But Canada is just cold Australia, why would they want to hurt us?!
They scream cyber attack every time any of their services see a small uptick in usage, like the social services website Centrelink did, when the lockdown/ job losses started. I'm going to assume it's incompetence on their side, for now.
Looking into it more, ACSC has posted a serious advisory [0], so it might be real this time. It's not a good look when the government screams cyber attack willy nilly though, because people get jaded, and think it's rather their own incompetence, again.
I didn't think most people would take my suggestion of Canada seriously. Obviously if it is actually a nation state, there's about a 90% chance it's China, considering all the statements they've put out regarding oz and the government recently.
> The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.
Surely adequate can fit into defending against common open source toolkits?
A quote from the PM "“We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used".
I didn't see open source toolkit mentioned in the article.
Hmm, a "sophisticated state actor" or a copy-paste script kiddy? Which one was it?
Copy-paste and open source was enough to get into the Australian Parliament, apparently our pollies simply can't resist the allure of larger penises and wealthy Nigerians in trouble.
Or maybe, just maybe, there is just the slightest possibility that this is all just a manufactured distraction from other issues...
These are the nincompoops who passed a law to backdoor everyone's encryption and nuke their own country's IT industry from orbit with a law that nobody wanted. What a surprise that they can't keep their own data secure.
You would hope the ACSC has been working furiously behind the scenes before anything got announced.
There's nothing sophisticated whatsoever about these attacks, it's quite strange to make a vague political announcement where everyone jumps to their own conclusions.
I think people jumping to conclusions is by design. In the context of the trade spat that is going on between Aus and China, "We're not saying it's China, but it's China"
Australian unemployment is essentially at 11% and youth unemployment is >25%. Both are going to trend higher this next quarter. I think it's a distraction from the poor handling of the recession. It's been pretty standard tack to ring the national security bell when ever there is a speed wobble from the government.
This will grab the news for the day so they can end the parliamentary week without the weekend news being about everyone lack of a job.
I can't really see any 4d chess moves from the Australian Government here.
There is an ongoing dispute between Australia and China and the motivation is most likely to drum up support for how the government is dealing with China (not explicitly blaming China is in fact loudly yelling IT WAS CHINA to anyone following the current narrative). There is also a chance it is to start blaming others for the shoddy National Broadband Network that the ruling party is responsible for and might be becoming a bigger issue with COVID-19 making more people aware of the problems, due to work and schools needing teleconferencing, and streaming services lowering quality to cope with the load.
Thank you! But I don't see anything in there that isn't normal attempted cybercrime. What Steve Gibson dubbed "Internet Background Radiation", the continual poking for vulnerabilities.
Not just "pushes", they have already passed a law where they can secretly force sysadmins to create backdoors for them under threat of 15 years jail, with no legal representation. No warrant necessary, just the approval of a retired judge. And no reporting. You can't make this shit up.
Stasi commandant Dutton has also recently introduced a bill to interrogate 14 year olds with no legal representation as well.
I don’t understand what’s going on in Australia. Why are there so many draconian spying and privacy invasion laws there? When I think of countries affected by terrorism, Australia isn’t the one that comes to my mind. So, what’s the justification behind all of this?
Some combination of "the children!!" And while we aren't the centre of terrorism, that doesn't stop the "encryption promotes terrorism" idea that so many ill informed people seem to have.
In $currentyear, I don't see how even the most tech illiterate employees can't get lessons in phishing prevention along with having sysadmins who are ahead of the curve.
Getting reasonable levels of protection isn't hard to achieve, but they are hard to justify the cost of to execs.
The Aus Government has a good guide called the "Essential Eight" for reducing risk. It's a good starting point for businesses, and is pretty much universal advice, not just applicable to government departments: https://www.cyber.gov.au/publications/essential-eight-explai...
I wonder if we'll ever see letters of marque for cyber offense. It feels a bit like it's already the de facto situation in some countries because they just don't investigate.
>Government sources say China is behind the attack and Mr Morrison refused to shut down speculation that the nation was the “sophisticated state-based actor” behind the attack. Refusing to name the foreign entity, the Prime Minister stressed investigations were continuing by the Defence Signals Directorate and law enforcement agencies.
Aren't they the ones who passed an anti-encryption law? Gee, imagine thinking they care about security, they never seemed to care about it before with all the breaches and attacks which hit on a regular basis.
60 comments
[ 4.5 ms ] story [ 119 ms ] thread> Regrettably, this activity is not new. Frequency has been increasing.”
There is nothing new in the announcement, it's a many months old incident in a decade long Chinese cyber breaches.
It's announced today in what seems like a weak volley back in the reshuffle of trade with China post C19.
They scream cyber attack every time any of their services see a small uptick in usage, like the social services website Centrelink did, when the lockdown/ job losses started. I'm going to assume it's incompetence on their side, for now.
EDIT: 95,000 users is all it took, apparently: https://www.itnews.com.au/news/minister-backflips-on-mygov-d...
Some further information here: https://www.cyber.gov.au/threats/advisory-2020-008-copy-past...
[0] https://www.cyber.gov.au/threats/advisory-2020-008-copy-past...
> The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.
Surely adequate can fit into defending against common open source toolkits?
I didn't see open source toolkit mentioned in the article.
Copy-paste and open source was enough to get into the Australian Parliament, apparently our pollies simply can't resist the allure of larger penises and wealthy Nigerians in trouble.
Or maybe, just maybe, there is just the slightest possibility that this is all just a manufactured distraction from other issues...
These are the nincompoops who passed a law to backdoor everyone's encryption and nuke their own country's IT industry from orbit with a law that nobody wanted. What a surprise that they can't keep their own data secure.
There's no contradiction between those two things.
That's pretty brave. What's your IP address?
Considering that it is a generic ‘we are under attack’.
The Prime Minister doesn’t usually hold press conferences like this unless there is a good reason.
There's nothing sophisticated whatsoever about these attacks, it's quite strange to make a vague political announcement where everyone jumps to their own conclusions.
I can't really see any 4d chess moves from the Australian Government here.
Or ever, at least from any of the parties we have contending for power right now... But "how good is coal?" :sigh:
(I assume you're the Gonzo who's sharpening up a nice knife for this weekend? ;-) )
Justifying spending millions of dollars on more bureaucracy .
https://www.cyber.gov.au/threats/advisory-2020-008-copy-past...
- Update
- Use 2fa
Stasi commandant Dutton has also recently introduced a bill to interrogate 14 year olds with no legal representation as well.
Bloody scary what's happening here.
In $currentyear, I don't see how even the most tech illiterate employees can't get lessons in phishing prevention along with having sysadmins who are ahead of the curve.
Getting reasonable levels of protection isn't hard to achieve, but they are hard to justify the cost of to execs.
Even better: use u2f
My take on the E8: https://blog.congruentlabs.co/essential-eight-essentially/
https://www.news.com.au/technology/online/security/cyber-att...
>9News political editor Chris Uhlmann said China was behind the attack.
https://www.9news.com.au/national/cyber-attack-australia-sco...