CONCERNS about hackers swiping secrets from government databases isn’t such a far-fetched fear.
The Department of Local Government was successfully hacked twice in 2018, even after being warned some of its systems were vulnerable in 2015.
Even federal systems are susceptible: Federal departments reported 34 data breaches in the first six months of 2021; those are the ones they noticed, which were serious enough to spark a mandatory report.
An auditor general report from November 2021 found that most WA councils also had Swiss cheese firewalls.
The auditor general brought in ECU’s Security Research Institute to carry out “simulated cyber-attacks” known as ethical hacks, surreptitiously striking 15 councils including Perth.
Nine councils were hacked and never noticed.
Staff at eight councils fell for phoney “phishing” emails pretending to be from trusted sources, clicking dodgy links and handing over dozens of usernames and passwords. The ‘white hat’ hackers deleted them all after the trial, but it exposed how a hacker could easily gain access to ratepayer databases.
The AG office said “none” of the councils could manage vulnerabilities adequately.
The report didn’t identify the councils involved “so as not to expose those LG entities with weaknesses to cyber-criminals”.
But Perth council was still struggling to patch some of the 65 security issues exposed by a 2019 cyber security review when the AG’s ethical hackers hit.
The AG’s latest report recommended better training and said councils should stop using vulnerable, outdated software, with some running programs vulnerable to hacks that’d been around for 20 years.
The risks of getting hacked have gotten even worse with Covid-era remote work arrangements.