1
00:00:00,520 --> 00:00:03,480
Speaker 1: Already and this is this is the Daily h this

2
00:00:03,560 --> 00:00:06,840
Speaker 1: is the Daily OAHs. Oh now it makes sense.

3
00:00:14,680 --> 00:00:17,239
Speaker 2: Good morning, and welcome to the Daily Odds. It's Tuesday,

4
00:00:17,280 --> 00:00:19,880
Speaker 2: the fourteenth of October. I'm Elliott, Lorie.

5
00:00:19,720 --> 00:00:20,360
Speaker 1: I'm Billy good.

6
00:00:20,400 --> 00:00:24,360
Speaker 2: Simon's names, phone numbers, and email addresses were just some

7
00:00:24,520 --> 00:00:27,479
Speaker 2: of the personal data points compromise during a hacking scandal

8
00:00:27,560 --> 00:00:30,639
Speaker 2: that first hick Quantas back in July. Fast forward to

9
00:00:30,640 --> 00:00:33,520
Speaker 2: this week and things have escalated, with the hackers behind

10
00:00:33,560 --> 00:00:36,440
Speaker 2: the attack leaking that data on the dark web. On

11
00:00:36,479 --> 00:00:39,640
Speaker 2: today's podcast, we're breaking down exactly what happened, how the

12
00:00:39,680 --> 00:00:42,040
Speaker 2: hackers got in, who was behind the attack, and what

13
00:00:42,159 --> 00:00:44,479
Speaker 2: Quantus customers can do to protect themselves.

14
00:00:48,360 --> 00:00:51,720
Speaker 1: Elliott, there were so many headlines about Quantus and this

15
00:00:51,960 --> 00:00:55,720
Speaker 1: data leak over the weekend. Where did this story all begin?

16
00:00:55,840 --> 00:00:58,200
Speaker 1: Because I remember this coming up a few months ago.

17
00:00:58,240 --> 00:01:00,760
Speaker 2: Now, Yeah, this story's been kicking around for quite a

18
00:01:00,800 --> 00:01:03,680
Speaker 2: while now. It actually first came up in July. That

19
00:01:03,800 --> 00:01:06,720
Speaker 2: was when we first heard from Quantus that they had

20
00:01:06,760 --> 00:01:09,360
Speaker 2: detected a breach at one of their third party call

21
00:01:09,440 --> 00:01:13,080
Speaker 2: centers and they were working to contain that breach. As

22
00:01:13,120 --> 00:01:14,960
Speaker 2: part of the statement that they first put out, they

23
00:01:15,000 --> 00:01:17,720
Speaker 2: revealed that the data of up to six million Quantus

24
00:01:17,800 --> 00:01:20,640
Speaker 2: customers had been compromised. That's a lot. It's a very

25
00:01:20,640 --> 00:01:23,839
Speaker 2: big number. Now, when I say compromised, we're talking about

26
00:01:23,880 --> 00:01:27,399
Speaker 2: things like names, email addresses, phone numbers, birth dates, and

27
00:01:27,480 --> 00:01:31,880
Speaker 2: frequent flyer numbers. Importantly, Quantus said that things like passports,

28
00:01:31,880 --> 00:01:35,119
Speaker 2: credit card details, account passwords and pins, you know that

29
00:01:35,240 --> 00:01:38,119
Speaker 2: really sensitive information that was not part of the breach.

30
00:01:38,560 --> 00:01:41,720
Speaker 2: And Quantus responded by obtaining a permanent injunction from the

31
00:01:41,720 --> 00:01:44,399
Speaker 2: Supreme Court of New South Wales to prevent use or

32
00:01:44,400 --> 00:01:47,920
Speaker 2: further publication of the stolen data. So this basically made

33
00:01:47,960 --> 00:01:50,560
Speaker 2: it illegal to spread any of the information publicly, but

34
00:01:50,640 --> 00:01:53,240
Speaker 2: it doesn't erase the fact that the data is already

35
00:01:53,280 --> 00:01:53,680
Speaker 2: out there.

