A hacker managed to infiltrate Australian emergency warning system Early Warning Network (EWN). The hacker accessed the system and sent countless messages to random citizens informing them that “you’ve been hacked.”
However, the warning service’s managing director Kerry Plowright claims that someone did infiltrate and accessed the system but user information hasn’t been exposed. Plowright terms the message as a “nuisance” spam notice.
See: Hackers can send fake emergency alerts by exploiting 4G LTE protocol flaws
“EWN staff at the time were able to quickly identify the attack and shut off our systems limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert. This event did not compromise anybody’s personal information. The actual data held in our system is just “white pages” type data, we deliberately don’t hold any other personal information,” read EWN’s announcement.
The security breach occurred over the weekend. Registered members of EWN.com.au were sent messages by the hacker that the system is hacked and their personal information has been exposed.
“EWN has been hacked. Your personal data is not safe. Trying to fix the security issues,” claimed the hacker in the message that was sent to tens of thousands of users. The message also included an email address of the support center. According to Plowright, this email address is harmless.
Australian Cyber Security Centre and the Australian police department have been informed and investigations are currently underway.
As per the information shared by EWN, the security breach happened on Saturday and the culprit launched the attack from within Australia while the messages were sent via SMS and email. Australia’s national identity cyber support service IDCARE’s Dave Lacey also claims that many of the service users have been affected by the breach.
Lacey further stated that such attacks are quite common nowadays and generally hackers manage to infiltrate such systems after they identify security lapses.
“When you look at the link (in the messages and email), it seems to be taking them back to the original company. Usually (in a phishing attack) there is a call to action to a fake link,” explained Lacey.
The EWN system is mainly used by the federal, state, and local governments for sending out warning messages to Australians during emergency situations. The system’s database contained email IDs, home and mobile phone numbers of the registered members. During the attack, the EWN systems weren’t shut down and the hacker was controlling the system.
Reputational risk is the biggest threat to an organization when such attacks occur. As Lacey stated: “It damages the trust in the organization.”
EWN also understands this aspect and has already stated that “the purpose of that notification from the person that sent it was to damage this business. It was malicious.”
The agencies that have been affected by the breach include state government and federal government clients and numerous Queensland councils including Ipswich, Gladstone, and Tableland cities.