Mr Karl Hanmore, acting Head Australian Cyber Security Centre, interview with Wendy Harmer and Robbie Buck on ABC Radio Sydney, 27 March 2020
WENDY HARMER: Well, you can go to NSW Health, of course, for all the latest on the coronavirus and don't forget to go to the ABC web page as well. We have heaps of stuff there for you to look at: all the latest advice, all the latest maps and stats and everything that you need there.
And, of course, it's during a time like this it's no surprise that some seek to make hay out of it. It's sad, but there is a lot of malicious stuff and misinformation going around at the moment. Scams, especially, are ramping right up and so much so that the Australian Cyber Security Centre, which is part of the Federal Government's Australian Signals Directorate, that's the monitoring body - well, the body monitoring our cyber traffic, they are issuing a late warning early this morning but just ahead of that, let's speak with the acting head of the centre, Karl Hanmore, and he joins us today at ABC Breakfast. Thanks very much, Karl.
ROBBIE BUCK: Hello there, Karl? Do we have Karl? No, we don't have Karl, it doesn't appear.
WENDY HARMER: He's not just there at the moment.
ROBBIE BUCK: Hang on a sec, here he is. Hello there, Karl. Sorry.
KARL HANMORE: Good morning, how are you?
ROBBIE BUCK: It was my mistake. I was expecting you on a different line. Sorry about that. Tell us what's going on and why you're so concerned?
KARL HANMORE: Look, there's a whole range of what we call spear phishing and phishing attacks going on at the moment. These sorts of things are where you get messages. They sometimes look legitimate, other times they're a bit easier to spot, and it's really cyber criminals trying to find a way of parting you from your hard-earned money and these sort of bad guys are out there all the time. Their day job is to steal our money and they do that with sending SMSs or email messages that will look fairly official and asking you to click a link. Click a link to learn more about the coronavirus, we're seeing a bunch of that. Click a link and then download a file so that you can update a form to get free money from the government, also a scam, and seeing a whole bunch of that right now. We're just hoping we can make Australians aware of it so that they don't have two crises to deal with.
ROBBIE BUCK: It is a confusing time, though. We had the manager from Services Australia, who deals with Centrelink, saying there were people who were applying for benefits who were going to be cold called, basically, from a non-identifiable number and asked personal details so they could confirm the identity of that person. So I guess at the moment it's a really ripe occasion for these kinds of scams to be taking place.
KARL HANMORE: And so the trick, I guess, for all of us is be alert, right? So the old be alert but not alarmed, be cyber alert but not cyber alarmed. And so if things seem a bit out of place, do some things to check and we can all do basic things. Certainly with things that come through electronic channels like SMS or email, it's a case of having a real careful look at it. If in doubt, if there's any doubt at all, just go to the official website for the organisation to see if you can verify it that way. Doing a quick Google to see if other people are reporting the same potential scam that you're seeing or, you know, call registered organisations on their listed number, not the number that they will provide you in their scammer traffic, to make sure that you can actually get the legitimate advice.
WENDY HARMER: You have seen a pretty sharp growth in this, I believe Karl. Can you give us some numbers?
KARL HANMORE: Yeah, look, the traffic is sort of greatly increasing. If we look at cybercrime activity more broadly, so not just this COVID-inspired set of scams, but what the normal sort of harm to the community is looking like, we're getting people self-reporting about 145 cybercrime incidents to us a day and their self-reported losses are in the order of just under $1 million a day.
Now, certainly we're seeing some upticks now in the COVID space and it's still the same, most likely the same cyber criminals just trying to go about their normal day job of stealing from us all, and instead of perhaps being something today with a topical media story, they are now all coalescing behind COVID-19 as the one thing they know we're all interested in right now.
ROBBIE BUCK: Can you give us some examples of what we might be looking at?
KARL HANMORE: Yes. So a couple of sort of good examples. Let's talk maybe about a SMS phishing campaign first. So people have been receiving text messages. This one is about a week old now but we keep seeing the bad guy behind it changing their messages slightly to get past all the blocks we're putting in place. You get a message like, "You've received a new message regarding COVID-19 safety line and how to get tested in your region. Visit…", and then they will provide a link to a website. Now if you click on that link, your phone will redirect to that website and the bad guys will download what we call malware, or a computer virus, onto your phone. In this particular scam that's all about that virus will steal your banking credentials, so the next time you log into your bank, they will try to make off with all your money.
WENDY HARMER: That's terrifying. Yep, okay, so that's one. Give us another one.
KARL HANMORE: So other sort of probably quite effective ones we're seeing come around is, "Here's a form to fill out. If you fill out this form, click on the click, download the document. We, the government, will give you $2,500 so please open this form up." And in the particular one I'm looking at here, they also included the password for you to type in to open up the form, which is always a bit of a tell, because that's the bad guys trying to make sure that we can't see into their evil document on the way past. No-one legitimate is going to send you a password via text for a document that they're also sending you.
ROBBIE BUCK: Karl, I'm just trying to think if I receive anything on my phone that is offering me anything at all, I take it just don't click on it and the same with emails? Is that where we're at with this because otherwise it's going to be incredibly difficult to know which is fair dinkum, and which one isn't?
