Telecommunication

Optus hack ‘not highly sophisticated’

June 20, 2024
17 1 minute read
Untitled design6
f76b3fcd71b22f3e8ed8c71c3a0df89e.jpeg


Australia’s telecommunications watchdog has alleged Optus could have fixed a simple coding error four years before hackers were able to steal personal details of millions of customers.

In a claim published by the Federal Court on Wednesday, the Australian Telecommunications and Media Authority (ACMA) outlined how it alleged the September 2022 cyber attack took place and the failures of Optus to notice or fix the vulnerability.

About 9.5 million current and former customers were caught up in the breach, with personal information including names, dates of birth, phone numbers and email addresses exposed over three days.

The personal details of about 10,200 people were subsequently published on the dark web.

BUDGET IMAGESBUDGET IMAGES

The telecommunications and media authority alleges the hackers exploited the error in a simple process. Picture: NewsWire / Damian Shaw

The ACMA, which launched legal action against Optus in May this year, alleges a coding error in September 2018 left a dormant web API vulnerable when it became internet acceptable in June 2020.

It’s alleged Optus identified it’s main website was vulnerable and fixed the error in August the following year, but did not notice the same issue affected the second system.

“The target domain was permitted to sit dormant and vulnerable to attack for two years and was not decommissioned despite the lack of any need for it,” the filing reads.

“The cyber attack was not highly sophisticated or one that required advanced skills … it was carried out through a simple process of trial and error.”

PEOPLE on THEIR PHONESPEOPLE on THEIR PHONES

Current and former customer data was exposed until 3.45am on September 20, 2020. Picture: NCA NewsWire / Christian Gilles

The Authority alleges Optus had the opportunity to identify the coding error at several stages in the preceding four years before the breach.

The ACMA is seeking penalties, alleging Optus breached the Telecommunications Act at least 3.6 million times — the estimated number of active Optus subscribers at the time.

If proven, each breach carries a penalty of up to $250,000, resulting in a theoretical maximum of $900 million.

Optus has previously declared its intent to defend the proceedings, saying it had previously apologised to customers and reimbursed the cost of new identity documents.

The case will next return before Justice Jonathan Beach in September for a case management hearing.



Source

June 20, 2024
17 1 minute read

Related Articles

Sam Altman Says OpenAI Doesn’t Fully Understand How ChatGPT Works

Sam Altman Says OpenAI Doesn’t Fully Understand How ChatGPT Works

May 30, 2024
DCDT overhauls radio frequency spectrum policy

DCDT overhauls radio frequency spectrum policy

June 2, 2024
Telecommunications Secretary Dr Neeraj Mittal Says Sustainable Development, Driven by AI Will Require Technology Deployment Across Economic and Social Sectors

Telecommunications Secretary Dr Neeraj Mittal Says Sustainable Development, Driven by AI Will Require Technology Deployment Across Economic and Social Sectors

May 18, 2024
[Bills in Focus] Network usage fees, consumer protection from foreign online platforms

[Bills in Focus] Network usage fees, consumer protection from foreign online platforms

April 15, 2024
Back to top button