A hacker obtained an unauthorized access to the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS
A hacker breached the Australian Early Warning Network over the weekend and abused it to send out an alert via SMS, landline, and email to the subscribers of the Aeeris firm that provides the service.
The Early Warning Network service provides a multi-channel alert system that leads the world in capability. The company Aeeris allows Australian authorities to send emergency alerts regarding natural disasters or incident responses.
The message sent by the hacker unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.”
“A hacker has been able to send messages via text, email, and landline to tens of thousands of people across Australia after an emergency warning alert service, used by councils, was hacked.” reported the ABC news.
“The message sent from the Early Warning Network on Friday night warned “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues”.
The message included a link to a support email address and a website.
According to the EWN, an attacker gained access to the company system on January 5th at 9:30PM EDT and sent out alerts to Queensland residents.
The attacker used the credentials of an authorized person, at the time is not clear how it obtained them.
When the company staff noticed the abuse turned off the system to stop the unauthorized messages. The messages were sent only to a portion of the subscribers at the service.
“At around 930pm EDT 5th January, the EWN Alerting system was illegally accessed with a nuisance message sent to a part of EWNs database. This was sent out via email, text message and landline. EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out. Unfortunately, a small proportion of our database received this alert. Our systems are back up and running providing ongoing alerts for severe weather and natural hazard events. Investigations are continuing with police involvement.” reported the warning published by the company.
“Update 11am EDT 7th January: The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers. The link used in this alert were non-harmful and your personal information was not compromised in this event. Investigations are continuing with the Police and Australian Cyber Security Centre involved.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.