WEBVTT - How hackers hit Qantas

0:00:00.520 --> 0:00:03.480
<v Speaker 1>Already and this is this is the Daily h this

0:00:03.560 --> 0:00:06.840
<v Speaker 1>is the Daily OAHs. Oh now it makes sense.

0:00:14.680 --> 0:00:17.239
<v Speaker 2>Good morning, and welcome to the Daily Odds. It's Tuesday,

0:00:17.280 --> 0:00:19.880
<v Speaker 2>the fourteenth of October. I'm Elliott, Lorie.

0:00:19.720 --> 0:00:20.360
<v Speaker 1>I'm Billy good.

0:00:20.400 --> 0:00:24.360
<v Speaker 2>Simon's names, phone numbers, and email addresses were just some

0:00:24.520 --> 0:00:27.479
<v Speaker 2>of the personal data points compromise during a hacking scandal

0:00:27.560 --> 0:00:30.639
<v Speaker 2>that first hick Quantas back in July. Fast forward to

0:00:30.640 --> 0:00:33.520
<v Speaker 2>this week and things have escalated, with the hackers behind

0:00:33.560 --> 0:00:36.440
<v Speaker 2>the attack leaking that data on the dark web. On

0:00:36.479 --> 0:00:39.640
<v Speaker 2>today's podcast, we're breaking down exactly what happened, how the

0:00:39.680 --> 0:00:42.040
<v Speaker 2>hackers got in, who was behind the attack, and what

0:00:42.159 --> 0:00:44.479
<v Speaker 2>Quantus customers can do to protect themselves.

0:00:48.360 --> 0:00:51.720
<v Speaker 1>Elliott, there were so many headlines about Quantus and this

0:00:51.960 --> 0:00:55.720
<v Speaker 1>data leak over the weekend. Where did this story all begin?

0:00:55.840 --> 0:00:58.200
<v Speaker 1>Because I remember this coming up a few months ago.

0:00:58.240 --> 0:01:00.760
<v Speaker 2>Now, Yeah, this story's been kicking around for quite a

0:01:00.800 --> 0:01:03.680
<v Speaker 2>while now. It actually first came up in July. That

0:01:03.800 --> 0:01:06.720
<v Speaker 2>was when we first heard from Quantus that they had

0:01:06.760 --> 0:01:09.360
<v Speaker 2>detected a breach at one of their third party call

0:01:09.440 --> 0:01:13.080
<v Speaker 2>centers and they were working to contain that breach. As

0:01:13.120 --> 0:01:14.960
<v Speaker 2>part of the statement that they first put out, they

0:01:15.000 --> 0:01:17.720
<v Speaker 2>revealed that the data of up to six million Quantus

0:01:17.800 --> 0:01:20.640
<v Speaker 2>customers had been compromised. That's a lot. It's a very

0:01:20.640 --> 0:01:23.839
<v Speaker 2>big number. Now, when I say compromised, we're talking about

0:01:23.880 --> 0:01:27.399
<v Speaker 2>things like names, email addresses, phone numbers, birth dates, and

0:01:27.480 --> 0:01:31.880
<v Speaker 2>frequent flyer numbers. Importantly, Quantus said that things like passports,

0:01:31.880 --> 0:01:35.119
<v Speaker 2>credit card details, account passwords and pins, you know that

0:01:35.240 --> 0:01:38.119
<v Speaker 2>really sensitive information that was not part of the breach.

0:01:38.560 --> 0:01:41.720
<v Speaker 2>And Quantus responded by obtaining a permanent injunction from the

0:01:41.720 --> 0:01:44.399
<v Speaker 2>Supreme Court of New South Wales to prevent use or

0:01:44.400 --> 0:01:47.920
<v Speaker 2>further publication of the stolen data. So this basically made

0:01:47.960 --> 0:01:50.560
<v Speaker 2>it illegal to spread any of the information publicly, but

0:01:50.640 --> 0:01:53.240
<v Speaker 2>it doesn't erase the fact that the data is already

0:01:53.280 --> 0:01:53.680
<v Speaker 2>out there.

