Why Australia’s law enforcement is at risk of cyber attack
A hugely-successful approach to tackling cybercrime is being touted for Australia to keep up with the speed of the attacks.
Security
Don't miss out on the headlines from Security. Followed categories will be added to My News.
Exclusive: An anti-scam strike force made up of police and a string of big banks has disrupted more than 800 cybercrime scams overseas — and our consumer watchdog wants it replicated here.
The innovative Singapore policing model used robotic technology to trace and freeze funds and cryptocurrency, while warning thousands of customers by SMS at a time they may be being scammed, according to the Australian Competition & Consumer Commission’s (ACCC) submission to a parliamentary inquiry.
It wants the hugely-successful approach, that’s recovered 60 per cent of stolen funds, adopted by Australian police which it says can’t keep up with the speed of cybercrime.
The ACCC submission is one of more than 30 to the inquiry into the capability of law enforcement to respond to cybercrime, which has also been told more than half of Australians have been a victim and almost half of those who report the crime either hear nothing, back from authorities, or are told nothing could be done.
Other submissions have revealed Australian law enforcement responses to cybercrime, which costs Australia upwards of $31 billion a year, have been too slow, too ad hoc and uncoordinated, leaving police outsmarted and tactically inferior to savvy internet criminals.
Cybercrime experts have also warned cops need more training, resources, funding and the ability to share information more quickly to combat the “fastest growing crime-type” in the country.
Cyber CX chief strategy officer and former Australian Federal Police officer, Alastair MacGibbon said crimes that cross international borders – like drugs or human trafficking – usually become Commonwealth matters, but cybercrime, especially scams, are still largely treated as a local policing matter depending on where the victim lives.
It comes as the most recent meeting of the national Police Minister’s Council discussed opportunities for jurisdictions to “engage cooperatively to prevent, disrupt and respond to cybercrime”.
Cyberattacks in Australia are increasing and last year there was one attack every six minutes, according to the Australian Signals Directorate (ASD).
The reach of cybercrime was shown with the Medibank hack in 2022 which affected 14 times more people than all victims of robbery, unlawful entry and theft across the country.
The alleged mastermind, Russian hacker Aleksandr Ermakov, has been slapped with sanctions for his alleged role.
The parliamentary inquiry, which is due to hold public hearings in the next month, has been told that some State and territory police are lagging so far behind, their laws are out of date forcing them to use federal partners to search and seize digital devices, evidence and cryptocurrency.
“Given the speed at which technology continues to evolve, cybercrime is not static, with new exploits and tactics constantly being developed and deployed,” the Cyber Security Cooperative Research Centre’s CEO Rachael Falk said.
A submission by the organisation which administers the au domain names in Australia said with the exception of a small number of AFP officers, there is a lack of deep understanding within law enforcement about the internet ecosystem.
But there have been improvements in co-ordination between law enforcement with the AFP led Joint Policing Cybercrime Coordination Centre (JPC3) which targets high-harm and high-volume cybercrime and the AFP Cyber Security Strategy.
But more work needs to be done according to Destiny Rescue, an organisation fighting online sexual exploitation of children. It said many well-intentioned efforts were “uncoordinated, siloed and limited”.
“And the individual organisations are tactically inferior compared with their adversaries, who are continually exploiting new technologies,” it wrote.
EMERGING THREATS
Data poisoning attacks
An emerging global issue that could threaten all industries, government and private organisations using AI.
The “poisoning” is a deliberate and malicious input of wrong, fake or biased data when the AI systems are being trained – leading to the AI system making inaccurate connections.
Poisoned AI could enable attackers to bias-decision making leading to real life harms.
Vulnerable poor workers and corrupt officials in developing nations where a lot of data learning is being outsourced could be targeted by malicious parties willing to pay to skew AI systems.
Solar power supply – The silent cyber threat
Australia is speeding towards the adoption of renewable energy sources but there are new cyber security vulnerabilities being introduced through devices connected to the internet.
A targeted widespread attack aimed at solar systems could bring down an entire power grid which could result in a “black start” event – meaning it could take weeks to recover and get the electricity/power grid up and running again.
Dutch hackers revealed the vulnerability in the Netherlands and it could happen here, unless security loopholes are fixed.
Source: The Cyber Security Research Centre
Deep Fake AI
Urgent laws are needed to ban the use of AI to create deep fake images depicting child exploitation etc.
More Coverage
Originally published as Why Australia’s law enforcement is at risk of cyber attack