Since September, Australia has seen a string of major data breaches that have prompted quick and dramatic action by the government to shore up the nation’s cybersecurity. The most recent element of this plan is the announcement of a new cyber task force that will spend all of its time pursuing these criminal hackers, whether domestic or foreign.
This has led to natural questions about exactly how far the new cyber task force will go in these pursuits, and to what extent it might “hack back” at criminal actors based in foreign lands. With a proposed force of about 100 officers trained by the Australian Federal Police (AFP) and the Australian Signals Directorate, the new team will need to find something meaningful to do to fill its days without accidentally initiating international incidents.
Cyber task force promises aggressive pursuit in waters that lack legal clarity
There has been some criticism of the cyber task force idea, given that most of these attacks come from overseas and from nations that Australia has a poor to nonexistent law enforcement relationship with. It is thus not entirely clear what the agency will spend its time doing.
The most cynical interpretation is that it is an expensive public relations move, meant to calm a country that is on edge after mass amounts of personal information have been stolen in a short period of time. It comes on the heels of a big increase to the national cyber defense budget (set to last for a decade), and the development of tougher privacy laws that hold private companies to harsher account when they are found to be negligent in allowing data breaches to happen.
It is still unclear who was behind most of the recent incidents in the country, aside from some potential links to Russia-based groups. While the cyber task force might be limited in the direct actions it can realistically take against foreign hackers, one thing it might do is dig up concrete links to perpetrators faster and provide a greater sense of public transparency.
Medibank, other incidents prompt rapid formation of cyber task force
While precise details of the cyber task force’s activities are still forthcoming, the Home Affairs office did stipulate that tracking cyber criminals would be its everyday mission and that it would be a permanent institution. The first job might involve whatever is left of the notorious REvil ransomware group, as connections have been made between it and the Medibank attack that leaked nearly 10 million health records.
In spite of the ongoing war in Ukraine, Russia is not entirely cut off from international law enforcement efforts of this nature as it remains a participant in Interpol (and is reportedly speaking to Australian law enforcement about the Medibank case in some capacity). In April Russia was constrained in its ability to make requests of other Interpol nations, but can field requests as normal even during the present geopolitical situation. The one country known to harbor significant online criminal activity that Australia’s cyber task force can expect no assistance from whatsoever is North Korea.