Peter A Clarke

I recently gave a presentation on data breaches where I highlighted as a trend the matuation of ransomeware strategies and attacks.  This is point raised in the Cyber Security Industry Advisory Committee report, I posted on recently, titled Locked Out: Tackling Australia’s ransomware threat. Hackers are known to target businesses with cyber insurance and make demands in line with the coverage of the policy. That presupposes knowledge of policy details, acquired from the target businesses or the insurer or its brokers.  

In a wide ranging, techy speak and a little shambolic interview on The Record  an anonymous member of  REvil, a hacking group,  confirms that businesses with cyber insurance are Read the rest of this entry »

When in doubt set up a committee.  Beyond meeting a committee should prepare a paper.  The Cyber Security Industry Advisory Committee is no different.  The Minister for Home Affairs announced the establishment of the Committee on 20 October 2020. Its specific role is to help guide the introduction of Australia’s Cyber Security Strategy 2020 which was announced on 6 August 2020.

The Committee has prepared a paper on Ransomware, Locked Out: Tackling Australia’s ransomware threat which was released by the the Minister for Home Affairs, Peter Dutton MP on 10 March 2021.

Even though Ransomware has been a favoured weapon by cyber criminals for some time the problem is now chronic.  As an example only, yesterday the BBC reported in Russian pleads guilty to Tesla ransomware plot where a Russian offered a Tesla employee a million dollars to infect the company with ransomware.

The report is Read the rest of this entry »

The growth in cyber attacks is hardly news.  Even cyber attacks by state agencies is not novel.  There have been explicit warnings by governments and reports in the media to that effect.  What is relatively new is the brazenness of the attacks by state players and the prolonged nature of those attacks and the motivation for those attacks.  Cyber attacks are becoming more overtly political.

On that note the ABC Reports that China is suspected of a cyber attack on the Western Australian Parliament during the last state election.   The source of entry was the weakness discovered Read the rest of this entry »

Surveillance cameras, baby cameras and other monitoring devices connected to the internet have been particularly prone to cyber attack.  They are attractive targets, successful hacks result in high profile press coverage and huge embarrassment for both the users and the manufacturers of the device. The motivations are varied.  In 2014 hackers remotely turned on baby cameras and shouted obscenities at parents and their babies. I wrote about the vulnerabilities of these devices in 2016.  In 2019 G Post raised the similar issue with Yes, Your Video Baby Monitor Can Be Hacked. No, You Don’t Have to Stop Using It. 

For all of that forewarning and knowledge of the attractiveness of surveillance cams being target of hacking and the well known vulnerabilities that could be addressed Verkada, a provider of cameras and surveillance equipment has been the subject of a massive data breach.  The ABC Read the rest of this entry »

It governance has provided its list of data breaches and cyber attacks in February 2021, estimating that 2.3 billion records were breached. The cyber attacks range from the relatively modest in number, with 208 records of the Watermark Retirement Communities residents across 10 states being affected, to the catastrophically large attack, involving millions of user records of Raychat being destroyed and the records of 102 million consumers of two mobile operators in Brazil.  There were also other significant data breaches, including 400 million records of a delivery company, Bykea, being leaked in Pakistan and Australia’s Oxfam discovered that its database of 1.7 million records were being offered for sale on a hacker forum. The humiliating Oxfam data breach required it to issue the now all too familiar sort of candid post of where matters are at on 1 March 2021 which Read the rest of this entry »

The Online Safety Bill 2021, was introduced into Parliament on 24 February 2021. The Minister’s Second Reading Speech is found here.  It will, if passed, replace the Enhancing Online Safety Act 2015 through the enactment of the Online Safety (Transitional Provisions and Consequential Amendments) Bill 2021.

It is legislation that is relevant who practice defamation and privacy law.

