With millions of Australians' personal data compromised in Optus cyber attack, one expert believes something much bigger is at play.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The telecommunications giant was asked to pay $1 million in ransom, before the hackers suddenly claimed to have deleted the data saying they had no intentions of using it.
Wollongong cyber analyst, Ryan (who wants to keep his surname private) seems to believe the hackers asking for ransom is just a front.
Ryan suspects the hackers are state-sponsored due to the pattern of cyber attack.
"State-sponsored cyber attacks are facilitated by a country's government with the three main targets being telecommunications, utilities and government," he said.
State-sponsored groups have a lot more technology, they don't have any regulation, no fear of the law, Ryan said.
The 25-year-old believes the hackers were trying to paint a different picture with a common hacker tactic at play.
"Obfuscation is basically when a hacker tries to hide the fact that they're the government," he said.
Ryan said the involvement of major Australian intelligence organisations highlights the severity of the situation.
"Involvement of Australian Secret Intelligence Service (ASIS) and Australian Signals Directorate (ASD) suggests it's not the work of a kid in their mum's basement," he said.
Ryan's theory on how Optus data was compromised involves something called an Application Programming Interface (API)."
"API is like a messenger which allows data transfer between two applications, only transferring specific requested data without exposing anything else to each other," he said.
Ryan believes it seems the telecommunications company was testing a new API with no control over the amount of data being transferred.
"It seems that Optus had published their test API out on the internet and not on their internal test network", he said, "since it was a test API, it probably needed no username and password making it easier for hackers to get in."
The cyber analyst believes, the API being tested by the programming team would not have been run past the cyber security team, thus the lack of internal communication made the data of millions of Australians vulnerable to hackers.
"Someone in the back end should have picked up - hold on, why is there so much information going out towards this API?" Ryan said.
Ryan said there were many small lapses in security that compounded to a massive data breach.
The analyst said even if the hackers claim to have deleted the data, there is no way to verify what happens with it once it's leaked.
"I think if they are hacking maliciously in the first place, they don't really have a moral compass," he said. "The rule is once data has been accessed, it's considered exposed and vulnerable."
One cyber analyst at Gartner, a US-based technological research firm believes with the amount of data exposed, the possibilities of misuse are endless.
"We cannot underestimate the impact of this breach, it could be something very small to something massively unimaginable," Jaideep Thyagarajan, from the Sydney office, said.
Despite continued investment in cyber security, Mr Thyagarajan said, the threat landscape remains challenging because of digital business transformation.
"Everything is digitalised these days and with hybrid workplaces, people working from everywhere, the attack surface is also expanding," he said.
- We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on the Illawarra Mercury website. Find out how to register so you can enjoy civil, friendly and engaging discussions. Sign up for a subscription here.