Those fun folks on the dark web are making themselves useful again with a serious hack of Australian charities. This is the usual story of getting information for fake IDs, phishing, etc. The information includes names and addresses.
One of the problems was that the hacked company, an intermediary called Pareto Phone, had a lot of old information dating back 9 years. In Australia, records are required to be kept for the statutory limit of 6 years. The charities seem to have been completely unaware that the information was still held by the company.
A few obvious technical matters also arise – Older storage systems would naturally be more vulnerable to hacking. The data was also apparently still accessible to hackers online. It’s a bit of a 101 for data archiving, but it’s pretty common.
Less impressive is the allegation that the data was stored in contravention of Australian Privacy Principles, These are basic rules which govern the management of personal data by third parties. Pareto Phone is now working with investigators to analyze the issues.
This is a standard hack, perpetrated by the usual suspects with the usual outcomes so far. The distinguishing feature is the targeting of charitable donors. Maybe the little dears had nothing else to do that day.
This hack is representative of the hideously dysfunctional state of internet security. If you’ve ever been hacked or had your money laundered it’s nice to know so little is being done to shut it down.
I’ve had both of those experiences, years ago, and I can’t pretend to be impressed. Hacking of everything, including AI, simply isn’t getting proper attention and oversight. Hacking AI could well be catastrophic given the mindless acceptance of it in the corporate world. Hacking human neural links could be fatal.
…Or maybe the incredibly lax state of global internet security is the problem? This has been going on for decades. It’s made money laundering a breeze. There’s not that much chance of getting caught.
In the Age of Deregulation, which has been a daily lottery win for every criminal on the planet, it’s to be expected. Giving handouts to criminals is what governments do, remember?
Like the War on Affordability, it’s bread and butter work for useless out-of-touch political gerbils. It’s an act of faith and belief in ideological babble. Nowhere is this more obvious than in internet regulation and no-brainer levels of security.
The main argument against regulation is “bureaucracy”. This argument comes from people who spend far more time in meetings trying to pretend they work for a living than actually doing their jobs.
Put it this way – If “bureaucracy” makes you, your money and, your property safer, do you want more or less bureaucracy? Fortunately, we have a great alternative in paying pretentious incompetent freeloaders a fortune to pretend they can deliver security. That’s worked out brilliantly.
Cybercrime and cyber espionage are now worth more than the GDP of some countries. All data has some value, and many people seem to be surprisingly rich for no apparent reason.
A few options for enforcement:
- Severe financial penalties for anyone handling hacked money. If it costs money, they won’t do it.
- ID theft could carry a heavy financial cost, say $100,000 per instance. That should discourage someone.
- Insurance for financial transactions for both customers and financial institutions. That’s at least fair and gives a ballpark to play in.
- An option for financial institutions to revoke transactions. This could be over a given period to allow people to report hacks and get a proper response. It also leaves the hackers carrying the can for any laundering issues.
…And lose the idea that “nothing can be done” about hacking. Plenty can be done, it’s just not being done.
_____________________________________________________
Disclaimer
The opinions expressed in this Op-Ed are those of the author. They do not purport to reflect the opinions or views of the Digital Journal or its members.
