Modern Australian
The Times

19 years of personal data was stolen from ANU. It could show up on the dark web

  • Written by Nicholas Patterson, Lecturer, Deakin University
19 years of personal data was stolen from ANU. It could show up on the dark web

Today it was revealed the Australian National University (ANU) fell victim to a cyber security attack two weeks ago. Stolen was a substantial amount of data dating back 19 years relating to staff, students and visitors.

We don’t know for sure how long the cyber attackers were inside the ANU systems in this case. However, the university revealed details of other attempted attacks last year.

Read more: Hackers cause most data breaches, but accidents by normal people aren't far behind

The ABC reported that the types of data stolen were “names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Student academic records were also accessed.”

These are very critical data. Privacy and security are at risk when this sort of information, especially people’s personal and financial details, are hacked.

The question now is what will happen with the stolen data.

There are three likely outcomes:

1. Invitation to pay a ransom

The hackers who stole the data might ask ANU to pay a ransom and they will “erase” the data they stole (or at least say they will). If the ransom is not paid, they will probably release it to the public.

We have seen cases like this before around the world. A recent example involved stolen coding tools.

Another example is an attack on a German IT company, Citycomp, where hackers broke into its systems and stole a lot of critical data. Citycomp was asked to pay a ransom of $5,000 – but did not. The hackers published the data.

2. Free public release of data

The hackers may release the stolen data to the public without asking for any payment. This might happen as a show of strength, to provide evidence of their capabilities, or to cause chaos.

The consequences are still very serious in this case. It could lead to serious breaches of personal privacy, fake identities being created and important intellectual property becoming available to competitors or other hackers.

More broadly, the university may attract fines from the government if it was later found that correct data protection practices were not followed. That said, there is no evidence this is the case here.

3. Sell for profit on the dark web

The hackers may sell the data on the dark web to make a profit. Others could buy the data to create fake identities and as a result fake credit cards.

An example where hackers have stolen data involving up to 150 million users and sold it on the dark web involved Under Armour’s MyFitnessPal app.

The entire stolen data set is reportedly available for an asking price of less than $20,000 in bitcoin – around one year after the breach occurred.

Hackers are hard to stop

What makes this ANU case very interesting is that in 2018 The Guardian reported that ANU had spent many months fighting off a threat to its systems. There were unverified reports this might have come from hackers based in China.

This means the ANU has known it was being targeted for a while now, and was still not able to fend off the data breach revealed today.

You might ask why the university hadn’t bolstered its cyber defences in response. The answer is the ANU probably did, to the best of its abilities.

However, when you are dealing with elite hackers and those using “zero day exploits”, it means your chances of preventing a hack are quite limited. Zero day-based exploits focus on vulnerabilities that are not yet known to anti-malware companies or for which no targeted solutions are available, such as patches or updates.

Read more: From botnet to malware: a guide to decoding cybersecurity buzzwords

This is still a dangerous situation

There are still aspects of this situation that will present concerns to the ANU and its stakeholders.

For example, it’s possible the hackers could still be in the systems, but hidden. They may have user names and passwords for student accounts or hidden backdoors the university has not yet discovered.

It could be worse than we know

Another issue is whether the hackers have stolen even more data than is being reported.

It currently appears data not stolen includes “credit card details, travel information, medical records, police checks, workers’ compensation information, vehicle registration numbers, and some performance records”.

ANU vice-chancellor Brian Schmidt has said: “We have no evidence that research work has been affected. But the university may not yet know for sure. A very concerning aspect for the university will be the potential for intellectual property and unpublished academic works to be accessed. This could be very valuable to sell off online or even to other universities.”

This has happened before: Iranian hackers targeted 76 universities across 14 countries to steal intellectual property from research projects in 2018.

Only time will reveal what happens next. The bad news is that hackers have stolen critical data and it’s in the wind. The outcomes could be minimal or they could be disastrous, depending on the hackers’ intentions.

A big concern will be if the hackers still have access to the university systems, via an established backdoor, and are siphoning off critical data as it emerges.

Authors: Nicholas Patterson, Lecturer, Deakin University

Read more http://theconversation.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web-118265

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...

Tiny Towns funding granted for Mt Hotham and Mt Buller upgrades

Alpine Resorts Victoria (ARV) has welcomed funding support from the Victorian Government’s  Tiny Towns Fund, with both Mt Hotham and Mt Buller se...

Locksmith Services: Why Professional Security Solutions Matter More Than Ever

Security is a critical concern for homeowners, businesses, and vehicle owners alike. Whether it involves protecting a property, replacing damaged lo...

Why Tooth Fillings Are Important For Protecting Damaged Teeth

Cavities and minor tooth damage are common dental problems that can worsen if left untreated. Professional tooth fillings help restore damaged teeth, ...