Cyber crime detective Chris McNaughton reveals Medibank hack insights
An expert on cybercrime has shared his insight into the criminals sitting on the personal data of almost 10 million Medibank customers.
Cybercrime detective Chris McNaughton has spoken out following hackers’ threat to release customer data within 24 hours if a ransom demand is not met.
“It looks … really quite sophisticated on the outside,” McNaughton shared A current affair.
READ MORE: “Sexy video” at the center of the dispute between radio host and cleaner
“But when you start drilling down, it really has the hallmarks and fingerprints of some well-known Russian groups.”
As a cybercrime detective, McNaughton said that while he could never see the suspects, he could tell exactly what they were up to.
Now running his own security firm, he believes the group that hacked Medibank is a cybercrime group that shut down late last year, and got away with the method and digital fingerprints it left behind.
READ MORE: The disability insurance company calls itself one of the unluckiest lottery winners
“It looks like they’ve re-emerged and reinvented themselves,” he said.
“While we will never be completely sure exactly how the attack unfolded, what we do know is the type and the trend, the ransom and the way they have … the timing is very similar to what this group has used in the past.”
The cybercrime detective said the people behind attacks can be isolated, but they can often work with others who have their own specialisms.
READ MORE: How “a bit of fun turned into a nightmare” for mum who visited a fortune teller
“So you can have two or three groups,” McNaughton said.
“One group may be very good at phishing emails, one group may be very good at social engineering, one group may be good at compiling malware.
“So these groups often come together and they use their specialties, and that may be because they’ve worked together in the past.”
He said cybercriminals operate, advertise and work together on the dark web and can be very difficult to reach.
“Those groups, when they play together, they’re a very powerful force,” McNaughton said.
“They’re very difficult to get to, for law enforcement and other agencies to shut down completely, so they’re very problematic.”
The Medibank threat escalated this morning when an image was posted on a website linked to Russian-backed cybercriminal group REvil.
The post quoted the Chinese philosopher Confucius, with a meme using video game characters from Nintendo’s Mario franchise.
The quote they posted said, “A man who has made a mistake and does not correct it, makes another mistake.”
McNaughton believes the meme and quote were posted as a last ditch effort.
“They have notified Medibank that they have this data, Medibank has stood firm and decided not to pay the ransom, which is the right thing to do, both for their interests and the interests of Australian companies,” he said.
“They’ve talked about selling Medibank shares, for example, so they’re trying to exert some power with what they still have over Medibank.”
The cybercrime detective said he does not think the Australian Federal Police will be able to do much to convince the hackers not to release the information.
Unfortunately, McNaughton believes the latest demand will not be the last for those whose information was taken.
“They (the hackers) will get whatever value they can out of it,” he said.
“So if it’s not ransom, they’ll move on to a second phase, which is probably to use it for various scams.
“They may resell some of the information.”
Once the 24 hours are up, it may be clearer whether or not the hackers will follow through on the threat, but McNaughton said it’s an “evolving beast”.
“We are always one step behind the attackers unfortunately,” he said.
Aussies are issuing warnings after falling victim to these scams