July 10, 2018. Footage from the corner of Swanston and Lt Lonsdale Sts in Melbourne for the test of one-hundred-and-thirty speakers at 65 locations across Melbourne blasting a siren and verbal warnings in the first test of the city's public announcement system, designed for use during major incidents such as terrorism acts. (AAP VIDEO/Alex Murray)
Fake emergency warnings have been sent by a hacker who hijacked the Australian Emergency Warning System.Source:istock
A hacker was able to directly message tens of thousands of Australians after infiltrating an emergency warning system used by governments.
The breach of the Early Warning Network (EWN) is believed to have occurred some time on Saturday, when the culprit sent messages via email and SMS.
“EWN has been hacked,” the message read. “Your personal data is not safe. We are tying to fix the security issues.”
The message prompted users to email a provided address if they wished to unsubscribe from the service.
EWN is used by local, state and federal governments to alert Australians to emergency situations and the database holds email addresses as well as mobile and home phone numbers.
The EWN was overtaken by a hacker and sent out false warnings to Australians.Source:Supplied
The messages told residents to send emails to the hacked account to "unsubscribe."Source:Supplied
The hacker’s text message also included a link to a website offering customer support, but it is not clear if the breach was a phishing attempt.
EWN did confirm that the attack was launched from within Australia.
According to company’s managing director Kerry Plowright, the purpose of the attack was to harm the business and they have blamed the unauthorised access on “compromised login details”.
“This event did not compromise anybody’s personal information,” Mr Plowright told the ABC, insisting hackers did not gather any personal information.
The EWN did not shut down its systems while the hacker had control of their system, which
affected were local, state and federal government warning systems.
“A number of our users have been affected,” said Dave Lacey, who runs IDCARE, a national identity and cyber support service.
Mr Lacey said these types of attacks are increasingly common and typically carried out by hackers who identify security loopholes.
“In a way it’s sad because the EWN relies on having people’s phone numbers and contact details. It’s absolutely integral to their business.
“When you look at the link (in the messages and email), it seems to be taking them back to the original company. Usually (in a phishing attack) there is a call to action to a fake link.”
Logan City Council’s post on Facebook warning residents that the messages were part of a hacking attack on the EWN.Source:Supplied
Mr Lacey explains these kind of attacks pose a risk to the reputation of the business attacked and are often paired with some attempt to extort money from the business.
“It damages the trust in the organisation,” he explained.
In a message on its Facebook page, EWN said the hacker’s messages were distributed via email, text message and landline.
“EWN staff at the time were able to quickly identify the attack and shut off our systems limiting the amount of messages sent out. Unfortunately, a small proportion of our database received this alert.
“This event did not compromise anybody’s personal information. The actual data held in our system is just “white pages” type data, we deliberately don’t hold any other personal information.
“The purpose of that notification from the person that sent it was to damage this business. It was malicious.”