36
00:01:54,080 --> 00:01:56,760
Speaker 1: When I was reading about this over the weekend, one

37
00:01:56,840 --> 00:01:59,000
Speaker 1: of the things that I was really interested to learn

38
00:01:59,160 --> 00:02:02,800
Speaker 1: is actually how hackers got this information, because it wasn't

39
00:02:02,880 --> 00:02:06,000
Speaker 1: just through them going into the computer systems. What can

40
00:02:06,000 --> 00:02:06,680
Speaker 1: you tell us about that?

41
00:02:06,880 --> 00:02:08,880
Speaker 2: Yeah, A little peak behind the TDA curtain is that

42
00:02:08,919 --> 00:02:10,839
Speaker 2: when we put stories in the morning, it's often hard

43
00:02:10,880 --> 00:02:13,760
Speaker 2: to get Billy up and excited about what we're talking about.

44
00:02:13,800 --> 00:02:17,440
Speaker 2: That's not true this morning. You were especially excited about

45
00:02:17,440 --> 00:02:17,960
Speaker 2: this story.

46
00:02:18,120 --> 00:02:21,600
Speaker 1: I was because of how they got this information. I

47
00:02:21,639 --> 00:02:22,799
Speaker 1: find it so interesting.

48
00:02:22,919 --> 00:02:25,800
Speaker 2: It is interesting, I'll give you that. So basically it

49
00:02:25,840 --> 00:02:28,800
Speaker 2: wasn't a direct breach of Quantuss systems, but rather they

50
00:02:28,840 --> 00:02:32,320
Speaker 2: got the information from a platform called Salesforce. So I'm

51
00:02:32,360 --> 00:02:34,480
Speaker 2: sure quite a few of our listeners would be familiar

52
00:02:34,520 --> 00:02:37,040
Speaker 2: with Salesforce, at least they would have heard the name. Maybe.

53
00:02:37,120 --> 00:02:40,200
Speaker 2: It's basically a really popular tool that's used by a

54
00:02:40,320 --> 00:02:43,800
Speaker 2: lot of companies around the world to help with managing

55
00:02:43,800 --> 00:02:46,320
Speaker 2: customer relationships. That's kind of the primary function, but it

56
00:02:46,360 --> 00:02:49,000
Speaker 2: also can be used for marketing and sales and a

57
00:02:49,000 --> 00:02:51,760
Speaker 2: bunch of other things that help the business go around. Now,

58
00:02:51,880 --> 00:02:54,760
Speaker 2: at least forty major companies from around the world who

59
00:02:54,880 --> 00:02:57,680
Speaker 2: used Salesforce were caught up in this attack, So we're

60
00:02:57,680 --> 00:03:02,560
Speaker 2: talking about some pretty big names here. Think of Toyota, Disney, McDonald's, Aquia,

61
00:03:02,800 --> 00:03:07,520
Speaker 2: and of course Quantus. Yes, so basically Salesforce holds all

62
00:03:07,560 --> 00:03:11,079
Speaker 2: of these companies customer data, and in the case of Quantus,

63
00:03:11,080 --> 00:03:14,079
Speaker 2: it's understood the hackers retrieve the information from a call

64
00:03:14,120 --> 00:03:16,000
Speaker 2: center in the Philippines.

65
00:03:15,680 --> 00:03:19,640
Speaker 1: And that's what's so interesting. That they called this call

66
00:03:19,720 --> 00:03:23,360
Speaker 1: center and kind of convince them to hand over the

67
00:03:23,440 --> 00:03:25,360
Speaker 1: data by posing as an employee.

68
00:03:25,440 --> 00:03:28,280
Speaker 2: Yeah, that's exactly what happens. So they pretended to be

69
00:03:28,320 --> 00:03:31,680
Speaker 2: a Quantus employee. In this instance, they actually use AI

70
00:03:31,760 --> 00:03:34,920
Speaker 2: to modify their voice and make themselves more recognizable to

71
00:03:34,960 --> 00:03:37,200
Speaker 2: the person on the other end of the line, and

72
00:03:37,320 --> 00:03:39,840
Speaker 2: they were able to convince someone in that call center

73
00:03:40,000 --> 00:03:42,520
Speaker 2: to grant them access to the database. Now, this is

74
00:03:42,600 --> 00:03:45,920
Speaker 2: becoming an increasingly popular method for hackers if you think

75
00:03:45,960 --> 00:03:48,520
Speaker 2: about it. You know, most companies these days, they're really

76
00:03:48,560 --> 00:03:51,960
Speaker 2: bolstering up their cybersecurity efforts, so it's harder and harder

77
00:03:52,000 --> 00:03:54,640
Speaker 2: to attack in the traditional ways. So they're actually using

78
00:03:54,720 --> 00:03:56,960
Speaker 2: humans as kind of the weak points in companies to

79
00:03:57,720 --> 00:03:58,440
Speaker 2: make their way in.

