"Australian Cyber Task Force Looks to 'Hack the Hackers' After Data Breach Crime Wave"
Recent data breaches have prompted changes to Australia's cybersecurity and data protection policies, with the most recent development appearing to be the formation of a cyber task force set with hacking back and actively pursuing cybercriminals. As millions of Australian citizens have seen sensitive personal data stolen from various major companies and long lines have formed to have compromised personal identification re-issued, Home Affairs promises a new "tough on crime" policy in regard to cyber incidents and data leaks. The agency promises a force of around 100 officers made up of a collaboration between the Australian Federal Police (AFP) and the Australian Signals Directorate. According to the Home Affairs office, the cyber task force will be an operation that focuses on criminal syndicates. It will engage in "day in and day out" operations to track down the perpetrators of data breaches. Officials stated that they had identified the Medibank hackers but would not release their names to the public because they are in discussions with Russian law enforcement agencies through Interpol. There has been speculation that it is either REvil or an offshoot group made up of former members. The Australian government's reaction appears to be motivated not only by the string of breaches that have occurred since September, but also by the nature of the data extortion in the Medibank case. There was a lot of sensitive health information among the 9.7 million records stolen, and the attackers slowly leaked the most sensitive items via a dark website. The announcement has sparked speculation about the scope of the cyber task force's plans, given that "hacking back" is a contentious concept in the international sea of cyber engagement norms and unspoken rules. Private industry has discussed the idea on occasion, but it is generally dismissed due to the risk of causing an international incident by striking a nation-state entity or harming innocent third parties. This article continues to discuss the Australian cyber task force and concerns regarding the hack back approach.