How Medibank joined Optus in hack hell

Ten days after Medibank first detected a hack, which has put the most personal health information of a million customers at risk of exposure, clues are starting to emerge about how the hackers got in.

Logs obtained by cybersecurity researchers and seen by The Sydney Morning Herald and The Age indicate someone with access to internal Medibank systems had their company login credentials stolen from their web browser. The credentials were stolen some time around August 7.

The Medibank hack may be even more severe than the Optus breach.

The Medibank hack may be even more severe than the Optus breach. Credit: Getty Images / Louise Kennerley

Such thefts are common and the stolen credentials often find their way to data exchanges, which this masthead has chosen not to name to avoid drawing attention to them. These exchanges serve as marketplaces, where criminals offer stolen data for sale for as little as a few dollars in cryptocurrencies that are hard to trace.

Armed with the login information, a cyber criminal would have taken the first step to breaking into Medibank.

Medibank chief executive David Koczkar has confirmed an element of this thesis, though the company has emphasised its investigations are still ongoing. “We believe compromised credentials were used to access our systems,” he told bank analysts in a briefing on Monday.

Whether those were the August 7 set or others is unclear.

Medibank Private CEO David Koczkar apologised for the breach.

Medibank Private CEO David Koczkar apologised for the breach.Credit:

The “compromised credentials” idea gels with a message from the hackers that this masthead obtained earlier in the week. “We have 200GB sensitive data… from your RedShift Cluster. All source code from stash, confluence documentation, and keys for decrypting Credit Cards,” the hackers wrote.

That claim, which is unverified and thick with technical language, references two systems that a hacker would likely target within a company.

The first is Confluence, made by the Australian technology giant Atlassian. It is a ubiquitous tool that companies use to store essential documentation on how their computer systems work.

Jamieson O’Reilly, the founder of an Australian firm called Dvuln that companies pay to find IT vulnerabilities, said Confluence is his first port of call after getting into a client’s systems.

“We recently did a big engagement where we got into Confluence, and we spent about two weeks just studying the way the organisation worked through Confluence, and then we could launch further attacks,” he said.

The second system referenced by the hackers is RedShift, which is a data warehouse tool from the internet giant Amazon Web Services. It is where a company could store customer data of the kind the hackers now appear to have acquired.

A source familiar with the situation, but not authorised to speak publicly, said Amazon was aiding Medibank’s investigation. There’s no suggestion Amazon or Atlassian’s security systems were breached or that there are risks for either company’s tools.

Despite the apparent severity of the breach, Medibank spent last week emphasising that it had not found evidence of any customer information being stolen. As recently as Monday this week, Koczkar was using language that made the breach look minor.

Loading

“We have no evidence that there was any access to customer data, but that really is subject to our continuing forensic analysis,” Koczkar said as analysts peppered him with questions about what the hackers had seen.

“We can say definitively that there is no evidence that customer data has been removed from our systems,” he said at another point.

Koczkar defended Medibank’s communications on Thursday, after the severity of the breach became clear.

“Our investigation has been ongoing and as these incidents are, they continue to evolve,” he said. “From the start, I committed to share updates, right when they came to light. And previous statements had been very clear that they were point in time updates.”

Home Affairs Minister Clare O’Neil, who lambasted Optus’ miscommunications, has reserved her ire for the hackers in this case. She has not said a harsh word against Medibank and declined to say whether she classified the attack on the insurer as “sophisticated” – which has become a loaded word since the Optus hack – or not.

O’Reilly says assessing the severity of the hack will depend on how Medibank secured the stolen credentials or limited their use. If they were all that was required to access its systems, then the hack was more basic than the Optus breach, he said.

“Even a 16-year-old can go and get an account on [a stolen credentials site], search for an infected computer that has Medibank credentials saved on it, and then download or purchase those credentials for like 10 bucks and then login through the front door.”

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.

Most Viewed in Technology

Loading

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Jeff Goldblum on riding motorcycles—and feeling fear thumbnail

Jeff Goldblum on riding motorcycles—and feeling fear

A few moments into a new episode of “The World According to Jeff Goldblum” devoted to motorcycles, Goldblum recalls something his mother used to say about the two-wheelers: “Don’t ride a motorcycle—don’t do it—it’s a magic carpet to death, and, and, uh, misery.” “I’ve always found them kind of unnerving, to be honest,” he adds. …
Read More
The melting ice is deforming the Earth! thumbnail

The melting ice is deforming the Earth!

Lorsque les calottes glaciaires fondent, la croûte terrestre se déforme. De manière localisée, pensaient jusqu'alors les chercheurs. Mais des données satellite remettent aujourd'hui l'idée en question. Ces deux dernières décennies, la fonte de la glace arctique a provoqué une déformation importante de la croûte terrestre sur une grande partie de l'hémisphère Nord.Lorsque la glace fond, la…
Read More
Canadian government backs 2024 space accelerator in Southern California thumbnail

Canadian government backs 2024 space accelerator in Southern California

Mandala Space Ventures is a Pasadena, California, venture studio. In addition to incubating and accelerating startups, Mandala establishes startups. Through a venture arm, Mandala also invests in startups. SAN  FRANCISCO – Canadian space entrepreneurs seeking to raise $500,000 to $20 million are invited to join the 2024 SoCal-Canadian Space Accelerator. The two-month virtual accelerator is
Read More
Health authorities issue swimming alerts as intestinal parasite cases rise thumbnail

Health authorities issue swimming alerts as intestinal parasite cases rise

Key PointsNSW and Queensland have recorded 498 and 823 cases of cryptosporidiosis, respectively, in the past six weeks.The disease is caused by the cryptosporidium parasite, which can survive in chlorinated water for days.Symptoms include watery diarrhoea, stomach cramps, fever, nausea and vomiting.Health officials in Queensland and New South Wales are urging people with diarrhoea to
Read More
Aşı Karşıtı Podcast’leriyle Gündem Olan Joe Rogan'ın, Pandeminin Başlarında Aşı Karşıtlarıyla Dalga Geçtiği Video Ortaya Çıktı thumbnail

Aşı Karşıtı Podcast’leriyle Gündem Olan Joe Rogan’ın, Pandeminin Başlarında Aşı Karşıtlarıyla Dalga Geçtiği Video Ortaya Çıktı

ABD’li eski talk show sunucusu, şu anda podcast sunucusu olan Joe Rogan, son dönemde aşı karşıtı propagandalarla gündemde. Pandeminin başlarından kalma bir videoda ise Joe Rogan’ın o zamanlar aşı karşıtlığı yapmadığı görülüyor. Geçtiğimiz 2021 yılı içerisinde dünyanın en popüler Spotify podcast’i haline gelen ‘Joe Rogan Experience’ın sunucusu Joe Rogan, aşı karşıtlığı propagandalarıyla bolca gündeme geldi.…
Read More
Index Of News
Total
0
Share