Victorian courts hack: fears for victims and informants

Cyber criminals may have accessed sensitive evidence given by rape and child abuse victims, police informants and covert officers after hacking into Victoria’s court system, lawyers warn.

David Murray and Rachel Baxendale

4 min read

11:08AMJanuary 02, 2024.

Updated 8:19PMJanuary 02, 2024

Russian hackers are suspected to be behind a ransomware attack on the Victorian court system.

Cyber criminals may have accessed sensitive evidence given by rape and child abuse victims, police informants and covert officers after hacking into Victoria’s court system, lawyers warn.

Russian hackers are suspected to be behind the ransomware attack that Victorian authorities say potentially involved unauthorised access to a broad range of recordings of criminal, civil and coronial hearings over at least two months.

The Victorian court hack is the latest in an escalating barrage of cyber breaches at major organisations.

Melbourne barrister Robert Richter KC said courts held extremely sensitive information that also protected the identities of informants and covert operations. “I imagine the most important would relate to cases in which pseudonyms are recorded in a traceable way,” Mr Richter said.

“It’s not so much about the demand for ransom, as it is about any leaks to the black net which would enable people who want to trace either complainants or witnesses to whom pseudonyms have been given. I only hope that none of the information that has been downloaded makes its way to nefarious contacts.”

Criminal defence lawyer Bill Potts said the “disturbing” cyber breach could put lives at risk and raised serious questions about the security of court information.

Courts were often closed to the public for evidence about sexual assaults and offences against children, he said.

“Witnesses would be living in fear,” Mr Potts said.

St Vincent's Health Australia working to contain data breach after cyber attack

He added: “If you can hack it, there’s always the danger they can alter the details. I would hate to see a situation where hackers were able to get into the system and wipe people’s criminal records, alter the details of trials or publicise matters of significant sensitivity. You have victims of crime giving evidence about the worst moments in their life.”

Audio and video recordings of hearings in the Supreme Court, County Court, Magistrates Court, Children’s Court and Coroners Court may all have been accessed to varying degrees between November 1 and December 21 last year. Court Services Victoria was alerted to the cyber security incident on December 21, but only released a statement on Tuesday.

Court Services Victoria chief executive Louise Anderson said: “Our current efforts are focused on ensuring our systems are safe and making sure we notify people in hearings where recordings may have been accessed.

“We understand this will be unsettling for those who have been part of a hearing. We recognise and apologise for the distress that this may cause people.”

Cyber security expert Robert Potter said that, on the dark web, the Qilin ransomware group had claimed responsibility for the attack. “The particular group is Russia-based, recruits its membership in Russian and operates in Russian, so fairly confident saying it was a Russian ransomware group,” he said. “When you don’t pay the ransom, they just start trying to leak your data. They’ve hit Australian companies before.”

Cyber security expert Robert Potter. Picture: Bloomberg

CyberCX executive director of cyber security Katherine Mansted says the Australian economy is being hit hard across multiple sectors.

Qilin offers ransomware to affiliates in exchange for a cut of extorted funds, and does not target Russia-aligned states.

Mr Potter suspects the hackers gained access to the court network through a “phishing” attack on staff using emails with malicious attachments or links.

“It’s like a double extortion attack: with the first part, they lock up the data; then on the second, they try and sell the access back to you and delete it if you don’t pay the ransom,” he said.

Katherine Mansted, executive director of cyber security firm CyberCX, said recent attacks on the courts and health care sector showed the scale and intensity of the problem facing businesses and organisations.

“This is not something that just affects the big end of town; it’s not something that just affects small organisations that have obvious insecurities,” Ms Mansted said. “It’s something that is hitting the Australian economy hard across multiple sectors.”

The security breach follows a hack of the St Vincent’s Health network of hospitals and aged care facilities in December and cyber attacks on organisations including Medibank and Optus.

Cyber criminals known in the industry as “big-game hunters” focused on targets they thought would deliver the highest return. Others went for “easy wins”, attempting to extort businesses and organisations wherever a weakness could be exploited to deploy ransomware or steal data.

“The result of all of that is that we see a huge amount of cybercrime across the economy,” Ms Mansted said. “Some of it we see in media reports like this; some of it is disclosed to the public, particularly where it affects citizens’ data or where it results in obvious disruption to businesses, and some of it isn’t.

“It’s a bit like an iceberg. What we see is just the tip of a pretty broad and systemic problem.”

Ms Anderson said a contact centre had been established for people seeking further information or assistance. All relevant authorities were notified, and Victoria Police’s cybercrime squad is investigating.

“The cyber incident led to unauthorised access leading to the disruption of the audio visual in-court technology network, impacting video recordings, audio recordings and transcription services,” Ms Anderson said. “CSV took immediate action to isolate and disable the affected network.”