A joint partnership between AFP and a foreign signals intelligence agency will work to bring down the Russian cybercriminals responsible for the Medibank hack.
Home Secretary Clare O’Neill spoke to reporters on Saturday to warn the “Russian thugs” behind the Medibank attack that they should “be careful”.
“The smartest, toughest people in our country are going to hack hackers,” she said.
A group of Russia-based cybercriminals have been identified as the likely culprits in the Medibank hack this week, according to newly released information from AFP commissioner Reece Kershaw.
Attorney General Mark Dreyfus said “all options are being considered” when it comes to expelling Russian diplomats in response to the revelations.
The preference remains to keep diplomatic channels open.
Medibank chief executive David Koczkar said he expected the group to “continue to release stolen customer data every day.”
“The relentless nature of this tactic used by the criminal is designed to cause distress and harm,” he said.
“It is obvious that the criminal benefits from notoriety.”
The Russian Embassy in Australia released a statement after Australian Federal Police said they believe the perpetrators of the Medibank cyberattack were from the country.
“We believe those responsible for the breach are in Russia,” Commissioner Kershaw said.
“These cybercriminals operate like a business with affiliates and associates supporting the business.”
The Russian embassy released a statement saying AFP had not contacted them about the allegations.
“For some reason, this announcement was made even before AFP contacted the Russian side through existing professional communication channels,” the statement said.
“We encourage AFP to duly liaise with the respective Russian law enforcement agencies.
The Russian government is likely to know about the ransomware group behind the Medibank breach and may even be aware of the hack itself, an Australian cybersecurity expert has said.
Commissioner Kershaw said Australian authorities knew the identities of those involved and called on law enforcement in Moscow to cooperate with the investigation.
Australian Strategic Policy Institute director Fergus Hanson said he would not be surprised if the Russian government “knows everything about this group and potentially even this operation”.
“It appears to be motivated by financial gain and that’s what the (AFP) commissioner pointed out,” he told ABC News.
“So it looks like a group operating like a business. Ties to the state have yet to be discussed by officials.
Mr Hanson said cybercriminal groups operated in many countries either on behalf of the state or with the “tacit support” of the government.
“It is almost certain that these groups inside Russia are known to the Russian government and tolerated if not supported,” he said.
Mr Hanson said the chances of Moscow handing over the cybercriminals to Australian authorities to face the justice system were “almost zero”.
Labor MP Tanya Plibersek condemned the hackers as “disgusting” and “revolting” human beings.
“We want to do everything in the power of this government, both to catch those responsible, to hold them to account, but also to work with companies that hold such large amounts of data on people to make sure they do it safely,” Plibersek said. told ABC News.
The group behind the cyberattack released three slices of private health information about Medibank customers on the dark web this week.
The data in the file released on Friday is believed to include information on mental health and alcohol issues and follows the release of sensitive information about pregnancy terminations on Thursday.
The people claiming to be responsible – posting on a dark web blog linked to Russian ransomware group Revel – had said they demanded $10 million (A$15.1 million) from Medibank to prevent the data leak.
Medibank refused to pay a ransom, a decision supported by the federal government.
Opposition cybersecurity critic James Paterson called on the government to consider imposing penalties under the Magnitsky legislation on those responsible for the hacking.
“Although Australia has yet to use Magnitsky sanctions against perpetrators of serious cyberattacks, it would be a prime candidate,” Senator Paterson said.
The legislation allows for the imposition of targeted financial sanctions and travel bans on individuals in response to serious human rights violations and abuses, serious corruption and significant cyber incidents.
Senator Paterson welcomed AFP’s decision to publicly disclose that the hackers were operating from Russia.
“The threat of having their identity revealed is a powerful deterrent to malicious behavior online,” he said.