Authorities fight back against charity hackers

The Australian Federal Police (AFP) cooperated with counterparts in 13 other countries to crack down on the LockBit ransomware group under Operation Cronus.

Authorities took control of the LockBit sites to turn the tables on the hackers, using those dark web sites to announce the counter-hack.

Police also arrested several suspects, froze LockBit Bitcoin accounts, shut down servers and websites, and took charge of ransomware infrastructure, such as LockBit’s “StealBit” platform.

The LockBit group targeted Australia’s Pareto Phone charity telemarketing group to devastating effect in August last year. That attack saw the information of nearly 50,000 charity donors from the nation’s leading charities leaked onto the dark web.

Affected charities included WWF Australia, the Australian Conservation Foundation and Plan International Australia. Many charities were infuriated that Pareto Phone allegedly retained customer data for years more than it should have.

Global effort to bring down hackers

Operation Cronus was led by Europol, the UK’s national crime agency’s cyber division, the US Justice Department and the FBI. As well as the AFP, police in France, Germany, Switzerland, Japan, Sweden, Canada, the Netherlands, Finland, New Zealand, Poland and Ukraine were involved.

AFP assistant commissioner Scott Lee said the global taskforce’s investigation was a major breakthrough.

“This investigation has not only taken down the world’s most prolific ransomware group, but also damaged the group’s reputation and credibility beyond repair.

“We have obtained a vast amount of data from investigations so far and will continue to follow all leads and bring those responsible to justice,” Mr Lee said.

The AFP provided a link to the No More Ransom portal which would enable victims to decrypt data that used the LockBit encryption method.

The US Department of Justice in its media release described LockBit as “one of the most active ransomware groups in the world”, saying it had targeted more than 2,000 victims and received more than $184 million in ransom payments.

US Deputy Attorney General Lisa Monaco said the operation had “destroyed the online backbone of the LockBit group, one of the world’s most prolific ransomware gangs”, but would continue to pursue its criminal affiliates across the globe.

Related investigations over the past 18 months led to the jailing of a Russian-Canadian dual citizen this month.

Mikhail Vasiliev was caught in his garage trying to extort three Canadian companies by encrypting computer systems and demanding hundreds of thousands of dollars.

Authorities named Vaisiliev and four other Russian nationals as targets of the LockBit investigation.

Despite the action, reports suggest that LockBit criminals have already re-emerged using new encrpytors and servers.

Pareto Phone breach probe continues

Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), is continuing an investigation into the Pareto Phone breach, which it launched in late October.

The investigation appears likely to be completed by late this year, and is expected to examine complaints by several charities that Pareto Phone held onto customer data for years after the information should have been deleted, in breach of privacy laws.

The OAIC is now working with the liquidators of Pareto Phone, given the telemarketing company collapsed owing $17.3 million soon after the hack, when most of its clients abandoned it.

The OAIC’s latest data breach report, released last month, showed breach notifications were up 19% in the six months to December 2023, with Australia’s health sector by far the worst affected. The report showed that malicious attacks remain the most common form of breach, and comprise two-thirds of all breaches. A separate study by Infoxchange suggested 12% of NFPs suffered a cybersecurity incident in the past year.

Australia Information Commissioner Angelene Falk used the latest report to reiterate the dangers of outsourcing personal data handling to third parties.

Ms Falk said the OAIC had witnessed a high number of multi-party breaches, most as a result of a breach of a cloud or software provider.

“Organisations need to proactively address privacy risks in contractual agreements with third-party service providers,” Ms Falk said.

Fundraising Institute Australia (FIA), the Australian Securities and Investments Commission (ASIC), and the Australian Charities and Not-for-profits Commission (ACNC) have also warned organisations in recent months to be more careful when dealing with third-party operators that have access to personal data.

Earlier this month, the Australian Signals Directorate (ASD) released a guide to cybersecurity for charities and not-for-profits. It forms part of a bank of resources available to the sector, including ICDA’s cybersecurity self-assessment tool, released last year.

The ASD’s guide provides suggestions on preventing attacks and preparing for them too.