Australia blames Russians for health insurance data theft

By ROD McGUIRK, Associated Press

CANBERRA, Australia (AP) — Moscow must be held accountable for Russian cybercriminals accused of hacking into Australia’s largest health insurer and dumping customers’ personal medical records on the dark web, officials said Friday. Australians.

The Australian Federal Police have taken the unusual step of assigning responsibility for the unsolved cybercrime that resulted in the theft of the personal data of 9.7 million current and former Medibank customers.

A group of “loosely affiliated cybercriminals” operating as a business in Russia were likely responsible for the Medibank attack as well as other major security breaches around the world, Australian Federal Police Commissioner Reece Kershaw has said.

“We think we know which people are responsible, but I won’t name them,” Kershaw told reporters. “What I will say is that we will be having interviews with Russian law enforcement about these individuals.”

Prime Minister Anthony Albanese, who is a Medibank customer whose personal data was stolen, said he had authorized police to reveal the origin of the attack.

“We know where they’re coming from, we know who’s responsible and we’re saying they should be held accountable,” Albanese said.

“The country where these attacks originated should also be held accountable for the disgusting attacks and the disclosure of information, including very private and personal information,” Albanese added.

An official from the Russian Embassy in Australia could not immediately be reached for comment.

The extortionists have been linked to the high profile Russian cybercrime gang REvil, short for Ransomware Evil and also known as Sodinokibi.

Russia’s Federal Security Service said in January that REvil “ceased to exist” after several arrests at the insistence of the United States.

An old dark website REvil had started redirecting traffic to a new site hosting stolen Medibank data.

Fergus Hanson, director of the cyberpolicy center at the Australian Strategic Policy Institute think tank, said he was not surprised the criminal gang was based in Russia.

A Medibank employee’s stolen username and password, which gave hackers access to the company’s database, had been sold on a Russian dark web forum, Hanson said.

Hanson doubted that the culprits operating in Russia would be brought to justice.

But Australia could use its offensive cyber capabilities against the gang in Russia and prosecute its affiliates, which police suspect are operating in other countries.

“It is possible to carry out operations against the group to disrupt their operations, but in terms of seeing them go to jail or appear in court, I think that is quite unlikely,” Hanson told Australian Broadcasting. Corp.

Cybercriminals dumped personal medical records on the dark web for a third day on Friday, this time focusing on alcohol-related illnesses, as they pressured Medibank to pay a ransom.

Criminals on Wednesday began clearing customer records, including those involving HIV and drug treatment, which they described as a “naughty” list, after Medibank ruled out paying a ransom for the return of hacked data.

Attention focused on the terminated pregnancies in the dump Thursday and Friday on conditions linked to harmful levels of alcohol consumption, in a dossier the thieves called “boozy”. The medical treatment records of more than 700 customers have been released through Friday in what has been described as Australia’s most pervasive cybercrime.

Other personal details of many other customers have also been made public, which could make them vulnerable to identity theft or fraud, including phone numbers and email addresses.

Confirming the third dump, Medibank CEO David Koczkar said his company was contacting exposed customers and offering assistance. He expected the daily discharges to continue.

“The relentless nature of this tactic used by the criminal is designed to cause distress and harm,” Koczkar said.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking treatment,” he added.

The gang, increasingly known as BlogXX in cybersecurity circles, accused Medibank of failing to pay a $9.7 million ransom demand.

“But we warned you. we always keep our word, if we do not receive a ransom – we should publish this data, because no one will believe us in the future,” they posted on Friday.

Kershaw said Australian government policy does not condone paying ransoms to cybercriminals.

“Any ransom payment, big or small, fuels the cybercrime business model, putting other Australians at risk,” Kershaw said.

Australian authorities hope the data will remain confined to the dark web and will not be released to a wider audience through social media or reported in detail by the media.

Albanese urged anyone to access the data.

“We need to deter this kind of criminal, disgusting and reprehensible behavior,” Albanese said.

“It is causing a lot of distress in the community. The government recognizes this and we are doing everything we can to limit its impact and provide this support to people going through this difficult time,” Albanese added.

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.