Search Results for “Paul Karp”


October 2, 2019
Paul Karp / The Guardian

Paul Karp / The Guardian  
Australian National University Warns Against Attributing Its Data Breach to China, ‘Sophisticated’ Criminal Attacker Could Be Behind Theft of Personal Student and Staff Data

Vice-Chancellor Brian Schmidt of the Australian National University, which experienced a massive data breach in November 2018 that was revealed in June 2019, said the university has been unable to establish the motivation and attribution for the attack and warned against speculation that China is the culprit. A new report released by the university said that the malicious actor behind the attack was “sophisticated” but did not conclude whether it was a state actor or criminals. The report noted that in November 2018, a sophisticated actor gained unauthorized access” to the enterprise system domain part of ANU’s network using a “spear-phishing email.” The email stole credentials from an employee when an email was previewed in Outlook, even though the employee did not open it or click any malicious web links. Despite initial fears that 19 years’ worth of data had been stolen, the amount of personal student and staff data taken by the attackers was only about one-3,000th of the 19 years of data. The stolen data included names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, and passport details. Schmidt said the stolen data“has not been misused” citing checks the university had conducted on the internet and dark web that found “no evidence” it had been traded, used illegally or in a manner that may harm the ANU community.

June 14, 2019
Paul Karp / The Guardian

Paul Karp / The Guardian  
Symantec Downplays Data Breach That Allowed Hacker To Access List, Passwords for Large Australian Companies, Government Agencies

Cybersecurity leader Symantec has downplayed a data breach that allowed a hacker to access passwords and a purported list of its clients, including large Australian companies and government agencies. The list was extracted in February and appears to indicated that all major federal government departments were among the targets of a hacker who also claimed to be responsible for Medicare data being available for sale on the dark web. Symantec said the breach was a minor incident involving “an isolated, self-enclosed demo lab in Australia – not connected to Symantec’s corporate network – used to [demonstrate] various Symantec security solutions and how they work together.” The hackers stole a list of purported clients of Symantec’s CloudSOC services, account managers and account numbers but Symantec insists data contained in the system were “dummy e-mails and a small number of low-level and non-sensitive files for demonstration purposes” in a demo lab “not used for production purposes.”

May 28, 2019
Paul Karp / Guardian

Paul Karp / Guardian  
Australia’s New Encryption Law Allows Police to Compel a Wide Range of Companies to Provide Information on Users, Including Free WiFi Providers, Retailers, Social Media Giants

A briefing by the Australian home affairs department obtained under freedom of information reveals that the country’s recently enacted encryption legislation, the Telecommunications Access and Assistance Act, allows police to use new powers to compel a broad range of companies including social media giants, device manufacturers, telcos, retailers and providers of free wifi, to provide information on users. “Any Australian retailer who offers a mobile phone application for online shopping or offers an application for mobile viewing” are named as potential targets in the briefing, a definition that encompasses Facebook, Google, equipment providers including the Apple store, cloud computing providers, providers of free wifi including McDonald’s and shopping centers such as Westfield.