"Cowardly" hackers infiltrate Australia's disaster alert system
Stolen login credentials were used to send out a false emergency message
A hacker was able to send out false emergency texts, emails and landline messages across Australia after gaining access to the country's early warning system.
The message sent out on Friday announced that the country's Early Warning Network (EWN) had been hacked and that personal data was vulnerable as a result, advising users to unsubscribe from the state-run service. It's believed a criminal had illegally obtained login credentials and was attempting to damage user trust in the service, rather than steal personal data.
The EWN is an information communication system that alerts the general public to natural disasters and imminent threats. Last month the service was used to alert residents in central Queensland during a devastating spate of bushfires.
The EWN said its staff were quick to identify the attack and shut down the messages early, but it's believed thousands of citizens may have received the alert.
"The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers," the company said in a Facebook post. "The link used in this alert were non-harmful and your personal information was not compromised in this event. Investigations are continuing with the Police and Australian Cyber Security Centre."
Despite the links in the message, these are in fact legitimate support websites and therefore users were not at risk of phishing attacks. There is also no indication at this stage that the hack was financially motivated. Speaking to ABC.net, EWN managing director Kerry Plowright said the breach is about ruining the service.
"This event did not compromise anybody's personal information," he said. "The actual data held in our system is just 'white pages'-type data, we deliberately don't hold any other personal information. The purpose of that notification from the person that sent it was to damage this business. It was malicious."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Acting Gladstone Mayor Chris Trevor referred to the malicious actors as cowards for infiltrating a system that saved lives.
"We fear that residents will now unsubscribe to a system that is so imperative when it comes to preserving life," he said. "There was no doubt that early warning system saved lives.
"Sadly we now have a coward or cowards who have attempted to infiltrate that system."
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.