80
00:03:59,360 --> 00:04:03,680
Speaker 1: So basically, the tech is becoming so air tight that

81
00:04:04,080 --> 00:04:07,560
Speaker 1: the way they obviously humans make errors and so that's

82
00:04:07,560 --> 00:04:09,200
Speaker 1: how they're seeing as their way in.

83
00:04:09,600 --> 00:04:11,680
Speaker 2: Yeah, and in this case, that is how they launched

84
00:04:11,680 --> 00:04:14,080
Speaker 2: this attack. So essentially, they were able to speak to

85
00:04:14,120 --> 00:04:17,360
Speaker 2: someone who had the right access for Salesforce, and they

86
00:04:17,360 --> 00:04:20,080
Speaker 2: were able to convince them to install a fake integration

87
00:04:20,160 --> 00:04:22,800
Speaker 2: with Salesforce that basically was a key for the hackers

88
00:04:22,800 --> 00:04:25,680
Speaker 2: to access the data that was stored on Salesforce at the.

89
00:04:25,600 --> 00:04:28,680
Speaker 1: Time got it and so that was back in July,

90
00:04:29,320 --> 00:04:30,920
Speaker 1: tell us why we're talking about it today.

91
00:04:31,200 --> 00:04:33,400
Speaker 2: So last week we were actually made aware of a

92
00:04:33,440 --> 00:04:36,320
Speaker 2: post on the hackers' website that contained a sample of

93
00:04:36,320 --> 00:04:39,080
Speaker 2: the data that they'd stolen from those forty companies.

94
00:04:38,720 --> 00:04:40,600
Speaker 1: Around the world, kind of like a teaser, a.

95
00:04:40,560 --> 00:04:44,560
Speaker 2: Teaser exactly, a very dark cliber teaser. As part of

96
00:04:44,600 --> 00:04:47,000
Speaker 2: that post, the hackers told Salesforce that they would have

97
00:04:47,040 --> 00:04:49,400
Speaker 2: to pay a ransom on behalf of the companies or

98
00:04:49,480 --> 00:04:51,880
Speaker 2: risk having the rest of the data leaked on the internet.

99
00:04:52,400 --> 00:04:55,040
Speaker 2: Needless to say, they didn't cough up the money, and

100
00:04:55,160 --> 00:04:59,040
Speaker 2: a Salesforce spokesperson told Titia that they quote will not engage,

101
00:04:59,160 --> 00:05:02,960
Speaker 2: negotiate with, or pay any extortion demand. And on Saturday,

102
00:05:03,160 --> 00:05:06,200
Speaker 2: the data from Quantus at least was leaked. On that

103
00:05:06,240 --> 00:05:09,279
Speaker 2: same day, the hackers posted saying quote don't be the

104
00:05:09,320 --> 00:05:11,400
Speaker 2: next headline, should have paid the ransom.

105
00:05:11,640 --> 00:05:16,000
Speaker 1: WOWE interesting statement from them. I always find it interesting

106
00:05:16,040 --> 00:05:19,360
Speaker 1: whenever we have these conversations about cyber leaks and ransoms

107
00:05:19,760 --> 00:05:23,240
Speaker 1: that the general principle is for these companies to never

108
00:05:23,400 --> 00:05:28,240
Speaker 1: pay ransoms. What is the kind of logic behind that.

