Cybersecurity and Early Warning System Attack
All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, we occasionally have a storm roll through the area. There may be high winds, hail, and the power may occasionally go out. We have become so used to these harsh winters of the north, not much really bothers us anymore.
Just in case a large storm would come through, the council had an early warning device set up. We have never used it for an event yet. The police chief every three months on the first Tuesday tests the noisemakers (these are so loud) and the text service. Margie’s cats lose their minds during this two minutes of wonderment. Jerry’s dogs howl like it is the full moon. That’s about the only exercise they get these days though.
The Meadow’s system is basic, nothing like a warning network in Australia. The early warning system there had a little issue earlier this year. Like numerous areas throughout the globe, there is the opportunity for a serious storm to affect an area. This could be manifested with heavy rains or snow, flooding, hail, tornado, or any other significant storm. To ensure that the local residents are aware of the circumstances, an early warning system generally is put in place. These measures may not give hours of notice, but some notice is better than none. The system may be audible based with the exceptionally loud horns. These may also send emails or texts to the residents to let them know of the issue. Both may be implemented also, in an attempt to reach everyone possible.
Australia has this service in place. This is offered by the Australian company Aeeris. In Queensland, the municipality uses an SMS system. This sends the emergency messages to those who have signed up for it. These messages may be oriented with extreme weather, fires, evacuations, information, and incident responders. The local citizens depend on this when there are significant weather issues.
Unfortunately, the warning system in Queensland, Australia was attacked. The attack vector involved the unauthorized parties using credentials secured through illicit means. They are not sure of the method used to steal the affected credentials. The attackers accessed without authorization the Queensland EWN (Early Warning Network) on 1/5/2019. The attackers on the successfully compromised system were able to send spam alerts to the service subscribers. These were sent with SMS, landlines, and email. The fake SMS message was moderately short with “EWN has been hacked. Your personal data is not safe.” The alerts also provided instructions on how to unsubscribe to the service. With this attack, it does not appear to be malicious, as the attack apparently did not access or exfiltrate any personal data.
The successful compromise was initially detected by the staff. They noted the unauthorized alerts rather quickly, which I would have hoped was the case. To immediately resolve the issue, the staff did turn off the system. This served to cease any potential further spam messages. This was done soon enough to limit the scope and exposure of the attack. They are also investigating the attack with the police and the Australian Cyber Security Centre.
This unfortunate attack further illustrates the need for a strong perimeter defense and staff training for attacks. Clearly, the tools and methods used to attack the system have not been identified. A strong defensive posture would include these measures. When these areas, and others, are ignored, certain mayhem follows.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Abrams, L. (2019, January 7). Hacker uses Australian early warning network to send spam alerts. Retrieved from https://www.bleepingcomputer.com/news/security/hacker-uses-australian-early-warning-network-to-send-spam-alerts/
Crozier,R. (2019, January 7). Hack spam sent via Australian hazard alert service.
Retrieved from https://www.itnews.com.au/news/hack-spam-sent-via-australian-hazard-alert-service-517552
Cyware. (2019, January 7). Cybercriminals hacked WEN’s systems and sent spam alerts to thousands of people across Australia. Retrieved from https://cyware.com/news/cybercriminals-hacked-wens-systems-and-sent-spam-alerts-to-thougsands-of-people-acrss-australia-0aae601e
McLean, A. (2019, January 7). Emergency warning network confirms breach. Retrieved from https://www.zdnet.com/article/emergency-warning-network-confirms-breach/
Wiggins, N., Hendry, M., McCoskor, A., et al. (2019, January 7). Emergency text and
email service hacked, thousands receive warning message about their personal data. Retrieved from https://www.abc.net.au/news/2019-01-07/emergency-text-service-hacked-warning-about-personal-data-sent/10688748
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.