Qantas hackers delay release of stolen data after key website shutdown by FBI
Cyber criminals threatening to leak Qantas customer data have pushed back their deadline after US authorities seized one of their key websites.
The cyber criminals claiming responsibility for the Qantas attack, appear to have pushed back their deadline for posting data stolen from dozens of companies after US law enforcement agencies seized one of their leak sites.
Messages attributed to the group known as Scattered Lapsus$ Hunters indicated they were now targeting 11.59pm New York time on October 11, or 3pm AEDT Saturday.
It follows the intervention of the FBI and Department of Justice, to shut down the publicly accessible data leak site BreachForums on Friday.
The group had threatened to post on October 10 more than a billion records stolen from customers of software provider Salesforce which has said it will not negotiate with the hackers or pay any ransom.
Personal details of 5.7 million Qantas customers are included in the threatened data leak, following an attack on a database used by the airline’s Manila call centre in June.
Tenable senior staff research engineer Satnam Narang said the darknet version of the group’s site, accessible using The Onion Router network, remained online.
“There’s some speculation that it may also be seized by law enforcement but it remains unclear,” said Mr Narang.
The dark web site warned the deadline was approaching, and repeated a threat to “publicly disclose your data if no contact is established”.
“If Salesforce does not engage with us to resolve this, we will completely target each and every individual customer of theirs listed below. Failure to comply will result in massive consequences,” said the site.
Regarding Qantas, the group comprising of Scattered Spider, Lapsus$ and ShinyHunters, said “we highly advise you (to) proceed into the right decision”.
“Your organisation can prevent the release of this data, regain control over the situation and all operations remain stable. We highly recommend a decision-maker get involved as we are presenting a clear and mutually beneficial opportunity to resolve this matter,” said the threat.
Field chief information security officer at cybersecurity company Sophos, Aaron Bugal, said the cybercriminals talked a “big game” but were running out of places to hide.
“They posture, threaten, and demand ransoms. But their bravado doesn’t change the fact that global law enforcement is watching — and closing in,” said Mr Bugal.
“Groups like this live fast, but they’re now running out of places to hide. Their relentless disregard for the law and victimising of organisations has brought well-deserved heat.
“This isn’t over. But for now, their countdown clock just hit a glitch.”
Qantas has a Supreme Court injunction preventing the release or publication of the data but the airline is helpless to stop criminal groups from trading the information on the dark web.
Mr Narang said paying a ransom was not a smart move, and not in line with “many governments and law enforcement agencies’ policies”.
Details compromised by the social engineering attack on a Qantas customer database provided by Salesforce included names, phone numbers, addresses, emails, birthdates, gender, frequent flyer numbers, points balances and status tiers.
No financial or passport details were stored on the database of 5.7 million customers used by the airline’s Manila call centre.
Qantas continued to warn customers “to be vigilant to any misuse of their personal data” with cyber criminals capable of crafting the data into sophisticated phishing scams.
Already many frequent flyers have been subjected to such targeted scams, including fake offers of “cash back for soon-to-expire points”.
Qantas has reminded customers it will never contact them requesting passports, booking reference details or sensitive login information.
More Coverage
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout