Topics: Passing of Bert Newton; ‘Beat cyber crime in your down time’ cyber security campaign.
CHRIS SMITH: Karen Andrews is the Minister for Home Affairs and joins me now. Good morning, Minister.
KAREN ANDREWS: Good morning, Chris. How are you?
CHRIS SMITH: I’m very well. I guess – like everyone – you were quite shocked when you heard the news of the passing of Bert Newton?
KAREN ANDREWS: Oh absolutely – I mean, it’s so sad. So many Australians have literally grown up with Bert. It’s so hard – you know, to realise that he’s gone now – and, of course, for his family and for his very close friends it’s devastating.
CHRIS SMITH: Yeah, very, very true. Tell us about cyber-attacks. What is a cyber-attack and where do they occur?
KAREN ANDREWS: Cyber-attacks can take many, many forms. You mentioned in the lead‑in about ransomware attacks. That’s basically where people – often overseas but not always overseas – basically access or hack into a computer system, and they place malware or they place other mechanisms on there that activate an event. Often that event is a ransomware attack where they will lock out or take away information that’s held on the server, and then charge a ransom for that information to be given back; in simple terms. Now, what we do know is that some of these ransoms can be extraordinarily high; run into millions of dollars, depending on the size of the organisations. We do know that organisations in particular who pay a ransom, are more likely to get a further attack and there’s no guarantee they will actually get the information that has been stolen back. So we – as a Government – have made it very clear that we don’t condone payment of a ransom; we encourage people not to do that. We do encourage them to get in touch with our Australian Cyber Security Centre – which is at cyber.gov.au – to report and get support as to how to deal with the ransom attack. But for people at home; they’re also subject to scam emails; scam messages; identity theft; and it just goes on and on and on.
CHRIS SMITH: Yeah, and now they’re able to hack into major servers and our own personal information in so many other ways; it’s not just through your standard computer sitting in the office at home, it’s all the other devices we have.
KAREN ANDREWS: Absolutely, yes. Certainly a mobile phone – which so many people actually have – but it’s a whole range of other devices that people have also; that can include things such as a smart fridge, you know – all that information can be accessed. So there is a lot of personal information out there that people want to protect and need to protect. But there’s also privacy considerations – there’s information that you just don’t want out there in the public space.
CHRIS SMITH: What’s the profile of a typical hacker here? Are they private cyber experts looking for money, primarily? Are they actors working for a particular government in another part of the world? Who are they?
KAREN ANDREWS: They can be any of the above. We’ve actually called out attacks from national actors – and we’ve made it very clear when we’ve been able to attribute an attack to a particular state that that’s where it’s come from. We don’t do that lightly. We need to be very clear of our facts. But there’s also serious organised crime, and it’s international; it’s transnational; basically these criminals are getting very sophisticated.
CHRIS SMITH: So this is a new public information campaign that begins today. On what formats? Television commercials?
KAREN ANDREWS: Yes, television commercials and what it’s called is “Beat cyber crime in your down time”. What we’re saying to people is: whilst you’re sitting there watching TV, now is an ideal time to do really basic things such as change your password to a passphrase.
CHRIS SMITH: We don’t do that enough, do we?
KAREN ANDREWS: No, we don’t. A passphrase is actually harder to hack into at this point in time. So, yes, make it hard.
CHRIS SMITH: Like ‘the quick brown fox jumped over the lazy dog’?
KAREN ANDREWS: Yes, absolutely – something like that. I mean, I personally would not have gone for that one; I would have gone for something like… maybe ‘purple donut elephant’ or something.
CHRIS SMITH: Yes! I like that one! Can I borrow that one, or are you using it?
KAREN ANDREWS: Actually I’m not using it.
CHRIS SMITH: Okay. I’ve got it then, you know my password! But it is the case… we have so many passwords required that we try and make it simple for ourselves by keeping a single one or two passwords, but that is what is causing us so many problems.
KAREN ANDREWS: Yes, and using the same password for every single device also makes it very difficult. Then of course when you’re using the same password for your bank accounts; I mean, once the cyber crims have cracked that password, they’re into everything.
CHRIS SMITH: Yeah, very true. Alright. We’ll keep our eyes and ears out and we’ll take the tips and hints that are all part of the public information campaign and try our best, including changing our password and don’t use the one that I said before. Thank you so much for your time.
KAREN ANDREWS: Yes. It’s a pleasure, Chris. Take care.