0:01:54.080 --> 0:01:56.760
<v Speaker 1>When I was reading about this over the weekend, one

0:01:56.840 --> 0:01:59.000
<v Speaker 1>of the things that I was really interested to learn

0:01:59.160 --> 0:02:02.800
<v Speaker 1>is actually how hackers got this information, because it wasn't

0:02:02.880 --> 0:02:06.000
<v Speaker 1>just through them going into the computer systems. What can

0:02:06.000 --> 0:02:06.680
<v Speaker 1>you tell us about that?

0:02:06.880 --> 0:02:08.880
<v Speaker 2>Yeah, A little peak behind the TDA curtain is that

0:02:08.919 --> 0:02:10.839
<v Speaker 2>when we put stories in the morning, it's often hard

0:02:10.880 --> 0:02:13.760
<v Speaker 2>to get Billy up and excited about what we're talking about.

0:02:13.800 --> 0:02:17.440
<v Speaker 2>That's not true this morning. You were especially excited about

0:02:17.440 --> 0:02:17.960
<v Speaker 2>this story.

0:02:18.120 --> 0:02:21.600
<v Speaker 1>I was because of how they got this information. I

0:02:21.639 --> 0:02:22.799
<v Speaker 1>find it so interesting.

0:02:22.919 --> 0:02:25.800
<v Speaker 2>It is interesting, I'll give you that. So basically it

0:02:25.840 --> 0:02:28.800
<v Speaker 2>wasn't a direct breach of Quantuss systems, but rather they

0:02:28.840 --> 0:02:32.320
<v Speaker 2>got the information from a platform called Salesforce. So I'm

0:02:32.360 --> 0:02:34.480
<v Speaker 2>sure quite a few of our listeners would be familiar

0:02:34.520 --> 0:02:37.040
<v Speaker 2>with Salesforce, at least they would have heard the name. Maybe.

0:02:37.120 --> 0:02:40.200
<v Speaker 2>It's basically a really popular tool that's used by a

0:02:40.320 --> 0:02:43.800
<v Speaker 2>lot of companies around the world to help with managing

0:02:43.800 --> 0:02:46.320
<v Speaker 2>customer relationships. That's kind of the primary function, but it

0:02:46.360 --> 0:02:49.000
<v Speaker 2>also can be used for marketing and sales and a

0:02:49.000 --> 0:02:51.760
<v Speaker 2>bunch of other things that help the business go around. Now,

0:02:51.880 --> 0:02:54.760
<v Speaker 2>at least forty major companies from around the world who

0:02:54.880 --> 0:02:57.680
<v Speaker 2>used Salesforce were caught up in this attack, So we're

0:02:57.680 --> 0:03:02.560
<v Speaker 2>talking about some pretty big names here. Think of Toyota, Disney, McDonald's, Aquia,

0:03:02.800 --> 0:03:07.520
<v Speaker 2>and of course Quantus. Yes, so basically Salesforce holds all

0:03:07.560 --> 0:03:11.079
<v Speaker 2>of these companies customer data, and in the case of Quantus,

0:03:11.080 --> 0:03:14.079
<v Speaker 2>it's understood the hackers retrieve the information from a call

0:03:14.120 --> 0:03:16.000
<v Speaker 2>center in the Philippines.

0:03:15.680 --> 0:03:19.640
<v Speaker 1>And that's what's so interesting. That they called this call

0:03:19.720 --> 0:03:23.360
<v Speaker 1>center and kind of convince them to hand over the

0:03:23.440 --> 0:03:25.360
<v Speaker 1>data by posing as an employee.

0:03:25.440 --> 0:03:28.280
<v Speaker 2>Yeah, that's exactly what happens. So they pretended to be

0:03:28.320 --> 0:03:31.680
<v Speaker 2>a Quantus employee. In this instance, they actually use AI

0:03:31.760 --> 0:03:34.920
<v Speaker 2>to modify their voice and make themselves more recognizable to

0:03:34.960 --> 0:03:37.200
<v Speaker 2>the person on the other end of the line, and

0:03:37.320 --> 0:03:39.840
<v Speaker 2>they were able to convince someone in that call center

0:03:40.000 --> 0:03:42.520
<v Speaker 2>to grant them access to the database. Now, this is

0:03:42.600 --> 0:03:45.920
<v Speaker 2>becoming an increasingly popular method for hackers if you think

0:03:45.960 --> 0:03:48.520
<v Speaker 2>about it. You know, most companies these days, they're really

0:03:48.560 --> 0:03:51.960
<v Speaker 2>bolstering up their cybersecurity efforts, so it's harder and harder

0:03:52.000 --> 0:03:54.640
<v Speaker 2>to attack in the traditional ways. So they're actually using

0:03:54.720 --> 0:03:56.960
<v Speaker 2>humans as kind of the weak points in companies to

0:03:57.720 --> 0:03:58.440
<v Speaker 2>make their way in.