109
00:05:28,839 --> 00:05:31,080
Speaker 2: Yeah, I think it is an interesting one because you'd

110
00:05:31,279 --> 00:05:33,280
Speaker 2: sort of see all these headlines and think, why didn't

111
00:05:33,320 --> 00:05:35,640
Speaker 2: they just paid? It would be so much easier. But

112
00:05:35,920 --> 00:05:40,360
Speaker 2: paying ransoms is generally discouraged by cybersecurity experts, and that's

113
00:05:40,400 --> 00:05:43,440
Speaker 2: because while it might make a problem in the moment

114
00:05:43,480 --> 00:05:45,920
Speaker 2: go away, so maybe this startup wouldn't have got leaked,

115
00:05:46,440 --> 00:05:48,760
Speaker 2: at the end of the day, you're still paying cyber criminals,

116
00:05:48,760 --> 00:05:52,080
Speaker 2: so you're effectively financing the next hack. You're paying for

117
00:05:52,120 --> 00:05:55,240
Speaker 2: them to have more resources and more capabilities, And on

118
00:05:55,320 --> 00:05:57,120
Speaker 2: top of that, it also puts your company in a

119
00:05:57,200 --> 00:06:00,200
Speaker 2: vulnerable position because the hackers now know that you're or

120
00:06:00,240 --> 00:06:01,080
Speaker 2: willing to pay up.

121
00:06:01,560 --> 00:06:03,760
Speaker 1: It's about the precedent that it sets as well.

122
00:06:03,960 --> 00:06:07,280
Speaker 2: Yeah, exactly. Now, there's also no guarantee that they won't

123
00:06:07,360 --> 00:06:10,080
Speaker 2: leak the data anyway or use it for other purposes,

124
00:06:10,160 --> 00:06:12,239
Speaker 2: because at the end of the day, we are talking

125
00:06:12,279 --> 00:06:15,080
Speaker 2: about negotiating with criminals here, so they're not kind of

126
00:06:15,120 --> 00:06:18,520
Speaker 2: bound under laws of a traditional agreement where you'd be

127
00:06:18,560 --> 00:06:22,120
Speaker 2: paying money for someone to stop doing something. Now, there

128
00:06:22,160 --> 00:06:25,200
Speaker 2: are some small situations where a company might choose to

129
00:06:25,200 --> 00:06:29,200
Speaker 2: pay ransom, and that's often when hackers have extremely sensitive

130
00:06:29,240 --> 00:06:31,920
Speaker 2: information and you know, they're willing to do basically whatever

131
00:06:32,000 --> 00:06:34,120
Speaker 2: to make sure that the threat is contained.

132
00:06:34,920 --> 00:06:37,400
Speaker 1: And what do we know about the hackers in this case?

133
00:06:37,680 --> 00:06:39,360
Speaker 2: This is actually really interesting. I think we should do

134
00:06:39,400 --> 00:06:42,560
Speaker 2: a whole nother podcast on this, okay, But the sort

135
00:06:42,600 --> 00:06:44,919
Speaker 2: of short version of it is that the hackers in

136
00:06:45,000 --> 00:06:48,279
Speaker 2: this scenario go by the name of Scattered Lapsus Hunters,

137
00:06:48,320 --> 00:06:50,599
Speaker 2: which I won't say again, so we're going to call

138
00:06:50,640 --> 00:06:54,279
Speaker 2: them SLSH. Okay. Moving forward, now, you can kind of

139
00:06:54,279 --> 00:06:56,479
Speaker 2: think of them as like a supergroup that's made up

140
00:06:56,520 --> 00:06:59,480
Speaker 2: of some of the world's most notorious cyber criminals. It's

141
00:06:59,560 --> 00:07:03,320
Speaker 2: understood that the members of SLSH are mainly young native

142
00:07:03,360 --> 00:07:06,320
Speaker 2: English speakers from the US and the UK, some in

143
00:07:06,360 --> 00:07:09,000
Speaker 2: Australia as well, and there's been reports that some of

144
00:07:09,000 --> 00:07:11,560
Speaker 2: them are as young as sixteen years old, so being

145
00:07:11,600 --> 00:07:14,880
Speaker 2: sort of brought into this world very young. Now. The

146
00:07:14,880 --> 00:07:17,080
Speaker 2: people on the STEAM have been responsible for some pretty

147
00:07:17,160 --> 00:07:20,960
Speaker 2: high profile cyber crime incidents, including a ransomware attack on

148
00:07:21,120 --> 00:07:23,960
Speaker 2: MGM Resorts that you might remember that was back in

149
00:07:24,000 --> 00:07:27,760
Speaker 2: twenty twenty three, and that attack cost the company one

150
00:07:27,840 --> 00:07:31,000
Speaker 2: hundred million US dollars just to get the computer systems

151
00:07:31,040 --> 00:07:31,680
Speaker 2: back online.

