Hackers ROAST ‘Optusdata’ Viend For Their ‘Unprofessional, Amateur Hour And Stupid’ Hack Of The Telco: ‘In Over Their Head’
- Hacker behind the Optus data breach withdrew from their ransom demand
- Colleagues in the hacking community describe the perpetrator as an ‘amateur’
- Cybersecurity experts have said there was nothing ‘sophisticated’ about robbery
Hackers are mocked at the ‘Optusdata’ hacker who stole the personal information of more than 10 million Australians after demanding a $1.5 million ransom – then apologized.
The hackers published one batch of data, containing the details of 10,000 Optus customers, before withdrawing from the ultimatum in a series of messages to an online forum used by the hacking community.
Optus has said it was the victim of a sophisticated attack, but the hacker’s colleagues have labeled the cyberthief a “script kiddie” who “got over their head” and panicked.
The term is used unflatteringly by the community for someone who uses automated programs to infiltrate computer servers and websites.
The hacking community has labeled the perpetrator of the Optus cyber heist an ‘amateur’
Optusdata’s post in which they withdrew from their ransom demand (pictured)
‘There was nothing sophisticated about it,’ said cybersecurity consultant Shubham Shah the Australian.
Shah made his name as a teenager finding vulnerabilities in computer systems for global tech giants such as Facebook, PayPal and Uber.
He famously made a small fortune in 120 days collecting rewards known as “bug bounties” — hackers paid by companies to inform them of the ways in which their systems can be hacked.
Shah claimed the information was released through “an endpoint where someone forgot to authenticate, and unfortunately we see that all the time.”
The hacker withdrew after initially threatening to release 10,000 customer data every day for four days until Optus paid the ransom.
‘Too many eyes. We will not sell (sic) data to anyone. We can’t if we even want to: personally deleted data from disk (copy only),’ the hacker said in a statement.
Fellow users on the forum where Optusdata posted their demands were quick to criticize the heist.
“Optus would probably have paid you a lot to quietly plug the leak. No too smart. If you’re going to steal data, by all means don’t be an amateur,” one user wrote.
“It was a pretty stupid move to start with,” said another.
“Not very professional work,” said a third.
“Script kiddies at their best,” added a fourth.
Optus CEO Kelly Bayer Rosmarin (pictured) claimed customer data was encrypted and the telco was “doing everything they could” to prevent the hack
Even if the hacker was a member of a gang, they could very well be a teenager.
Police in the UK have arrested several 16- and 17-year-olds this year who are allegedly senior members of the infamous hacking group Lapsus$ that has infiltrated tech giants such as Microsoft and Samsung.
Optus requires 100 points of identification when signing up new customers, which resulted in them having the driver’s license, passport, Medicare and bank details of millions of Australians.
Those caught up in a massive breach will be able to change their driver’s license numbers and get new cards, with the telco expected to bear the multimillion-dollar cost of the switch.
The governments of NSW, Victorian, Queensland and South Australia began work on Tuesday evening to clear the bureaucratic hurdles for anyone who can prove they are victims of the hack.
Optus said it will offer “the most affected” customers the chance to purchase a one-year subscription to its credit monitoring service Equifax Protect at no cost.