Optus rejects insider claims of 'human error' as possible factor in hack affecting millions of Australians

| 24.09,22. 02:25 AM |

Optus rejects insider claims of 'human error' as possible factor in hack affecting millions of Australians

Optus has strenuously denied "human error" being a contributing factor in a data breach that inadvertently allowed cyber criminals to steal personal details of potentially millions of customers.

A senior figure inside Optus has spoken to the ABC on the condition of anonymity to offer confidential insights into the early findings uncovered by the telecommunication company's IT specialists.

"[It's] still under investigation, however, this breach, like most, appears to come down to human error," the Optus insider told the ABC.

"[They] wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA)."

The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.

"Eventually one of the networks it was exposed to was a test network which happened to have internet access."

It's claimed this allowed access to the Optus network from outside the company.

A graphics shows an API which sits between the internet and a web server, which are between a web browser and database.
Application Programming Interfaces enable different applications to talk to each other.(ABC News: Emma Machan)

Optus told the ABC suggestions the attack stemmed from any form of human error were completely inaccurate but insisted the "sophisticated" incident was still under investigation.

Earlier on Friday, the ABC put specific questions to Optus CEO Kelly Bayer Rosmarin about whether human error involving the company's API was behind the breach.

"I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so we will not be divulging details about that," Ms Bayer Rosmarin told an online media briefing.

"Optus has very strong cyber defences, cyber security has a lot of focus and investment here and so this should serve as a warning call to all organisations: there are sophisticated criminals out there and we really need all organisations out there to be on alert".

The ABC has been told Optus believes those behind the intrusion scraped the consumer database and about one third was successfully copied.

Ms Bayer Rosmarin has declined to specify how many customers have had their data breached, but the Optus CEO believes it's much lower than the "worst case scenario" of 9.8 million.

"We expect the number to be considerably less than that once we've worked through the information".

Former AFP cyber expert says human error likely led to hack

Former Australian Federal Police officer and cyber security expert Nigel Phair said human error was a very likely contributing factor in the massive data breach.

"Organisations like Optus and many others of that ilk have really good controls around firewalls and identification of intrusions and that type of thing," Mr Phair said.

"There's been a weakness somewhere and invariably that weakness, from what we've seen normally, is from a human."

Mr Phair, who now runs the Cyber Centre at the University of New South Wales, said big companies such as Optus have many networks and different applications that talk to each other in those networks.

"So, we build APIs so that they can talk to each other and includes things like having a test network where you might test a patch for an upgrade or a security flaw," he explained.

"Because it's a test network, invariably there's not the same amount of controls and security around it because often it only has dummy data in it.

"Often, they're internet facing because you need to get the patch or the upgrade or whatever it might be off a vendor or supplier via the internet.

"So that could be a way where the criminals have been able to work their way through and bypass what is otherwise very good security mechanisms".

(Votes: 0)

Other News

South Australian government to consider cash reward for assistance in locating Peter Falconio's body Search after girl allegedly filmed in Brisbane shop toilet cubicle NSW garbage truck driver 'so sorry' for pedestrian death Pension pain: 'Four per cent, will it make a difference to people? Absolutely not' Don't shower during a thunderstorm. Here's why Man dies in head-on semi-trailer and car crash at Woomargama, NSW Northern NSW on high alert for flash flooding following 150mm of rain in two hours Boeing agrees to pay $301 million for misleading the public about the 737 Max Body of man found in river after desperate search for missing swimmer NSW opposition leader sacks frontbench MP on radio NSW Police officer braves surging floodwaters to rescue three people including a toddler Dire warning for future NSW flooding events as state smashed by rain School bus recovered as police investigate horror collision with truck Sydney woman awarded $1m after falling between train and platform Sydney identity Fadi Ibrahim changes plea ahead of trial Melbourne Love Machine nightclub drive-by killers jailed for life Where double demerits will be in force for Australia's National Day of Mourning 'Someone knows something': Police hunting for Queensland hit-run driver Men jailed for stabbing dying Victorian teen Australia's oldest man, Frank Mawer, dies aged 110 after contracting COVID-19 Rapist who dragged woman from Melbourne bus stop jailed Man on the run from police after armed robbery at NSW service station More than 600,000 nib members to receive $40 million back in claims savings NSW drivers warned of major traffic delays ahead of National Day of Mourning and school holidays Petrol prices won't jump after end of fuel discount, Treasurer says Anthony Albanese among world leaders at Queen's funeral Qantas' three-hour warning to travellers Four homes inundated in Gunnedah as Namoi River recedes from higher than expected peak More than two years after NSW ice report, cabinet infighting blocks significant change Millions of Aussies to get welfare payment boost tomorrow in cost of living crunch