"Cowardly" hackers infiltrate Australia's disaster alert system
Stolen login credentials were used to send out a false emergency message
A hacker was able to send out false emergency texts, emails and landline messages across Australia after gaining access to the country's early warning system.
The message sent out on Friday announced that the country's Early Warning Network (EWN) had been hacked and that personal data was vulnerable as a result, advising users to unsubscribe from the state-run service. It's believed a criminal had illegally obtained login credentials and was attempting to damage user trust in the service, rather than steal personal data.
The EWN is an information communication system that alerts the general public to natural disasters and imminent threats. Last month the service was used to alert residents in central Queensland during a devastating spate of bushfires.
The EWN said its staff were quick to identify the attack and shut down the messages early, but it's believed thousands of citizens may have received the alert.
"The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers," the company said in a Facebook post. "The link used in this alert were non-harmful and your personal information was not compromised in this event. Investigations are continuing with the Police and Australian Cyber Security Centre."
Despite the links in the message, these are in fact legitimate support websites and therefore users were not at risk of phishing attacks. There is also no indication at this stage that the hack was financially motivated. Speaking to ABC.net, EWN managing director Kerry Plowright said the breach is about ruining the service.
"This event did not compromise anybody's personal information," he said. "The actual data held in our system is just 'white pages'-type data, we deliberately don't hold any other personal information. The purpose of that notification from the person that sent it was to damage this business. It was malicious."
Acting Gladstone Mayor Chris Trevor referred to the malicious actors as cowards for infiltrating a system that saved lives.
"We fear that residents will now unsubscribe to a system that is so imperative when it comes to preserving life," he said. "There was no doubt that early warning system saved lives.
"Sadly we now have a coward or cowards who have attempted to infiltrate that system."
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now