TONY EASTLEY: The AFP (Australian Federal Police) has worked with Romanian police to bust a cyber crime syndicate believed to be responsible for the biggest data theft operation in Australian history.
Dozens of properties across Romania were raided this week and 16 people were arrested, accused of hacking into thousands of small businesses around the world, including about 100 in Australia.
An IT security expert says it proves that many small businesses are not taking data security seriously enough.
Simon Lauder has more.
SIMON LAUDER: The Australian Federal Police says it's the largest data breach it's ever investigated. The investigation began mid last year and since then it's believed the credit card details of up to half a million Australians may have been exposed to the Romanian syndicate.
Romanian investigators allege the group opened several IT companies and used them to run the computer infrastructure to support its criminal operation.
Nigel Phair is the director of the Centre for Internet Safety at the University of Canberra.
NIGEL PHAIR: It's the biggest one that's been caught so far. I don't know if it's the biggest one that's out there but when you look at the nationality involved, particularly with the Romanian angle there, they're certainly front and centre for this sort of fraud.
SIMON LAUDER: The syndicate targetted small retail outlets, exploiting weaknesses in the IT systems of about 100 Australian businesses.
They allegedly stole the credit card details of 30,000 people to buy goods worth more than $30 million. The losses have been reimbursed by Australian banks and credit unions.
While he's surprised at the scale of the operation, Nigel Phair isn't surprised Australia was a target.
NIGEL PHAIR: We are susceptible. We are a good economy, we are ripe for the picking for these international criminals.
SIMON LAUDER: Apparently the syndicate exploited small businesses. Why are they particularly vulnerable?
NIGEL PHAIR: Well the issue is they spend next to no money on any IT security. It's the reality with it all is that the bigger the organisation, the more backing they have internally to abide by payment card industry data security standards and the majority of small businesses just don't.
SIMON LAUDER: And how hard is it to get hold of those credit card details if a company doesn't have any such security?
NIGEL PHAIR: Oh, relatively simple. It really is a matter of just hacking into the organisation, finding where their credit card details are stored and then stealing them and then transacting them yourself, you know. And then the next question coming out of that is after you do a transaction with a small to medium enterprise, there's no reason for them to retain your data.
SIMON LAUDER: So how many businesses in Australia do you think are not adhering to that best practice when it comes to credit card data?
NIGEL PHAIR: In the small to medium category I would suggest most aren't adhering to it.
TONY EASTLEY: The University of Canberra's Nigel Phair speaking to Simon Lauder.
No comments:
Post a Comment