Before an F-22 destroyed China's balloon, a U-2 spy plane took photos of it. The U-2, now 70-year-old high-altitude surveillance plane, is still proving its utility. I did a story on it in 1999 whilst in South Korea. This is me with one after it came back from a mission. This is pre-mission. Pressurised space suit, pre-flight plans.

Short 🧵on Trickbot. Vitaly Kovalev's (aka "Bentley") indictment was originally filed 13 years go. It shows: 1) He was ID'd IRL long ago 2) Name and shame is now favored and 3) Maybe more old sealed indictments will be released? #infosec US alleges Trickbot actors "are associated with Russian Intelligence Services." Conti leaks and other tidbits and data over the years pointed to potential ties between the state and cybercriminals. home.treasury.gov/news/press-rel… #infosec

My younger brother was found dead in his apartment. He was 46 years old. His story is a family tragedy. It illustrates the importance of recognising mental health issues early. My parents and I are devastated. In the pic, he's in the middle. #mentalhealth #mentalillness My brother was a handsome, blonde haired-kid. He was two-and-a-half years younger. Our relationship was typical. Sparring siblings but friends in the same household. We were never close, but united in an upbringing from loving, caring parents. But we were different.

The multinational arrests in December aimed at DDoS for-hire services was quite a strike, and law enforcement revealed some interesting trends around DDoS services and those purchasing them. An analysis by @Intel471Inc here: intel471.com/blog/will-rece… #infosec The FBI made some key points in an affidavit. LE seized a half-dozen DDoS customer databases, which should unnerve past customers. Also, payment for DDoS has shifted from PayPal, Google Wallet, etc. to crypto after LE pressure.

Just after @FTX_Official collapsed, I received a small post card from Japan. The sender was Mt. Gox. Here's how I bought a bitcoin for $12, got stung in the first big crypto exchange collapse plus some thoughts about cryptocurrency and its future. #infosec #ftx #cryptocurrency A decade ago, I bought a bitcoin for $12. I was intrigued to investigate how it worked. The blockchain and bitcoin's shadowy architect, Satoshi Nakamoto, was fascinating. It felt mysterious, somewhat rebellious and was a technological marvel. #cryptocurrency

How we got here with @medibank. It initially said compromised login credentials were used (that may have involved VPN access). The attackers claim they accessed Redshift - an Amazon data warehousing product - via jump servers. #auspol #infosec (1/4) The @medibank attackers said they spent a month digging around @medibank's systems and then eventually dumped the tables with personally identifiable information, eventually putting them in .csv files that were supplied to Medibank as proof. #infosec #auspol (2/4)

The @medibank attackers have written a short post saying the "data will be publish in 24 hours" and "P.S. I recommend to sell medibank stocks." They've also linked to the YouTube video of @markhumphries recent satirical Medibank piece. #auspol #infosec HT @AlvieriD + @ecrime_ch I just fielded a good question from a reporter: How can we trust that this group/site is @medibank's real extortionist? And how can we verify that? There's a bit of complicated history behind it, but @BleepinComputer has it here: bleepingcomputer.com/news/security/…

Should Australia's @medibank health insurer pay extortionists to prevent the release of sensitive medical documents related to millions of people? A 🧵 on ransoms and extortion. #auspol #infosec @ClareONeilMP @CyberGovAU @ASDGovAu @Optus .@medibank is in a no-win position. Pay and the records may not be destroyed and sold on the sly anyway. But paying could prevent a mass data dump that is easy for lots of bad people to access. Either way, it's the most severe cybercriminal incident in Australian history.

.@abcnews reports a 2018-era dataset belonging to ForceNet, which is a portal for Australian Defence Force and public service personnel, has been struck by ransomware. No personal data appears to have been compromised: abc.net.au/news/2022-10-3… #auspol #infosec @abcnews Just for context, ransomware gangs (as in those that encrypt files) virtually always steal data before they encrypt it. So like @medibank, Australian Clinical Labs, etc., it may not be clear now if personal data was take first but that may very well change. #auspol #infosec

Somebody just emailed me names, email addresses, phone numbers, physical addresses as well as BSBs and bank account numbers from a breach of yet another Australian organisation. ☹️ #auspol #infosec This breach is much smaller than the ones we've seen. I have about 90 sample records. It comes from a family-run business. The person who emailed it to me says there are 10K records in the set. The data also includes birth dates. #auspol #infosec

Australian Clinical Labs says its Medlab Pathology biz had a breach affecting 223,000 people: 17,539 health records assoc w/ a pathology tests; 28,286 credit card numbers (some expired) and names and 128,608 Medicare numbers. Deets here: ir.miraqle.com/DownloadFile.a… #auspol #infosec ACL says it detected an incident in Feb but thought no data had been compromised. Then @CyberGovAU told it in March it may have been ransomware. ACL says it still "did not believe" data was stolen. In June, @CyberGovAU tells ACL data is on the Dark Web.

