Australia blames Russians for health insurance data theft

Nov 10, 2022, 6:28 PM | Updated: Nov 13, 2022, 6:47 pm
People walk past a Medibank branch in Sydney, Friday, Nov. 11, 2022. Extortionists have dumped pers...

People walk past a Medibank branch in Sydney, Friday, Nov. 11, 2022. Extortionists have dumped personal medical records on the dark web for a third day as they pressure Australia's largest health insurer to pay a ransom for the stolen customer data of almost 10 million people. (AP Photo/Rick Rycroft)

(AP Photo/Rick Rycroft)

CANBERRA, Australia (AP) — Moscow must he held to account for Russian cybercriminals accused of hacking Australia’s largest health insurer and dumping customers’ personal medical records on the dark web, Australian officials said Friday.

Australian Federal Police took the unusual step of attributing blame for the unsolved cybercrime that resulted in the personal data of 9.7 million current and former Medibank customers being stolen.

A group of “loosely affiliated cybercriminals” operating like a business in Russia were likely responsible for the Medibank attack as well as other significant security breaches around the world, Australian Federal Police Commissioner Reece Kershaw said.

“We believe we know which individuals are responsible, but I will not be naming them,” Kershaw told reporters. “What I will say is that we’ll be holding talks with Russian law enforcement about these individuals.”

Prime Minister Anthony Albanese, who is a Medibank customer who had personal data stolen, said he had authorized police to reveal where the attack had come from.

“We know where they’re coming from, we know who is responsible, and we say that they should be held to account,” Albanese said.

“The nation where these attacks are coming from should also be held accountable for the disgusting attacks, and the release of information including very private and personal information,” Albanese added.

An official from the Russian Embassy in Australia could not be immediately contacted for comment.

The extortionists have been linked to high-profile Russian cybercrime gang REvil, short for Ransomware Evil and also known as Sodinokibi.

The Russian Federal Security Service said in January REvil “ceased to exist” after several arrests were made at the insistence of the United States.

An old REvil dark web site had started redirecting traffic to a new site that hosts the stolen Medibank data.

Fergus Hanson, director of Australian Strategic Policy Institute think tank’s cyber policy center, said he was not surprised that the crime gang was based in Russia.

A Medibank employee’s stolen username and password, which allowed the hackers to enter the company’s database, had been sold on a Russian dark web forum, Hanson said.

Hanson doubted that culprits operating in Russia would be brought to justice.

But Australia could use its offensive cyber capabilities against the gang in Russia and prosecute their affiliates, who police suspect are operating in other countries.

“There’s potential to conduct operations against the group to disrupt their operations, but in terms of seeing them go to prison or appear before a court, I think that’s pretty unlikely,” Hanson told Australian Broadcasting Corp.

Cybercriminals dumped personal medical records on the dark web for a third day on Friday, this time focusing on alcohol-related illnesses, as they pressure Medibank to pay a ransom.

The criminals began dumping customer records Wednesday, including those involving treatments for HIV and drug addiction, which they described as a “naughty” list, after Medibank ruled out paying a ransom for the return of the hacked data.

The focus shifted to terminated pregnancies in Thursday’s dump and on Friday to conditions related to harmful levels of alcohol consumption, in a file the thieves labeled “boozy.” Medical treatment records of more than 700 customers had been published through Friday in what has been described as Australia’s most invasive cybercrime.

Other personal details of many more customers have also been made public that could leave them vulnerable to identity theft or fraud, including phone numbers and email addresses.

Confirming the third dump, Medibank CEO David Koczkar said his company was contacting exposed customers and offering support. He expected the daily dumps would continue.

“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” Koczkar said.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,” he added.

The gang, which is becoming increasingly better known as BlogXX within cybersecurity circles, blamed Medibank’s failure to pay a $9.7 million ransom demand.

“But we warned you. we always keep our word, if we wouldn’t receive a ransom – we should post this data, because nobody will believe us in the future,” they posted on Friday.

