Optus hack: Hacker community criticizes Optusdata as a “script kiddie”

0

Hackers ROAST ‘Optusdata’ fever for their ‘unprofessional, amateurish and stupid’ telecom hack: ‘In over their head’

  • The hacker behind the Optus data breach has backed down from his ransom demand
  • Colleagues in the hacking community have described the perpetrator as an “amateur”.
  • Cybersecurity experts have said there is nothing “sophisticated” about robberies

Hackers are being ridiculed over the ‘Optusdata’ hacker who stole the personal information of more than 10 million Australians after they demanded a $1.5million ransom – and then apologized.

The hackers released a data stack containing the details of 10,000 Optus customers before backing down from the ultimatum in a series of posts on an online forum used by the hacking community.

Optus said it was the victim of a sophisticated attack, but the hacker’s colleagues have dubbed the cyber thief a “script kiddie” who “got over their heads” and panicked.

The term is used unflatteringly by the community for someone who uses automated programs to infiltrate computer servers and websites.

The hacking community has labeled the perpetrator of the Optus cyber robbery as an “amateur.”

Optusdata's post backing down from their ransom demand (pictured)

Optusdata’s post backing down from their ransom demand (pictured)

“There wasn’t anything sophisticated about it,” said cybersecurity adviser Shubham Shah The Australian.

Shah made his name as a teenager finding vulnerabilities in computer systems for global tech giants like Facebook, PayPal and Uber.

He famously made a small fortune over a 120-day period by accumulating rewards known as “bug bounties” – hackers paid by companies to inform them of opportunities to break into their systems.

Shah claimed the information was exposed via “an endpoint where someone forgot to authenticate and unfortunately we see that all the time”.

The hacker gave in after initially threatening to release 10,000 customers’ data every day for four days until Optus paid the ransom.

“Too many eyes. We will not (sic) sell data to anyone. We can’t, if we even want to: personally delete data from the drive (copy only),” the hacker said in a statement.

Other users on the forum where Optusdata posted their demands were quick to criticize the raid.

“Optus would probably have paid you a lot to quietly plug the leak. No too smart. If you want to steal data, at least don’t be an amateur,” wrote one user.

“It was a pretty stupid move from the start,” said another.

“Not a very professional job at all,” said a third.

“Screenwriting kiddies at their best,” added a fourth.

Optus CEO Kelly Bayer Rosemary (pictured) claimed customer data was encrypted and the telco

Optus CEO Kelly Bayer Rosemary (pictured) claimed customer data was encrypted and that the telco “did everything possible” to prevent the hack

Even if the hacker was a member of a gang, it could very well be a teenager.

British police this year arrested several 16 and 17-year-olds suspected of being high-level members of the notorious hacking group Lapsus$, which has infiltrated tech giants like Microsoft and Samsung.

Optus requires 100 identification points when signing up new customers, resulting in them having the driving licence, passport, Medicare and banking details of millions of Australians.

Those affected by a massive breach can change their driver’s license numbers and get new cards, with the telecom company expected to foot the bill in the millions of dollars to make the switch.

The governments of NSW, Victoria, Queensland and South Australia on Tuesday night began removing the red tape for anyone who can prove they are a victim of the hack.

Optus said it will offer “the hardest hit” customers the option to take out a one-year subscription to credit monitoring service Equifax Protect for free.

advertisement

Share.

About Author

Comments are closed.