The devastating Optus and Medibank breaches have driven the government to create a formal joint standing operation that will unite 100 AFP and Australian Signals Directorate experts to ferret out the “scumbags” operating ransomware and cybercrime syndicates.
Aiming to put the government on the front foot in investigating cyber crime, the new Joint Standing Operation Against Cyber Criminal Syndicates (JSOACCS) will see cyber experts proactively working to collect intelligence about cybercrime gangs that can be used to disrupt their operations, anywhere in the world.
Noting that the recent Optus and Medibank breaches “have shown the extent of the damage that can be done by malicious actors,” Attorney-General Mark Dreyfus said in a statement, the new JSOACCS “will ensure the full powers of the AFP and ASD are brought to bear to stop such incidents before they start.”
Creation of the taskforce “sends an important message to criminals and hackers intending to do harm,” Dreyfus said, noting that the new team “will prioritise targets based on the harm they can cause and the threat to our national interests.”
“Where incidents do take place, it means that cybercriminals will be hunted down and their networks disrupted,” he said.
“Australia will fight back.”
The work done by JSOACCS will complement existing initiatives such as the global Counter-Ransomware Initiative (CRI), which will be hosted by the Department of Home Affairs Cyber and Critical Technology Coordination Centre and co-ordinate a range of international stakeholders to fight ransomware.
With authorities from 37 countries on six continents involved, the CRI – whose members met weeks ago in a formal summit to evaluate the initiative’s progress to date – has committed member states to “using all appropriate tools of national power” to hold ransomware actors accountable for their crimes and deny them safe haven.
Among the action items from the recent summit was the creation of a voluntary International Counter Ransomware Task Force (ICRTF) focused on improving “early warning capabilities”, preventing attacks, consolidating policy, and developing best practice frameworks.
Designed to complement this work, the new JSOACCS will see around 100 officers from the two organisations committed full-time to “hunt down the scumbags who are responsible for these malicious crimes against innocent people,” Minister for Home Affairs Clare O’Neil said during a recent press conference.
“It is beyond doubt now that this is a crime type that will continue in our country,” she said, “so today we’re putting cyber criminals on notice…. The smartest and toughest people in our country are going to hack the hackers.”
“From now on, cyber criminals will be a constant and enduring target for our agencies.”
Tacking into the wind
Criminal groups have already stepped up their attacks against Australian organisations – which are seen as prized targets defended by unprepared executives – and recent signs confirm that cyber assaults are mirroring real-world conflicts.
Coming just days after the government pinned the Medibank hack on Russian cyber criminals, the decision to take Australia’s fight to global cyber criminals is sure to see the JSOACCS team’s hands full.
Despite pointing the finger, Australian authorities expect cooperation from Russia – which, Dreyfus noted, “remains a member of Interpol… it’s absolutely appropriate that Russia do all that it can to ensure that people who are within its borders are not engaging in this kind of criminal activity.”
Although he stopped short of threatening diplomatic retaliation if Russia does not co-operate, Dreyfus said that the Australian Government “is looking hard at Russia’s diplomatic profile in Australia and all options remain under consideration.”
The government’s pivot comes on the heels of massive, damaging breaches that have exposed confidential information about millions of Australians held by Optus, Medibank, myDeal, MedLab Pathology, real estate firm Harcourts, the ADF, and other victims.
Medibank’s attackers, in particular, have made retribution inevitable by engaging in conduct that is “beyond the pale”, O’Neil said, referring to the threats and eventual publication of individual Australians’ confidential medical histories.
“I don’t think any leader of any country around the world would condone this activity,” she said, “and surely they will legitimately seek the help of other countries around the world if it happened to them.”
Australia’s offensive cyber security capabilities were a matter of speculation only until 2016, when then Prime Minister Malcolm Turnbull confirmed a “significant cyber intrusion” against the Bureau of Meteorology and later revealed that government cyber experts were supporting military operations in Iraq and Syria.