0:03:59.360 --> 0:04:03.680
<v Speaker 1>So basically, the tech is becoming so air tight that

0:04:04.080 --> 0:04:07.560
<v Speaker 1>the way they obviously humans make errors and so that's

0:04:07.560 --> 0:04:09.200
<v Speaker 1>how they're seeing as their way in.

0:04:09.600 --> 0:04:11.680
<v Speaker 2>Yeah, and in this case, that is how they launched

0:04:11.680 --> 0:04:14.080
<v Speaker 2>this attack. So essentially, they were able to speak to

0:04:14.120 --> 0:04:17.360
<v Speaker 2>someone who had the right access for Salesforce, and they

0:04:17.360 --> 0:04:20.080
<v Speaker 2>were able to convince them to install a fake integration

0:04:20.160 --> 0:04:22.800
<v Speaker 2>with Salesforce that basically was a key for the hackers

0:04:22.800 --> 0:04:25.680
<v Speaker 2>to access the data that was stored on Salesforce at the.

0:04:25.600 --> 0:04:28.680
<v Speaker 1>Time got it and so that was back in July,

0:04:29.320 --> 0:04:30.920
<v Speaker 1>tell us why we're talking about it today.

0:04:31.200 --> 0:04:33.400
<v Speaker 2>So last week we were actually made aware of a

0:04:33.440 --> 0:04:36.320
<v Speaker 2>post on the hackers' website that contained a sample of

0:04:36.320 --> 0:04:39.080
<v Speaker 2>the data that they'd stolen from those forty companies.

0:04:38.720 --> 0:04:40.600
<v Speaker 1>Around the world, kind of like a teaser, a.

0:04:40.560 --> 0:04:44.560
<v Speaker 2>Teaser exactly, a very dark cliber teaser. As part of

0:04:44.600 --> 0:04:47.000
<v Speaker 2>that post, the hackers told Salesforce that they would have

0:04:47.040 --> 0:04:49.400
<v Speaker 2>to pay a ransom on behalf of the companies or

0:04:49.480 --> 0:04:51.880
<v Speaker 2>risk having the rest of the data leaked on the internet.

0:04:52.400 --> 0:04:55.040
<v Speaker 2>Needless to say, they didn't cough up the money, and

0:04:55.160 --> 0:04:59.040
<v Speaker 2>a Salesforce spokesperson told Titia that they quote will not engage,

0:04:59.160 --> 0:05:02.960
<v Speaker 2>negotiate with, or pay any extortion demand. And on Saturday,

0:05:03.160 --> 0:05:06.200
<v Speaker 2>the data from Quantus at least was leaked. On that

0:05:06.240 --> 0:05:09.279
<v Speaker 2>same day, the hackers posted saying quote don't be the

0:05:09.320 --> 0:05:11.400
<v Speaker 2>next headline, should have paid the ransom.

0:05:11.640 --> 0:05:16.000
<v Speaker 1>WOWE interesting statement from them. I always find it interesting

0:05:16.040 --> 0:05:19.360
<v Speaker 1>whenever we have these conversations about cyber leaks and ransoms

0:05:19.760 --> 0:05:23.240
<v Speaker 1>that the general principle is for these companies to never

0:05:23.400 --> 0:05:28.240
<v Speaker 1>pay ransoms. What is the kind of logic behind that.