152
00:07:32,080 --> 00:07:32,480
Speaker 1: Wow.

153
00:07:33,040 --> 00:07:34,960
Speaker 2: Now, one thing that we've kind of brushed over in

154
00:07:35,000 --> 00:07:38,320
Speaker 2: this conversation is that even though we are focusing on Quantus,

155
00:07:38,680 --> 00:07:42,040
Speaker 2: this is affecting, you know, at least forty global companies.

156
00:07:42,440 --> 00:07:44,800
Speaker 2: Quantus was just the biggest Australian one, which is why

157
00:07:44,800 --> 00:07:47,080
Speaker 2: we're talking about it today. It affects the people listening

158
00:07:47,120 --> 00:07:50,360
Speaker 2: to this podcast. But it was a global response to

159
00:07:50,440 --> 00:07:53,640
Speaker 2: this leak. So notably the FBI in the US, they

160
00:07:53,680 --> 00:07:55,800
Speaker 2: were the ones who on the weekend stepped in and

161
00:07:55,840 --> 00:07:59,040
Speaker 2: actually seized the domain that the data was published on,

162
00:07:59,400 --> 00:08:02,400
Speaker 2: and they shut down on the hacker's website. As Lsh

163
00:08:02,440 --> 00:08:05,440
Speaker 2: then took to the social media platform Telegram to say,

164
00:08:05,920 --> 00:08:08,880
Speaker 2: seizing a domain does not really affect our operations. FBI

165
00:08:09,240 --> 00:08:11,520
Speaker 2: try harder, and they popped a little winky face on

166
00:08:11,560 --> 00:08:13,960
Speaker 2: them as well, so, you know, needless to say, they

167
00:08:14,120 --> 00:08:17,680
Speaker 2: are very, very confident. And then in another post they

168
00:08:17,760 --> 00:08:22,360
Speaker 2: also threatened Australia specifically, with one member writing Australia, I

169
00:08:22,400 --> 00:08:24,320
Speaker 2: really hope, for the love of God, you've learned your

170
00:08:24,400 --> 00:08:25,160
Speaker 2: lesson this time.

171
00:08:25,480 --> 00:08:30,080
Speaker 1: Well, they certainly have a certain tone to their statements,

172
00:08:30,280 --> 00:08:34,720
Speaker 1: Yes before we go. For anyone listening to this who

173
00:08:34,920 --> 00:08:37,560
Speaker 1: has received an email from Quantas saying that their data

174
00:08:37,880 --> 00:08:40,800
Speaker 1: was part of this breach, For anyone who was affected,

175
00:08:40,840 --> 00:08:43,080
Speaker 1: what do they what should they do now? Yeah?

176
00:08:43,120 --> 00:08:44,920
Speaker 2: So, I mean the number one piece of advice is

177
00:08:44,960 --> 00:08:47,720
Speaker 2: to just stay on high alert. Quantus has offered a

178
00:08:47,760 --> 00:08:51,920
Speaker 2: specialist identity protection service in the meantime, so affective customers

179
00:08:51,960 --> 00:08:54,040
Speaker 2: can call their twenty four to seven helpline on one

180
00:08:54,040 --> 00:08:56,840
Speaker 2: eight hundred and nine seven five four one. But on

181
00:08:56,880 --> 00:08:59,840
Speaker 2: top of that, you probably shouldn't be taking any calls

182
00:08:59,880 --> 00:09:03,120
Speaker 2: for Quantas because it's very likely that that call could

183
00:09:03,160 --> 00:09:06,080
Speaker 2: be coming from the hackers themselves. And because they have

184
00:09:06,160 --> 00:09:09,960
Speaker 2: your details now, it's far easier for them to impersonate

185
00:09:10,000 --> 00:09:12,720
Speaker 2: someone who works with Quantas or who knows you well,

186
00:09:12,720 --> 00:09:15,200
Speaker 2: because they have those details and they can kind of

