{"id":14256,"date":"2019-01-07T11:10:07","date_gmt":"2019-01-07T19:10:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/07\/news-8008\/"},"modified":"2019-01-07T11:10:07","modified_gmt":"2019-01-07T19:10:07","slug":"news-8008","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/01\/07\/news-8008\/","title":{"rendered":"Australia’s Early Warning Network compromised"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 07 Jan 2019 17:59:03 +0000<\/strong><\/p>\n

An early warning network designed to notify subscribers about dangerous weather in Australia has been compromised. The hacker sent many bogus messages via phone, SMS, and email, telling users that the service had been hacked.<\/p>\n

Early Warning Network, a service used by local governments to send notifications about weather hazards, found itself firing these rogue missives into the void late on Saturday evening. They haven’t revealed how many people received a message, but they caught the attack quickly and shut it down.<\/p>\n

A warning from Early Warning Network<\/h3>\n

The website<\/a> says:<\/p>\n

\n

At around 930pm EDT 5th January, the EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWNs database. This was sent out via email, text message and landline. EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert<\/em><\/p>\n<\/blockquote>\n

The text sent to subscribers read as follows:<\/p>\n

\"sms<\/a><\/p>\n

\n

EWN has been hacked. Your personal data is not safe. Trying to fix the security issues. Email [address] if you wish to unsubscribe.<\/em><\/p>\n<\/blockquote>\n

If you were on the receiving end of the email version, you would have found it to be identical:<\/p>\n

\"email<\/a><\/p>\n

Click to enlarge<\/p>\n

Some people in EWN’s\u00a0comments sections<\/a>\u00a0reported receiving phone calls simply stating \u201cYou have been hacked,\u201d which would be a little alarming, to say the least. An Early Warning Network shouldn’t come with a warning, but this is where we’re at.<\/p>\n

How did they do it?<\/h3>\n

The alert service has so far confirmed that the attack took place from inside Australia, and the rogue message was the result of login credentials obtained without permission<\/a>. There\u2019s no other information available at time of writing, but it does seem likely that this was a targeted spear phish.<\/p>\n

EWN have also stated that user information wasn\u2019t at risk:<\/p>\n

\n

The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers. The link used in this alert were non-harmful and your personal information was not compromised in this event. Investigations are continuing with the Police and Australian Cyber Security Centre involved<\/em><\/p>\n<\/blockquote>\n

This directly contradicts the hacker\u2019s claim that \u201cyour personal data is not safe.\u201d It is also claimed that the links in the emails and SMS messages were not harmful.<\/p>\n

What was the point?<\/h3>\n

Given the flat denial of user data being put at risk, it seems this is more about reputation damage. Perhaps someone has a weirdly specific grudge against a lifesaving service, or maybe it\u2019s just a trollish prank done for cheap laughs. Either way, it\u2019s an incredibly careless thing to do.<\/p>\n

In the Phlippines, PHIVOLCS<\/a> warn about seismic activity and volcano eruptions, while PAGASA<\/a> deal with weather systems, typically via media alerts and social media. These are high-end setups, almost always government run. In the US, a variety of warnings are available under wireless emergency alerts<\/a>, which can include everything from weather safety to AMBER alerts<\/a>. Early warning systems can save thousands\u2014as was evident by the lack of systems in place to warn tourists and locals about the Boxing Day tsunami in 2004, which claimed more than 200,000 lives.<\/p>\n

That’s why alert system tampering is always a bad idea. If people unsubscribe as a result of this attack, they could potentially put their lives in danger. EWN is not a huge organisation, and this attack on their systems and reputation could have a huge impact<\/a>. It\u2019s no wonder police are quick to investigate the attack taking place on this particular network.<\/p>\n

What can the affected organisation do now?<\/h3>\n

Given there\u2019s no further information as to how credentials were obtained, we can only offer an educated guess. If our hunch from earlier is correct, and it is<\/em> a targeted phish, then some staff training may be needed. Additionally, they shouldn\u2019t be relying on \u201cjust\u201d a password to keep things safe.<\/p>\n

Even the longest password around is a chocolate fireguard if someone manages to swipe it. That\u2019s where two-factor authentication<\/a>\u00a0(2FA) comes into play. If more than one person has to share a single login, there’s a number of ways to get around that, too. Some password managers let groups share logins without revealing the password. If you haven’t thought about beefing up password security<\/a>, now is as good a time as ever.<\/p>\n

Lasting ramifications<\/h3>\n

Most people have seen an article about hacked road signs at some point<\/a>, and probably suppressed the odd giggle or two. There are good arguments for not doing that; there are great<\/em> arguments for not messing with emergency alert systems.<\/p>\n

It remains to be seen if the person responsible for this will be caught. This is definitely not a great situation for anyone reliant on the integrity of these networks in bad weather regions. Will anyone even believe the next message sent out? And how much trouble will the person who did this be in, should fatalities occur? Our feeling is, a slap on the wrist is not enough.<\/p>\n

The post Australia’s Early Warning Network compromised<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 07 Jan 2019 17:59:03 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
An Australian Early Warning System notifying subscribers of severe weather alerts was compromised over the weekend, with messages sent across a variety of formats. What did the hackers get up to? And why did they do it?<\/p>\n

Categories: <\/p>\n