0:05:28.839 --> 0:05:31.080
<v Speaker 2>Yeah, I think it is an interesting one because you'd

0:05:31.279 --> 0:05:33.280
<v Speaker 2>sort of see all these headlines and think, why didn't

0:05:33.320 --> 0:05:35.640
<v Speaker 2>they just paid? It would be so much easier. But

0:05:35.920 --> 0:05:40.360
<v Speaker 2>paying ransoms is generally discouraged by cybersecurity experts, and that's

0:05:40.400 --> 0:05:43.440
<v Speaker 2>because while it might make a problem in the moment

0:05:43.480 --> 0:05:45.920
<v Speaker 2>go away, so maybe this startup wouldn't have got leaked,

0:05:46.440 --> 0:05:48.760
<v Speaker 2>at the end of the day, you're still paying cyber criminals,

0:05:48.760 --> 0:05:52.080
<v Speaker 2>so you're effectively financing the next hack. You're paying for

0:05:52.120 --> 0:05:55.240
<v Speaker 2>them to have more resources and more capabilities, And on

0:05:55.320 --> 0:05:57.120
<v Speaker 2>top of that, it also puts your company in a

0:05:57.200 --> 0:06:00.200
<v Speaker 2>vulnerable position because the hackers now know that you're or

0:06:00.240 --> 0:06:01.080
<v Speaker 2>willing to pay up.

0:06:01.560 --> 0:06:03.760
<v Speaker 1>It's about the precedent that it sets as well.

0:06:03.960 --> 0:06:07.280
<v Speaker 2>Yeah, exactly. Now, there's also no guarantee that they won't

0:06:07.360 --> 0:06:10.080
<v Speaker 2>leak the data anyway or use it for other purposes,

0:06:10.160 --> 0:06:12.239
<v Speaker 2>because at the end of the day, we are talking

0:06:12.279 --> 0:06:15.080
<v Speaker 2>about negotiating with criminals here, so they're not kind of

0:06:15.120 --> 0:06:18.520
<v Speaker 2>bound under laws of a traditional agreement where you'd be

0:06:18.560 --> 0:06:22.120
<v Speaker 2>paying money for someone to stop doing something. Now, there

0:06:22.160 --> 0:06:25.200
<v Speaker 2>are some small situations where a company might choose to

0:06:25.200 --> 0:06:29.200
<v Speaker 2>pay ransom, and that's often when hackers have extremely sensitive

0:06:29.240 --> 0:06:31.920
<v Speaker 2>information and you know, they're willing to do basically whatever

0:06:32.000 --> 0:06:34.120
<v Speaker 2>to make sure that the threat is contained.

0:06:34.920 --> 0:06:37.400
<v Speaker 1>And what do we know about the hackers in this case?

0:06:37.680 --> 0:06:39.360
<v Speaker 2>This is actually really interesting. I think we should do

0:06:39.400 --> 0:06:42.560
<v Speaker 2>a whole nother podcast on this, okay, But the sort

0:06:42.600 --> 0:06:44.919
<v Speaker 2>of short version of it is that the hackers in

0:06:45.000 --> 0:06:48.279
<v Speaker 2>this scenario go by the name of Scattered Lapsus Hunters,

0:06:48.320 --> 0:06:50.599
<v Speaker 2>which I won't say again, so we're going to call

0:06:50.640 --> 0:06:54.279
<v Speaker 2>them SLSH. Okay. Moving forward, now, you can kind of

0:06:54.279 --> 0:06:56.479
<v Speaker 2>think of them as like a supergroup that's made up

0:06:56.520 --> 0:06:59.480
<v Speaker 2>of some of the world's most notorious cyber criminals. It's

0:06:59.560 --> 0:07:03.320
<v Speaker 2>understood that the members of SLSH are mainly young native

0:07:03.360 --> 0:07:06.320
<v Speaker 2>English speakers from the US and the UK, some in

0:07:06.360 --> 0:07:09.000
<v Speaker 2>Australia as well, and there's been reports that some of

0:07:09.000 --> 0:07:11.560
<v Speaker 2>them are as young as sixteen years old, so being

0:07:11.600 --> 0:07:14.880
<v Speaker 2>sort of brought into this world very young. Now. The

0:07:14.880 --> 0:07:17.080
<v Speaker 2>people on the STEAM have been responsible for some pretty

0:07:17.160 --> 0:07:20.960
<v Speaker 2>high profile cyber crime incidents, including a ransomware attack on

0:07:21.120 --> 0:07:23.960
<v Speaker 2>MGM Resorts that you might remember that was back in

0:07:24.000 --> 0:07:27.760
<v Speaker 2>twenty twenty three, and that attack cost the company one

0:07:27.840 --> 0:07:31.000
<v Speaker 2>hundred million US dollars just to get the computer systems

0:07:31.040 --> 0:07:31.680
<v Speaker 2>back online.