KARL HANMORE: Look, it's super hard to tell what's fair dinkum and what isn't. I can tell you what I do personally, right? If I get a message from someone who I've been dealing with and I expect that message, I'm more willing to sort of trust that as probably being okay. If I get something that's unsolicited, I didn't ask for it, I'm not going to click the link. I will look at who it's reportedly from, if it's reportedly from my bank, I will give my bank a call and say, "hey, did you just ask me to click a link?" And most times they will say no.
ROBBIE BUCK: We have a call here from Andrew who is in Camden. Good morning.
CALLER: G'day Wendy, Rob, how are you going?
ROBBIE BUCK: Yeah, good, mate. You've got a Netflix scam to tell us about.
CALLER: Yeah, the one I got yesterday was from Netflix, supposedly, and obviously it wasn't. Now everyone's on Netflix trying to fill in the day, I guess, at the moment. It said “sorry to see you go", and it's basically said that the account's going to be closed down and the address where it came from looked like it was very much Netflix. So I actually - I never click on an email link, I went back to the website and had a look and, yeah, there's no way that I was leaving Netflix at the time and it was obviously just a scam to be able to get my account information because it was saying "You had ended your subscription because you were no longer going to pay for it", basically.
ROBBIE BUCK: Okay, so just another one to add to the list there, Karl.
KARL HANMORE: Absolutely, and we will see - the real bad news for all of us, right, these reprobates are out there doing this, they're just after our money. So they will change whatever they can to get through. So from the Cyber Security Centre's perspective, we work really closely with a number of our telcos and ISPs. So I would like to sort of thank them for their help on blocking these to protect Australians. But, of course, the bad guys still want your money, so they will come up with a new idea and a new scam and they will be sending out a new one the next day or two after we've stopped the one they're currently running on.
So I think that Netflix scam you've just heard about is a really good way to be reminded that it won't necessarily be COVID themed. People are just trying to steal our money and so the way to stay safe is not clicking on the link, don't open attachments.
The other scam, which is an old one, but I'm expecting we'll see it rear its head again, is people offering to fix your computer, maybe they will offer a free upgrade or something because of the coronavirus. Never ever let someone remotely get into your computer, otherwise they're going to do all sorts of horrible things to you.
ROBBIE BUCK: Yeah, alright.
WENDY HARMER: You watch the traffic there at the signals directorate. Where does it come from? Is there any particular part of the world or is it domestic? Do you know?
KARL HANMORE: Who's the bad guy? It's a great question. These are global organised crime organisations. So right now, we've got reporting of actors in eastern and western Europe, as well as Asia and Africa. So it's not a real narrow geography that we could just say, "well, all these people are doing it and they're from one part of the world." I guess the thing that your listeners may not be aware of is this is actually proper organised crime.
So there's a criminal ecosystem that underpins these sorts of scams. You might have one person who is really, really good at designing the email message or the SMS, and that's the only service they provide. They're almost like a criminal graphic design organisation and then they will work with a separate organisation of criminal software developers who will write the virus to impact your phone or your computer and then they will work with some criminal sort of IT providers or mail providers to help distribute those messages, and they will each take a cut of our hard-earned money as it goes through the criminal ecosystem. So these are quite sophisticated actors.
WENDY HARMER: And sounds like a lucrative business.
ROBBIE BUCK: Anne's got one more for us this morning. Hello, Anne.
CALLER: Good morning. Look, thank you for your show and for the support you're giving us and the humour. Look, I subscribe, or I get emails from a well-known dress shop, I'll mention it, it's Noni B. Anyway, yesterday I got one from them. I got one the day before, which was a bit strange. I just deleted it straight away. I get them regularly, SMSs on the phone. Yesterday I got one selling masks and hand sanitisers and I just thought that's just ridiculous. They're closed so I deleted it. So I just wanted to mention that.
ROBBIE BUCK: Another one on the long list there, I think, Anne.
KARL HANMORE: And I think one of the important things for people to be mindful of - that's really interesting that one. If I received that and I wasn't sure I'd just give them a call and see what they had to say. But it's important to note that sometimes the message will look legitimate. It will look like somebody you deal with, like Netflix. It’s pretty easy for the make the bad guys to make something look legitimate. So if in doubt, don't click the link, just give them a call.
ROBBIE BUCK: Alright, there's the advice. Good on you, Karl. Good luck with it.
KARL HANMORE: Thanks very much.
ROBBIE BUCK: Cheers. An ongoing arms race.
WENDY HARMER: Thank you. Good luck one and all.
ROBBIE BUCK: I reckon. Good luck to all of us, gosh. I mean -
WENDY HARMER: I just feel like a sitting duck here at the moment, quack, quack, quack. I couldn't be -
ROBBIE BUCK: Couldn't the criminals just take a few weeks off like so many others, really? I mean it's just not fair.
There is Karl Hanmore, the head of Australian Cyber Security Centre and part of the Federal Government's Australian Signals Directorate.