Australia's @medibank health insurer says compromised login credentials lead to its data breach. I spoke with a former Medibank employee whose login credentials turned up on the Dark Web in August. An interesting 🧵 #auspol #infosec @CyberGovAU @ClareONeilMP For background, login credentials are constantly stolen, bought and sold. "Every org has creds for sale," says one source. @medibank is no different. At least a half dozen @medibank accounts were available for sale in August, according to @RESecurity. #infosec

Is Australia's data breach wave a coincidence, bad luck or intentional targeting? Maybe all three. But the security weaknesses that have led to the incidents are not exotic. Here's an analysis 🧵 #auspol #infosec #cybercrime @CyberGovAU @ClareONeilMP None of intrusions are the result of indefensible exploits. The culprits are the usual suspects: an insecure API, compromised credentials, a failure to quickly patch, everyday account takeovers and bad development practices.

Aussie data breach #5 (or is it #6?) is @AMEBexams, which is run by unis and several state gov'ts. Its e-commerce system breach coincides with a nasty XSS software vulnerability in Adobe Commerce/Magento: helpx.adobe.com/security/produ… #auspol #infosec To recap, @AMEBexams says its AMEB online shop database was attacked between Oct. 12-18. Says transaction/credit card data at risk. Also names, emails, phone numbers, addresses were exposed and possibly before Oct. 12 as well: Notice here: ameb.edu.au/cybersecurity

The Australian gov't will introduce legislation in Parliament next week that would sharply increase penalties after a wave of unprecedented data breaches affecting @Optus, @medibank, @mydealaustralia and @vinomofo. Deets: ministers.ag.gov.au/media-centre/t… #auspol #infosec If passed, max fines for Privacy Act violations will rise from $2.22 million to the greater of either $50 million, three times the benefit from misuse of info or 30% of a company's adjusted turnover.

.@EnergyAustralia initiated a password reset for its My Account portal users after it says the data of 323 residential and small business customers was exposed between September/October. Some info here: energyaustralia.com.au/home/help-and-… #auspol #infosec Data available in an account includes name, address, email address, phone number, masked credit card numbers. No driver's licenses, passport or other ID details are in there, which is good of course.

Someone is claiming responsibility for the recent hack of MyDeal, the online marketplace owned by Aussie grocery Woolworths Group. The price for the data is at $600. CAUTION: I haven't verified the data yet or if this is legit. #infosec #auspol

https://twitter.com/Cyberknow20/status/1581838827592699904

To recap, Woolworths said on Friday that 2.2 million people were affected after its CRM system was accessed. For 1.2 million, only email was exposed. For the rest, names, email addresses, phone numbers, delivery addresses, sometimes birth dates. PR here: woolworthsgroup.com.au/au/en/media/la…

Here are some technical observations related to the Optus breach. This gets into the technical weeds, but it’s important for understanding how this breach may have happened. I’ll try to make it as comprehensible as possible. #optushack #auspol #infosec Some information is based on public data. The analysis comes from information security experts, whom I appreciate reaching out to me. 😉

Bad news. The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn't give into the extortion demand. #OptusDataBreach #optushack #auspol #infosec Quick observation on this new data. It appears Medicare numbers may be exposed for some people. Redacted screenshot below. #Optus #OptusDataBreach

UPDATE: I reached the person who claims to have hacked Optus. I've also been contacted by a second, separate source who says the hacker's version of events is approximately correct. Here's what they said. #OptusHack #infosec #auspol The Optus hacker says they accessed an unauthenticated API endpoint. This means they didn't have to login. The person says: "No authenticate needed. That is bad access control. All open to internet for any one to use." #infosec #auspol

Someone is claiming to have the stolen Optus account data for 11.2 million users. They want $1 million in the Monero cryptocurrency from Optus to not sell the data to other people. Otherwise, they say they will sell it in parcels. #optus #auspol #infosec #OptusHack The person who runs this data market where the Optus data was posted says the data is real (I have not verified the data yet). The person writes that "optusdata" showed the script used to scrape the data and passed along info about the vulnerable endpoint. #infosec #OptusHack