0:07:32.080 --> 0:07:32.480
<v Speaker 1>Wow.

0:07:33.040 --> 0:07:34.960
<v Speaker 2>Now, one thing that we've kind of brushed over in

0:07:35.000 --> 0:07:38.320
<v Speaker 2>this conversation is that even though we are focusing on Quantus,

0:07:38.680 --> 0:07:42.040
<v Speaker 2>this is affecting, you know, at least forty global companies.

0:07:42.440 --> 0:07:44.800
<v Speaker 2>Quantus was just the biggest Australian one, which is why

0:07:44.800 --> 0:07:47.080
<v Speaker 2>we're talking about it today. It affects the people listening

0:07:47.120 --> 0:07:50.360
<v Speaker 2>to this podcast. But it was a global response to

0:07:50.440 --> 0:07:53.640
<v Speaker 2>this leak. So notably the FBI in the US, they

0:07:53.680 --> 0:07:55.800
<v Speaker 2>were the ones who on the weekend stepped in and

0:07:55.840 --> 0:07:59.040
<v Speaker 2>actually seized the domain that the data was published on,

0:07:59.400 --> 0:08:02.400
<v Speaker 2>and they shut down on the hacker's website. As Lsh

0:08:02.440 --> 0:08:05.440
<v Speaker 2>then took to the social media platform Telegram to say,

0:08:05.920 --> 0:08:08.880
<v Speaker 2>seizing a domain does not really affect our operations. FBI

0:08:09.240 --> 0:08:11.520
<v Speaker 2>try harder, and they popped a little winky face on

0:08:11.560 --> 0:08:13.960
<v Speaker 2>them as well, so, you know, needless to say, they

0:08:14.120 --> 0:08:17.680
<v Speaker 2>are very, very confident. And then in another post they

0:08:17.760 --> 0:08:22.360
<v Speaker 2>also threatened Australia specifically, with one member writing Australia, I

0:08:22.400 --> 0:08:24.320
<v Speaker 2>really hope, for the love of God, you've learned your

0:08:24.400 --> 0:08:25.160
<v Speaker 2>lesson this time.

0:08:25.480 --> 0:08:30.080
<v Speaker 1>Well, they certainly have a certain tone to their statements,

0:08:30.280 --> 0:08:34.720
<v Speaker 1>Yes before we go. For anyone listening to this who

0:08:34.920 --> 0:08:37.560
<v Speaker 1>has received an email from Quantas saying that their data

0:08:37.880 --> 0:08:40.800
<v Speaker 1>was part of this breach, For anyone who was affected,

0:08:40.840 --> 0:08:43.080
<v Speaker 1>what do they what should they do now? Yeah?

0:08:43.120 --> 0:08:44.920
<v Speaker 2>So, I mean the number one piece of advice is

0:08:44.960 --> 0:08:47.720
<v Speaker 2>to just stay on high alert. Quantus has offered a

0:08:47.760 --> 0:08:51.920
<v Speaker 2>specialist identity protection service in the meantime, so affective customers

0:08:51.960 --> 0:08:54.040
<v Speaker 2>can call their twenty four to seven helpline on one

0:08:54.040 --> 0:08:56.840
<v Speaker 2>eight hundred and nine seven five four one. But on

0:08:56.880 --> 0:08:59.840
<v Speaker 2>top of that, you probably shouldn't be taking any calls

0:08:59.880 --> 0:09:03.120
<v Speaker 2>for Quantas because it's very likely that that call could

0:09:03.160 --> 0:09:06.080
<v Speaker 2>be coming from the hackers themselves. And because they have

0:09:06.160 --> 0:09:09.960
<v Speaker 2>your details now, it's far easier for them to impersonate

0:09:10.000 --> 0:09:12.720
<v Speaker 2>someone who works with Quantas or who knows you well,

0:09:12.720 --> 0:09:15.200
<v Speaker 2>because they have those details and they can kind of

