By Cameron Houston, David Swan and Lachlan Abbott
Sex abuse victims and underworld informers could be at risk of exposure after hackers gained access to a part of the Victorian court system archive that includes video recordings provided under witness protection and at trials protected by suppression orders.
The compromised records include key evidence from a murder trial involving a Melbourne underworld figure that is the subject of a strict suppression order.
Court Services Victoria chief executive Louise Anderson confirmed on Tuesday that the statutory body had discovered on December 21 that cybercriminals had accessed the audiovisual archive of the state’s court system.
CSV notified the public only on Tuesday, after media reports were published. It said it took immediate action to disable the network and notify the relevant authorities, but it took time to establish which recordings and transcripts were affected.
“Recordings of some hearings in courts and tribunals between November 1 and December 21 may have been accessed,” Anderson said in a statement. She also conceded that some hearings before November could have been hacked, but said potential access was confined to recordings stored on the CSV network.
CSV is the latest Australian organisation to fall victim to a cyberattack, after ransomware group DragonForce last week claimed to have stolen 95 gigabytes worth of data from probiotic drink maker Yakult, according to the group’s blog on the dark web.
CSV said it would begin notifying people whose hearings might have been accessed.
“We understand this will be unsettling for those who have been part of a hearing,” Anderson said. “We recognise and apologise for the distress that this may cause people.”
Cybersecurity specialists speculate that the CSV hack is probably the work of Russian ransomware group Qilin or one of its affiliates. Qilin to date has primarily targeted critical sector companies, and its attacks typically involve the use of phishing emails with malicious links to gain access to targets, followed by the encryption and theft of sensitive data.
A prominent criminal barrister, who asked not to be identified because of the possible impact on their legal practice, said the potential release of any witness evidence, particularly from trials protected by strict suppression orders, could have “dire implications” for the administration of justice.
“This is obviously a problem for the courts, and you have to wonder why it’s only been made public almost two weeks after they [Court Services Victoria] became aware of it,” the barrister said.
“There will be some witnesses, who have agreed to give evidence on the condition of anonymity, who will be very nervous, but you also have victims of sex crimes in the County Court, who could potentially have private, intimate details of their assaults released.”
The barrister was not aware of anyone who had been contacted by CSV over the breach.
Actor Madeleine West, who gave permission to the court to identify her as a victim of Peter Vincent White, said she was deeply distressed that recordings of confidential evidence from his recent trial in the County Court could now be in the possession of hackers.
White, 73, was handed a 15-year prison sentence on December 20 over the abuse of seven children between 1977 and 1978. West, who read out her victim impact statement in the County Court on December 5, said the security breach could discourage other victims of sexual assault from providing evidence.
“It obviously doesn’t change my position, but I know there are other people involved in that case who would never have spoken out had they been aware of this vulnerability,” she told The Age.
“We all provided the court with deeply personal evidence, which caused further trauma. It was done on the condition that this information would be treated with the strictest confidentiality. My fear is that this will dissuade other victims from making disclosures, without which the prosecution of some of Victoria’s most heinous criminals will not be possible.”
Anthony Bekker, the co-founder and managing director of Biztech Lawyers, said the attack was extremely concerning.
“The sensitivity of our industry’s client data rivals that of the healthcare industry,” Bekker said.
“Thankfully, these events are rare compared to other industries as we take cybersecurity very seriously. It’s also encouraging that the courts’ workload doesn’t appear to have been disrupted. Cyberattacks frequently shut businesses down for weeks, if not months.”
Bekker said the incident underlined the need for Australia to switch to a regime like the European Union’s General Data Protection Regulation, in which every company and institution has to examine their data practices.
Other recent high-profile cyberattack victims include ports operator DP World, St Vincent’s Health, Medibank and Optus. The rate of cyberattacks continues to climb: in its annual cyber threat report released in November, the Australian Signals Directorate said it responded to 143 incidents at critical infrastructure entities in the last financial year, up from 95 a year earlier.
The ransomware group Qilin, which operates on the dark web, primarily targets entities in critical infrastructure, education and healthcare and has targeted dozens of organisations across Australia, the UK, the United States and Canada.
“The Qilin ransomware gang might be Russian-based, but that does not mean it is Russian [government] controlled,” cybersecurity research group Cyberknow said in a statement.
“This is very likely an opportunistic attack by financially motivated operators and not targeting the Victorian government for any state objectives.”
The ABC reported on Tuesday that the attack was discovered when CSV staff received a message on their computer screens saying “YOU HAVE BEEN PWND”, and received threats to publish stolen files.
CSV said it had contained the breach and police were investigating.
Acting Premier Ben Carroll said he did not know who was responsible for the hack or how many people were affected, but said there was “no evidence to date that there will be any malpractice”.
The worst-affected courts were those that frequently hear serious criminal cases, including rape and murder trials requiring victim and witness anonymity for their safety. However, most hearings across the court system are not confidential.
CSV said all criminal and civil hearings recorded in the County Court from the start of November to December 21 were exposed. In the Supreme Court, all criminal division and court of appeal hearings recorded from December 1 to 21 may have been accessed.
In the Magistrates’ Court, only some recorded committal hearings were accessible.
The Children’s Court – which has strict rules prohibiting the identification of minors – was largely unaffected, except for one recorded hearing in October that may have remained on the network.
The day after the hack was discovered, magistrates were forced to talk to defendants on remand through laptops on their bench, rather than via the court’s standard video link.
No other court systems or records, including employee or financial data, were accessed.
Court hearings will proceed in January after CSV said it “took immediate action to isolate and disable the affected network”.
Get the day’s breaking news, entertainment ideas and a long read to enjoy. Sign up to receive our Evening Edition newsletter here.