CANBERRA, Australia (AP) 鈥 Moscow must he held to account for Russian cybercriminals accused of hacking Australia鈥檚 largest health insurer and on the dark web, Australian officials said Friday.
Australian Federal Police took the unusual step of attributing blame for the unsolved cybercrime that resulted in the personal data of 9.7 million current and former Medibank customers being stolen.
A group of 鈥渓oosely affiliated cybercriminals鈥 operating like a business in Russia were likely responsible for the Medibank attack as well as other significant security breaches around the world, Australian Federal Police Commissioner Reece Kershaw said.
鈥淲e believe we know which individuals are responsible, but I will not be naming them,鈥 Kershaw told reporters. 鈥淲hat I will say is that we鈥檒l be holding talks with Russian law enforcement about these individuals."
Prime Minister Anthony Albanese, who is a Medibank customer who had personal data stolen, said he had authorized police to reveal where the attack had come from.
鈥淲e know where they鈥檙e coming from, we know who is responsible, and we say that they should be held to account,鈥 Albanese said.
鈥淭he nation where these attacks are coming from should also be held accountable for the disgusting attacks, and the release of information including very private and personal information,鈥 Albanese added.
An official from the Russian Embassy in Australia could not be immediately contacted for comment.
The extortionists have been linked to high-profile Russian cybercrime gang REvil, short for Ransomware Evil and also known as Sodinokibi.
The Russian Federal Security Service said in January REvil 鈥渃eased to exist鈥 after several arrests were made at the insistence of the United States.
An old REvil dark web site had started redirecting traffic to a new site that hosts the stolen Medibank data.
Fergus Hanson, director of Australian Strategic Policy Institute think tank鈥檚 cyber policy center, said he was not surprised that the crime gang was based in Russia.
A Medibank employee鈥檚 stolen username and password, which allowed the hackers to enter the company鈥檚 database, had been sold on a Russian dark web forum, Hanson said.
Hanson doubted that culprits operating in Russia would be brought to justice.
But Australia could use its offensive cyber capabilities against the gang in Russia and prosecute their affiliates, who police suspect are operating in other countries.
鈥淭here鈥檚 potential to conduct operations against the group to disrupt their operations, but in terms of seeing them go to prison or appear before a court, I think that鈥檚 pretty unlikely,鈥 Hanson told Australian Broadcasting Corp.
Cybercriminals dumped personal medical records on the dark web for a third day on Friday, this time focusing on alcohol-related illnesses, as they pressure Medibank to pay a ransom.
The criminals , including those involving treatments for HIV and drug addiction, which they described as a 鈥渘aughty鈥 list, after for the return of the hacked data.
The focus shifted to terminated pregnancies in Thursday鈥檚 dump and on Friday to conditions related to harmful levels of alcohol consumption, in a file the thieves labeled 鈥渂oozy.鈥 Medical treatment records of more than 700 customers had been published through Friday in what has been described as Australia鈥檚 most invasive cybercrime.
Other personal details of many more customers have also been made public that could leave them vulnerable to identity theft or fraud, including phone numbers and email addresses.
Confirming the third dump, Medibank CEO David Koczkar said his company was contacting exposed customers and offering support. He expected the daily dumps would continue.
鈥淭he relentless nature of this tactic being used by the criminal is designed to cause distress and harm,鈥 Koczkar said.
鈥淭hese are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,鈥 he added.
The gang, which is becoming increasingly better known as BlogXX within cybersecurity circles, blamed Medibank's failure to pay a $9.7 million ransom demand.
鈥淏ut we warned you. we always keep our word, if we wouldn't receive a ransom - we should post this data, because nobody will believe us in the future,鈥 they posted on Friday.
Kershaw said Australian government policy did not condone paying ransoms to cybercriminals.
鈥淎ny ransom payment, small or large, fuels the cybercrime business model, putting other Australians at risk,鈥 Kershaw said.
Australian authorities are hoping the data remains confined to the dark web and is not spread to a wider audience by social media or reported in detail by the news media.
Albanese urged against anyone accessing the data.
鈥淲e need to provide a disincentive for this sort of criminal, disgusting behavior that is reprehensible,鈥 Albanese said.
鈥淚t鈥檚 causing a great deal of distress in the community. The government acknowledges this and we鈥檙e doing all we can to limit the impact of this and to provide that support to people who are going through this distressing time,鈥 Albanese added.
Rod Mcguirk, The Associated Press