0:09:15.240 --> 0:09:17.800
<v Speaker 2>put together a bit of a profile on you. While

0:09:17.840 --> 0:09:20.760
<v Speaker 2>the hackers might not have access to financial details in

0:09:20.800 --> 0:09:23.800
<v Speaker 2>this breach, they could be using that information to, you know,

0:09:23.920 --> 0:09:26.160
<v Speaker 2>take out credit cards in your name or do other

0:09:26.200 --> 0:09:28.800
<v Speaker 2>forms of identity thefts. So just keep a monitor on

0:09:28.840 --> 0:09:31.559
<v Speaker 2>your accounts and make sure that anything that comes through

0:09:31.600 --> 0:09:33.439
<v Speaker 2>that looks suspicious you're following that up.

0:09:33.800 --> 0:09:37.480
<v Speaker 1>And lastly, anything from the Australian government on kind of

0:09:37.559 --> 0:09:38.880
<v Speaker 1>what their involvement in this is.

0:09:39.240 --> 0:09:41.440
<v Speaker 2>Yeah, so they've been pretty stern with Quantas over the

0:09:41.440 --> 0:09:44.959
<v Speaker 2>whole incident. The cyber Security Minister Tony Burke has hinted

0:09:44.960 --> 0:09:47.840
<v Speaker 2>at the possibility of a major fine for Quantus. He

0:09:48.000 --> 0:09:51.480
<v Speaker 2>told the ABC yesterday quote, you can't simply outsource to

0:09:51.520 --> 0:09:55.559
<v Speaker 2>other companies and think suddenly you've got no obligations on cybersecurity.

0:09:56.080 --> 0:09:58.400
<v Speaker 2>Apart from that, it's another one of those situations where

0:09:58.440 --> 0:10:00.160
<v Speaker 2>we'll just have to wait and see.

0:10:00.400 --> 0:10:04.239
<v Speaker 1>One thing that I have found so interesting is yesterday's

0:10:04.280 --> 0:10:08.520
<v Speaker 1>podcast on the person who allegedly started the fires in

0:10:08.640 --> 0:10:11.880
<v Speaker 1>la earlier this year and then now this they've both

0:10:12.000 --> 0:10:17.679
<v Speaker 1>had alleged criminals really using AI to further their crimes

0:10:17.679 --> 0:10:19.720
<v Speaker 1>and the extent of their crimes, and it's just a

0:10:19.760 --> 0:10:23.240
<v Speaker 1>real interesting space to also kind of keep your eye on,

0:10:23.440 --> 0:10:27.160
<v Speaker 1>is how all of these alleged criminals are using AI

0:10:27.280 --> 0:10:29.920
<v Speaker 1>to further perpetrate their crimes.

0:10:30.040 --> 0:10:32.320
<v Speaker 2>Yeah. I think, unfortunately, we might be doing a couple

0:10:32.320 --> 0:10:34.520
<v Speaker 2>more podcasts on this over the next few years.

0:10:34.679 --> 0:10:37.280
<v Speaker 1>Yes, thank you so much Elliott for explaining that to

0:10:37.360 --> 0:10:40.120
<v Speaker 1>us and thank you so much for listening to this

0:10:40.200 --> 0:10:42.760
<v Speaker 1>episode of The Daily os. We'll be back this afternoon

0:10:42.760 --> 0:10:45.760
<v Speaker 1>with your evening headlines, but until then, have a great day.

0:10:49.920 --> 0:10:52.199
<v Speaker 2>My name is Lily Madden and I'm a proud Aarunda

0:10:52.440 --> 0:10:55.000
<v Speaker 2>Bungelung Calcuttin woman from Gadigl Country.

0:10:55.840 --> 0:10:58.959
<v Speaker 1>The Daily oz acknowledges that this podcast is recorded on

0:10:59.000 --> 0:11:01.480
<v Speaker 1>the lands of the Gadigul Piece and pays respect to

0:11:01.559 --> 0:11:04.240
<v Speaker 1>all Aboriginal and torrest Rate island and nations.

0:11:04.559 --> 0:11:07.480
<v Speaker 2>We pay our respects to the first peoples of these countries,

0:11:07.600 --> 0:11:08.760
<v Speaker 2>both past and present.