A major hack on Victoria’s court systems was the first reported cyber attack on Australia’s justice system, but similar incidents overseas show criminals are increasingly targeting sensitive official information.
A suspected Russian ransomware hack led to the unauthorised access of video and audio recordings from multiple Victorian courts, including the state’s highest court, the ABC revealed this week.
Hackers have accessed recordings from Victoria’s Supreme Court, including the Supreme Court of Appeal, as well as the County, Magistrates’ and Coroners’ courts, and potentially one Children’s Court hearing.
While it is the first attack of its kind that has been reported publicly on home soil, dozens of hacks against court systems have taken place overseas, including in the US, Brazil, Chile and even at the International Criminal Court in the Hague.
The hackers are likely drawn to the courts due to the swathes of sensitive data, which they can try to extort for ransom payments, experts say.
Court Services Victoria (CSV) insists the illegal access in December was confined to video and audio recordings, while other court records like employee or financial data were not accessed.
CSV said it took “immediate action to isolate and disable the effected network” and said court operations and hearings in January would be proceeding.
CSV has not confirmed if it has received a demand for a ransom, how much money the hackers are asking, or who it believes is behind the attack, though one expert believes it is likely to be a “double extortion” Russian phishing attack.
‘Months, if not years’ to recover from attack, analyst says
Allan Liska is a Washington-based intelligence analyst and ransomware researcher with Recorded Future, a major US-based cybersecurity company.
He described the attack on Victoria’s courts as “pretty severe”.
“It will be likely months, if not years, to fully recover and to make changes to the system so that it doesn’t happen again,” Mr Liska said.
“So I do think there’s going to be a long-term impact from that.”
A ransomware attack involves an actor hacking into a network and encrypting files before demanding payment for their return.
A “double extortion” ransomware attack is where hackers “get in, encrypt files, and then also steal files,” Mr Liska said.
“Not only do they want you to pay to decrypt your files, but also to not have the stolen files published,” he said.
Government systems are particularly attractive targets to ransomware hackers because they hold valuable and sensitive data, which can be extorted for payments.
“They want to get the most sensitive data they can,” Mr Liska said.
“That’s why they go after hospitals, and just as patient data is very sensitive, court data is extremely sensitive.”
Also in December, hackers stole data from one of Australia’s largest not-for-profit hospital and aged care operators.
Meanwhile last March, a cyber attack on a third-party file transfer service led to student information held by the Tasmanian Department of Education being leaked online.
Security experts urge hack victims not to pay ransoms
Australia’s cyber safety watchdog, the Australian Signals Directorate (ASD), describes ransomware as the “most destructive cybercrime threat to Australians”.
It advises against paying ransoms because doing so does not guarantee data has been protected, or prevent future extortions.
The ASD said it responded to 127-extortion related incidents last financial year, 118 of them involving ransomware.
However, Alastair MacGibbon, cybersecurity expert and former head of the Australian Cyber Security Centre, said it appeared not all attacks were being reported to relevant authorities or the public.
“Some organisations are clearly not communicating with the public and their stakeholders the way they should,” said Mr MacGibbon, who now works in the private sector.
That means there may be previous hacks, or attempted attacks, on Australian governments or court systems that were not known about.
Mr MacGibbon also cautioned against paying ransoms.
“You don’t necessarily have to pay criminals and we would always recommend not,” he said.
Cyber attacks have power to leave court systems ‘temporarily incapacitated’
While Victoria’s was the first major reported hack on an Australian court system, cyber attacks on courts overseas have been proven to cause delays and in some cases, the publication of confidential documents.
Mr Liska said there had been about a dozen hacks on court systems in the United States in recent years.
One “sophisticated foreign cyber attack” on courts in Kansas in October last year “temporarily incapacitated” daily operations of the state’s appellate and district courts in 104 counties, according to a statement published by the Kansas Judicial Branch.
The hack forced many of the state’s courts to revert to paper filing, with court systems still being restored nearly three months later and hackers threatening to post stolen data to the dark web.
“This assault on the Kansas system of justice is evil and criminal … we express our deep sorrow that Kansans will suffer at the hands of these cybercriminals,” the seven justices of the Kansas Supreme Court said in a statement in November.
Mr Liska said it was not only US courts that had been affected, pointing to a massive 2020 Brazilian Supreme Court ransomware leak and courts in Costa Rica and Chile being targeted.
“So it’s a problem around the world,” he said.
In September last year, it was reported that the International Criminal Court, which investigates war crimes, had been hacked, with at least one prosecutor suggesting cyber attacks that disrupted the justice process could form part of future war crime investigations.
Mr Liska said Australia was clearly a target for ransomware hackers — and disproportionately so compared to the size of its population.
However, he said, the fact that this was the first known major attack on its court systems was welcome news.
“Australia invested fairly heavily in improving their court systems and they’re more centralised than the US. The US has literally hundreds of different court systems, which makes them a little easier to target,” he said.
Mr MacGibbon agreed that while Australian businesses and organisations were being targeted, they were somewhat protected.
“In my view, after the last 20 or so years in this space, I can say that Australian businesses and Australian governments are about as well protected as those of their peers in the first world countries,” he said.
Government agencies, courts, unlikely to pay ransom demands
Mr Liska said he was not aware of any cases where US courts had paid ransom payments following cyber attacks.
He said it was in the best interest of those who paid ransoms not to say so publicly.
But if government agencies paid a ransom, he said that information would eventually become public.
“You can’t hide a $500,000 or million dollar or multi-million-dollar payment, in government spending, all of that has to be accounted for,” he said.
“Governments are among the least likely agencies to pay, which is unfortunately, why we see so much court data leaked by these ransomware actors, because they don’t get paid for it,” he said.
Not all ransomware attacks end in data leaks
While a majority of court hearings in Victoria are already held in public, some may be subject to suppression orders or other publication restrictions.
The unauthorised publication of court recordings could be seen to jeopardise the right to a fair trial or may constitute a criminal offence.
Recently, an Australian federal court judge threatened the publisher of a Youtube channel with a contempt of court charge after it allegedly illegally republished videos of Bruce Lehrmann’s defamation trial against Network Ten.
Mr MacGibbon said there were examples of ransomware attacks where stolen data did not end up online, even when a ransom was not paid.
“We see companies and organisations that don’t pay, where they’re never contacted by the criminal and the criminal doesn’t do anything,” he said.
Mr Liska said if the data had only been accessed and not stolen, it would not be leaked on the dark web.
But he did warn those impacted to prepare for the possibility affected recordings would end up online.
“If they have stolen the data, then it likely will get published,” he said.
“But keep in mind that it’s going to be buried under literally gigabytes and gigabytes of data that’s stolen, so an individual case likely won’t get a lot of attention.”
To find out if you’ve been affected by the breach, you can call 03 9087 6166 or email CSVData@courts.vic.gov.au.
Loading…
Click Here For The Original Source.
————————————————————————————-