187
00:09:15,240 --> 00:09:17,800
Speaker 2: put together a bit of a profile on you. While

188
00:09:17,840 --> 00:09:20,760
Speaker 2: the hackers might not have access to financial details in

189
00:09:20,800 --> 00:09:23,800
Speaker 2: this breach, they could be using that information to, you know,

190
00:09:23,920 --> 00:09:26,160
Speaker 2: take out credit cards in your name or do other

191
00:09:26,200 --> 00:09:28,800
Speaker 2: forms of identity thefts. So just keep a monitor on

192
00:09:28,840 --> 00:09:31,559
Speaker 2: your accounts and make sure that anything that comes through

193
00:09:31,600 --> 00:09:33,439
Speaker 2: that looks suspicious you're following that up.

194
00:09:33,800 --> 00:09:37,480
Speaker 1: And lastly, anything from the Australian government on kind of

195
00:09:37,559 --> 00:09:38,880
Speaker 1: what their involvement in this is.

196
00:09:39,240 --> 00:09:41,440
Speaker 2: Yeah, so they've been pretty stern with Quantas over the

197
00:09:41,440 --> 00:09:44,959
Speaker 2: whole incident. The cyber Security Minister Tony Burke has hinted

198
00:09:44,960 --> 00:09:47,840
Speaker 2: at the possibility of a major fine for Quantus. He

199
00:09:48,000 --> 00:09:51,480
Speaker 2: told the ABC yesterday quote, you can't simply outsource to

200
00:09:51,520 --> 00:09:55,559
Speaker 2: other companies and think suddenly you've got no obligations on cybersecurity.

201
00:09:56,080 --> 00:09:58,400
Speaker 2: Apart from that, it's another one of those situations where

202
00:09:58,440 --> 00:10:00,160
Speaker 2: we'll just have to wait and see.

203
00:10:00,400 --> 00:10:04,239
Speaker 1: One thing that I have found so interesting is yesterday's

204
00:10:04,280 --> 00:10:08,520
Speaker 1: podcast on the person who allegedly started the fires in

205
00:10:08,640 --> 00:10:11,880
Speaker 1: la earlier this year and then now this they've both

206
00:10:12,000 --> 00:10:17,679
Speaker 1: had alleged criminals really using AI to further their crimes

207
00:10:17,679 --> 00:10:19,720
Speaker 1: and the extent of their crimes, and it's just a

208
00:10:19,760 --> 00:10:23,240
Speaker 1: real interesting space to also kind of keep your eye on,

209
00:10:23,440 --> 00:10:27,160
Speaker 1: is how all of these alleged criminals are using AI

210
00:10:27,280 --> 00:10:29,920
Speaker 1: to further perpetrate their crimes.

211
00:10:30,040 --> 00:10:32,320
Speaker 2: Yeah. I think, unfortunately, we might be doing a couple

212
00:10:32,320 --> 00:10:34,520
Speaker 2: more podcasts on this over the next few years.

213
00:10:34,679 --> 00:10:37,280
Speaker 1: Yes, thank you so much Elliott for explaining that to

214
00:10:37,360 --> 00:10:40,120
Speaker 1: us and thank you so much for listening to this

215
00:10:40,200 --> 00:10:42,760
Speaker 1: episode of The Daily os. We'll be back this afternoon

216
00:10:42,760 --> 00:10:45,760
Speaker 1: with your evening headlines, but until then, have a great day.

217
00:10:49,920 --> 00:10:52,199
Speaker 2: My name is Lily Madden and I'm a proud Aarunda

218
00:10:52,440 --> 00:10:55,000
Speaker 2: Bungelung Calcuttin woman from Gadigl Country.

219
00:10:55,840 --> 00:10:58,959
Speaker 1: The Daily oz acknowledges that this podcast is recorded on

220
00:10:59,000 --> 00:11:01,480
Speaker 1: the lands of the Gadigul Piece and pays respect to

221
00:11:01,559 --> 00:11:04,240
Speaker 1: all Aboriginal and torrest Rate island and nations.

222
00:11:04,559 --> 00:11:07,480
Speaker 2: We pay our respects to the first peoples of these countries,

223
00:11:07,600 --> 00:11:08,760
Speaker 2: both past and present.