How to report a cyber threat to Australian police
- 13 July, 2012 14:29
- Comments
It’s bad news: your organisation's website has been hit by a distributed denial of service (DDoS) attack.
Rather than sweeping the incident under a virtual rug and not reporting it to state police, there are various steps that can be taken by cyber crime units, according to one law enforcement expert. Speaking at SecureSydney 2012, New South Wales Police fraud and cyber crime squad Detective Inspector, Bruce van der Graaf, told delegates that every state in Australia has an equivalent cyber crime squad team while the Australian Federal Police (AFP) operate a high tech crime centre.
How to prepare for a hacktivist attack
However, according to van der Graaf, some recent reports of DDoS attacks on online shopping websites that have been accompanied by extortion threats have gone unreported this year. “There were three unreported extortion attempts in 2012, not one single police officer in Australia was informed of these attempts,” he says. “That’s not good because there are some things we can do in these cases.”
Contacting the right agency
If the company subjected to a cyber attack is a major financial institution, in charge of critical infrastructure such as SCADA or is a victim of a copyright offence, they should contact the AFP, says van der Graaf.
“For every other form of cyber crime, come and see your relevant state jurisdiction,” he says,
How to report the threat
For AFP-related cyber crimes, these should be reported through the AFP website or by calling the High Tech Crimes Operation centre.
Within NSW, the Cyber Crime unit requires victims to visit their local police station.
“I know it’s not that easy to go into a police station and explain to the constable behind the desk that your company has just experienced a DDoS attack,” van der Graaf says.
“We don’t mind if you call us as we can walk you through the process of reporting the incident at the local police station--they will then refer the matter to us.”
In addition, he adds that organisaitons should contact CERT Australia due to their expertise in dealing with DDoS and other forms of attacks.
Making a police report
When filing a report to a state police cyber crime unit, the report should include full disclosure of everything that took place during the incident.
“For example, a victim of a cyber incident had a complaint with a former employee who walked off and got access to certain systems,” van der Graaf says. “There was a fairly nasty exchange of phone messages between them. To his credit, the victim showed us the entire exchange.”
According to van der Graaf, state police need to know this information at the start of the investigation rather than have the individual be “caught out” in the witness box by withholding information.
“Early on in the process we also ask for a documented incident report. It may be preliminary, as long as the report tells us what is going on. There are some people who think they can make a phone call to us and everything is going to happen after that,” he says.
In addition, investigators require “full and frank” access to any IT consultants that have been engaged to look at the cyber incident.
“For example, a certain agency had a website hack in NSW and wanted us to solve it,” he says. “We asked the organisation who they had engaged to solve the problem and it was one of the big four telcos who fixed the problem.”
According to van der Graaf, the cyber crime squad asked to see the report but was told that this was privileged information. The consequence was that police were unable to investigate the incident.
“Immediate access to security logs and third party providers is essential,” he says.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Related Articles
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Spiceworks' free management software gets integrated MDM
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Leading Through Connections – Insights from the Global Chief Executive Officer Study
IBM’s 2012 Global CEO study follows face-to-face discussions with more than 1,700 CEOs and senior public sector leaders from around the globe. The findings examine how CEOs are responding to the complexity of increasingly interconnected organisations, markets, societies and governments. For example, almost one-quarter of CEOs say their organisations operate below par in terms of driving value from data. CEOs have expressed frustration about their inability to capitalise on available information. This is because: “The time available to capture, interpret and act on information is getting shorter and shorter.” CEO, Chemicals and Petroleum, United States Given the need for deeper business insight, the best performing organisations are more adept at converting complex data into insights, and insights into action. Download Entire Report Now. -
Cloud Computing for Midsize Businesses: Delivering Innovation and Efficiency
It’s time for midsize companies to start thinking differently about infrastructure. This white paper provides a brief overview of cloud computing, explains how midsize companies can benefit, and describes the steps they can take to take advantage of what it has to offer. Read now. -
BYOD and Beyond - Implementing a Unified Access Solution
The rise of BYOD programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace. Whether you are contemplating the creation of a BYOD program or currently trying to establish one, this fact cannot be overstated. Find out how to overcome these challenges.
Get exclusive access to Invitation only events CIO, reports & analysis. 
