Government, including through a new bilateral Cyber Policy Dialogue and further cyber security training for Ukrainian officials.

Australia commends the swift action taken by Ukrainian authorities and the private sector to substantially mitigate the impacts of this incident.

Governments, the private sector and households must remain vigilant about the ongoing threats we face in cyberspace.

The Government is taking concrete action to protect Australians against cyber criminals, investing $1.67 billion over 10 years to build new cybersecurity and law enforcement capabilities to protect Australian businesses and communities, and passing new laws to protect our critical infrastructure assets from malicious cyber attacks.

This was picked up in the Australian’s Australia offers cyber security aid to Ukraine. 

The reality of modern conflict is that cyber attacks are Read the rest of this entry »

The SMH reports that there has been a data breach by NSW  Department of Consumer Service in the publication of 500,000 addresses on a government website.  According to the NSW Government the NSW information Commissioner was advised the day after it became aware of the information being in the public domain and that the Commissioner stated that this did not constitute a privacy breach.  That story is based on a Nine News expose. As is the way the embarrassment of the breach is compounded by the negative coverage, going as far as the UK.

If there is some humour to be found in this all too familiar type of breach it is that NSW legislated to ban police from accessing QR code check in data in November last year. 

The SMH article Read the rest of this entry »

It has long been the practice of authorities to provide maximum privacy to complainants in sexual assault and rape cases.  In Australia and most overseas common law jurisdictions reporting of rape cases does not identify the victim.  The report that data from rape kits of victims who alleged they were sexually assaulted are the subject of a data breach is devastating to those individuals.  It also undermines the confidence in the police procedure.  It may also prejudice the prosecution of cases where that data is a crucial piece of evidence.  

What is more than passing strange is that the data breach took place on 18 November 2021 but details of that breach were only provided this week.  The handling of the breach has been dreadful with the the Police Department stating that “certain sensitive personal and health-related information” may have been compromised.  DNA Solutions took a different tack stating “The data did not include social security numbers, driver’s license information, or financial information. We have notified individuals or organizations whose data may have been impacted directly.” DNA Solutions stated what was not included in the data taken or exposed but does not say whether personal information was taken.  That is a non answer answer. 

There have been some very significant data breaches involving DNA data.  On 29 November 2021 DNA Diagnostics Center Inc in Maine USA notified the Attorney General that there had been a data breach, from 24 May until 28 July 2021, which affected 2,102,436 people.  In July 2019 it was reported that a DNA-testing service Vitagene Inc. left thousands of client health reports exposed online for years with more than 3,000 user files remaining accessible to the public on Amazon Web Services cloud-computer servers until 1 July 2019. The reports included genealogy reports which included customers’ full names alongside dates of birth and gene-based health information, such as their likelihood of developing certain medical conditions. Back in 2017 Ancestry.com had a huge, by those standards, data breach involving 300,000 credentials exposed. 

The article related to the Oklahoma breach Read the rest of this entry »