Kershaw said Australian government policy did not condone paying ransoms to cybercriminals.

“Any ransom payment, small or large, fuels the cybercrime business model, putting other Australians at risk,” Kershaw said.

Australian authorities are hoping the data remains confined to the dark web and is not spread to a wider audience by social media or reported in detail by the news media.

Albanese urged against anyone accessing the data.

“We need to provide a disincentive for this sort of criminal, disgusting behavior that is reprehensible,” Albanese said.

“It’s causing a great deal of distress in the community. The government acknowledges this and we’re doing all we can to limit the impact of this and to provide that support to people who are going through this distressing time,” Albanese added.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Capital murder defendant and former U.S. Border Patrol Juan David Ortiz looks around the cou...
Associated Press

Jurors hear ex-Border Patrol agent’s confession in killings

SAN ANTONIO (AP) — Jurors in the capital murder trial of a former U.S. Border Patrol agent have heard a taped interview in which he confesses to the 2018 killings of four sex workers in South Texas. If convicted of capital murder, Juan David Ortiz, 39, faces life in prison without parole because prosecutors are […]
18 hours ago
FILE - A Twitter logo hangs outside the company's San Francisco offices on Nov. 1, 2022. A top Euro...
Associated Press

As Musk is learning, content moderation is a messy job

Now that he’s back on Twitter, neo-Nazi Andrew Anglin wants somebody to explain the rules. Anglin, the founder of an infamous neo-Nazi website, was reinstated Thursday, one of many previously banned users to benefit from an amnesty granted by Twitter’s new owner Elon Musk. The next day, Musk banished Ye, the rapper formerly known as […]
18 hours ago
FILE - In this photo taken by an individual not employed by the Associated Press and obtained by th...
Associated Press

Iran morality police status unclear after ‘closure’ comment

CAIRO (AP) — An Iranian lawmaker said Sunday that Iran’s government is “paying attention to the people’s real demands,” state media reported, a day after a top official suggested that the country’s morality police whose conduct helped trigger months of protests has been shut down. The role of the morality police, which enforces veiling laws, […]
18 hours ago
Secretary of State Antony Blinken speaks at the J Street National Conference at the Omni Shoreham H...
Associated Press

Blinken vows US support for Israel despite unease over gov’t

WASHINGTON (AP) — Secretary of State Antony Blinken said Sunday the U.S. will not shrink from its unwavering support for Israel despite stark differences with Prime Minister-elect Benjamin Netanyahu and concerns the Biden administration may have about potential members of his incoming right-wing government. Speaking to a left-leaning group that some on the right accuse […]
18 hours ago
Associated Press

Farmer: Georgia dog injured saving sheep from coyote attack

DECATUR, Ga. (AP) — A Georgia sheepdog is recovering at home two days after killing a pack of coyotes that attacked his owner’s flock of sheep, farmer John Wierwiller said. Casper, a 20-month old Great Pyrenees from Decatur, fought off a pack of coyotes who were threatening Wierwiller’s sheep farm, he said. The fight lasted […]
18 hours ago
Associated Press

Report: Woman attacks 6 deputies at New Orleans airport

Officials say a woman bit, kicked and spat on six sheriff’s deputies while refusing to exit a plane at an airport in Louisiana early Thanksgiving Day, The Times-Picayune/The New Orleans Advocate reported Saturday. Authorities said the 25-year-old woman attacked Jefferson Parish sheriff’s deputies at Louis Armstrong New Orleans International Airport, according to local news reports. […]
18 hours ago

Sponsored Articles

(Desert Institute for Spine Care photo)...
DESERT INSTITUTE FOR SPINE CARE

Why DISC is world renowned for back and neck pain treatments

Fifty percent of Americans and 90% of people at least 50 years old have some level of degenerative disc disease.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
...
Quantum Fiber

Stream 4K and more with powerful, high-speed fiber internet

Picking which streaming services to subscribe to are difficult choices, and there is no room for internet that cannot handle increased demands.
Australia blames Russians for health insurance data theft