The Bill with the explanatory memorandum are extensive documents. There are 240 clauses.    Zdnet in Bill establishing cyber abuse takedown scheme for adults enters Parliament provides quite a good overview of the proposed legislation providing:

A new Online Safety Bill that extends the cyber takedown function to adults and cuts takedown response times in half has made its way into Australian Parliament. Read the rest of this entry »

Thursday 28 January 2021 is Data Privacy Day. It is also the 40th anniversary of Convention 108 and the 15th edition of the Data Protection Day.

The National CyberSecurity Alliance aptly describes what the day is about where it states:

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business.

In 2021, NCSA is encouraging individuals to “Own Your Privacy” by learning more about how to protect your valuable data online, and encouraging businesses to “Respect Privacy”, which advocates for holding organizations responsible for keeping individuals’ personal information safe from unauthorized access and ensuring fair, relevant and legitimate data collection and processing. These themes are encouraged through the below messaging and calls to action:

The Victorian Information Commissioner marked the day by Read the rest of this entry »

Ambulance Tasmania has suffered a massive data breach. According to the ABC’s Tasmania Police called in after ambulance patient details published online personal information of every Tasmanian who called the Tasmanian Ambulance Service since November 2020 has been accessed and posted on line by a third party.  The specific nature of the breach is unknown but it was to the paging system.  What makes this breach so damaging is that the data accessed is sensitive information, relating to a person’s health status as well as that person/s age, gender and address.

What is both surprising and disturbing is that the data hacked from Ambulance Tasmania has been publicly visible since November last year.

What is less surprising is that it appears that previously deficiencies had been identified in the communications system and processes.  That is quite a common situation.  The problems are apparent but there is no incentive to attend to those problems because time and money can be spent elsewhere which provides more immediate benefit and the legal consequences of a data breach are small because the legislation is weak and the regulators are timid.

The Government response follows the dreary, obsolete path adopted by many Australian Government agencies of the responsible minister being concerned, referring Read the rest of this entry »

The Internet of Things, with gadgets and devices previously stand alone now connected to the internet, has always been blighted by vulnerabilities to cyber attack.  The stories of baby monitors being hacked and taken over by criminals or just garden variety creeps are legion and have passed into cyber security folk lore.  Invariably the cause of the hack of a baby monitor is down to the usual problems with any form of security involving a device connected to the internet with some specific issues involving videos; poor security of wireless routers, no or a lousy password for the monitor (often factory settings are left in place), reusing stolen credentials, default log ins and easy to access settings and not updating or patching software as and when required. 

The BBC reports that the hackers have, disturbingly, gone further than standard interference with a device.  Hackers goes beyond accessing home cameras of a residence and now engage in swatting, where they contact or otherwise get police Read the rest of this entry »

As is my tradition on this site at Christmas I reprint one of the most affecting Christmas stories and a brilliant piece of journalistic prose the quality of which is not seen in the current mainstream media.  It is the Sun’s peice from 1897, Yes Virginia there is a Santa Claus.  From the very first time I read this wonderful editorial I was impressed by its clear and precise language.  Virginia O’Hanlon, all of 8 year old, wrote a sweet and touching query about Santa Claus’s existence to The New York Sun.  It wasn’t trashed, ignored or even turned into a joke.  Instead it evoked a response that was both honest and written to and for a young child but dealt with bigger issues of belief, philosophy and the evils of sneering skeptisism which afflicts us today more than it did over 120 years ago. 

It is deservedly one of the great editorials of journalism.  It holds up as well today as it did in that Gilded Age.  One can only hope to hold onto and embrace the optimism and enthusiasm for life and its wonders that the author, Francis Pharcellus Church, so marvelously described in what has become history’s most reprinted newspaper editorials. It was reprinted by the New York Daily News yesterday.

The letter from Virginia was:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?

VIRGINIA O’HANLON.
115 WEST NINETY-FIFTH STREET.

The responding Editorial was:

VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

In 1997 the New York Times did a wonderful piece setting out the history and analysis of the Yes Virginia editorial and its impact.  

I wish you one and all a wonderful Christmas and a prosperous 2021.