How to report a cyber threat to Australian police
- 13 July, 2012 14:29
It’s bad news: your organisation's website has been hit by a distributed denial of service (DDoS) attack.
Rather than sweeping the incident under a virtual rug and not reporting it to state police, there are various steps that can be taken by cyber crime units, according to one law enforcement expert. Speaking at SecureSydney 2012, New South Wales Police fraud and cyber crime squad Detective Inspector, Bruce van der Graaf, told delegates that every state in Australia has an equivalent cyber crime squad team while the Australian Federal Police (AFP) operate a high tech crime centre.
However, according to van der Graaf, some recent reports of DDoS attacks on online shopping websites that have been accompanied by extortion threats have gone unreported this year. “There were three unreported extortion attempts in 2012, not one single police officer in Australia was informed of these attempts,” he says. “That’s not good because there are some things we can do in these cases.”
Contacting the right agency
If the company subjected to a cyber attack is a major financial institution, in charge of critical infrastructure such as SCADA or is a victim of a copyright offence, they should contact the AFP, says van der Graaf.
“For every other form of cyber crime, come and see your relevant state jurisdiction,” he says,
How to report the threat
For AFP-related cyber crimes, these should be reported through the AFP website or by calling the High Tech Crimes Operation centre.
Within NSW, the Cyber Crime unit requires victims to visit their local police station.
“I know it’s not that easy to go into a police station and explain to the constable behind the desk that your company has just experienced a DDoS attack,” van der Graaf says.
“We don’t mind if you call us as we can walk you through the process of reporting the incident at the local police station--they will then refer the matter to us.”
In addition, he adds that organisaitons should contact CERT Australia due to their expertise in dealing with DDoS and other forms of attacks.
Making a police report
When filing a report to a state police cyber crime unit, the report should include full disclosure of everything that took place during the incident.
“For example, a victim of a cyber incident had a complaint with a former employee who walked off and got access to certain systems,” van der Graaf says. “There was a fairly nasty exchange of phone messages between them. To his credit, the victim showed us the entire exchange.”
According to van der Graaf, state police need to know this information at the start of the investigation rather than have the individual be “caught out” in the witness box by withholding information.
“Early on in the process we also ask for a documented incident report. It may be preliminary, as long as the report tells us what is going on. There are some people who think they can make a phone call to us and everything is going to happen after that,” he says.
In addition, investigators require “full and frank” access to any IT consultants that have been engaged to look at the cyber incident.
“For example, a certain agency had a website hack in NSW and wanted us to solve it,” he says. “We asked the organisation who they had engaged to solve the problem and it was one of the big four telcos who fixed the problem.”
According to van der Graaf, the cyber crime squad asked to see the report but was told that this was privileged information. The consequence was that police were unable to investigate the incident.
“Immediate access to security logs and third party providers is essential,” he says.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- The TCO and Security of Enterprise Grade Mobility
- Information Security, Virtualisation, and the Journey to the Cloud
- FAQs: How to break the old trade-off between effectiveness against malware and speed
- ESG - Understanding and Addressing APTs
- Addressing PCI DSS Requirements with Trend Micro Enterprise Security
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
Governance For All - Empowering IT and Business Content Owners
Governance for all is more than an IT initiative or a goal written in a plan document; it’s a strategy that unites IT and business content owners to achieve their SharePoint goals. At its best, governance means empowering self-governance, with tools like delegated access, effective reporting, and automated policy enforcement. This white paper explains how to create a “governance for all” strategy that will enhance SharePoint adoption and its benefits to the organization. Read now.
Pathways Advanced ICT Leadership Development Program Course Outline and Big 6 2013
Developed by the CIO executive Council in conjunction with Rob Livingstone Advisory, Pathways Advanced is a 12-month CIO delivered, small group, mentor based professional leadership development program. Pathways Advanced brings together best practice, thought leadership and business insights for today’s most promising ICT professionals
Vodafone Ireland Implements World-Class Service Excellence with HP BSM
Shane Gaffney, head of IT operations explain how HP Business Service Manager solutions have helped Vodafone to transform from a reactive to a proactive IT Operations function, and to align their priorities to match the business and drive business value, delivering 300% ROI in one year. Download today.