Thursday, July 09, 2020

The Implications Of This Sort Of Penetration of MyGov Is Not Good.

This appeared a day or so ago.

Hacked: Thousands of MyGov accounts for sale on dark web

Ronald Mizen Reporter

Jul 3, 2020 – 10.10am

Logins for more than 3600 MyGov accounts are for sale on the dark web, potentially exposing thousands of Australians to fraud and identity theft.

The MyGov accounts are among a list of more than 150,000 hacked ".com.au" logins available for sale on dark web marketplaces, where logins are sold for as little as a few cents and as much as several hundred dollars.

Thousands of MyGov logins are for sale on the dark web. “The data can be used by an attacker for various malicious activities, depending on the attackers' motives," said Elad Ezrahi. 

MyGov, which was launched in 2013, acts as a portal to a range of sensitive government services including the Tax Office, Centrelink, Medicare, the National Disability Insurance Scheme and My Health Records.

"Each member service has its own fraud detection capabilities," Services Australia general manager Hank Jongen said, adding services had to be connected to a person's MyGov account to be accessible.

Mr Jongen said while he would not comment on "specific cyber operations", Services Australia was "provided with intelligence that details ongoing activity on the dark web".

The compromised accounts were detected by Israeli intelligence firm KELA, which specialises in dark web threat intelligence and offers its clients a real-time dark web search engine called Darkbeast.

KELA threat intelligence team leader Elad Ezrahi said the MyGov accounts were extracted from more than 2000 compromised computers, or "bots". Botnets are networks of compromised machines controlled by a single actor.

"The threat actors behind these platforms probably obtain this data either by running their own botnet infrastructure … or by buying compromised credentials from other actors," Mr Ezrahi said.

"The data can be used by an attacker for various malicious activities, depending on the attackers' motives.

"For example, an attacker who purchases a bot, with compromised account/s for the my.gov.au portal, can use the victim's data for identity theft, and conduct various fraudulent activities."

Mr Jongen said if people suspect their MyGov accounts have been compromised, they should contact the Scams and Identity Theft Helpdesk.

"This team can quickly revoke an account and unlink member services to prevent further access," he said.

Logins seen by The Australian Financial Review include banks, government services, telcos and ecommerce stores. The most recent data was from late May 2020. For legal reasons no data was purchased to confirm authenticity.

The coronavirus pandemic has proved a boon for hackers as millions of employees moved to remote-working, with intelligence firm Cybel reporting more than 500,000 Zoom accounts are available for sale online.

Privacy Affairs Dark Web Price Index reveals the average prices for a range of products for sale on the dark web, including forged passports ($US1500), driver licenses ($US550), credit cards ($US35) and email accounts ($US155).

More here:

https://www.afr.com/politics/federal/hacked-thousands-of-mygov-accounts-for-sale-on-dark-web-20200701-p55833

Of course MyGov access is all you need to browse the #myHR so I reckon if the #myGov is breached then the #myHR has a hole and the Privacy Commissioner should demand a remedy ASAP.

The idea of having a central portal  controlling access to the #myHR seems like a flawed idea after this revelation.

What do you think?

David.

No comments:

Post a Comment