Archetyp Links

GUEST OPINION: The modern hacker is just as likely to be a teenager working from the Australian or US suburbs as a state sponsored operative working in North Korea or Russia, according to Google’s John Hultquist. The Google executive, who as chief analyst at the Threat Intelligence Group is the company’s top cyber security expert, said that while the popular idea of the hacker is someone working from outside a western country the reality is that increasingly they are working from within. The recent hack targeting Qantas, which attacked the airline’s Manila contact centre, saw the personal data of nearly six million customers compromised and was believed to be the work of a hacker group called Scattered Spider, which had attacked other airlines in the past. Speaking at a recent Google event in Sydney, Hultquist said there is no concrete evidence that Scattered Spider was responsible for the Qantas attack, although he said it had all the hallmarks of the group. Scattered Spider attacked casinos in 2023, then turned their attention to the UK retail sector, and then hit insurance and now airlines. One of the remarkable things about Scattered Spider, said Hultquist, is that they are likely to be a group of teenagers, many of them under 18, based in the US, UK and Australia – all part of the Five Eyes intelligence alliance countries. “This is a coalition of very young English speaking kids who have coalesced around chat rooms, and they’ve been involved in everything from sextortion and SIM swapping and ransomware,” he said. “They are making tens of millions of dollars from it in crypto currency.” Hultquist said one of the issues around prosecuting these groups is that, very deliberately, many of the main operatives are minors. “They recognise the value of grooming and recruiting children, because they potentially don’t have to worry about law enforcement repercussions,” he said. “The other reason is that they can take jobs in places like phone stores, and get the access that the group needs, so there is a pipeline of kids coming into this space.” While the teenagers from Scattered Spider do their thing, Hultquist also said state actors are continually busy infiltrating companies and government agencies. They are not necessarily spying or stealing, but understanding how to gain access so that, if they deem it necessary, they can disable critical infrastructure such as air traffic control and energy generation. It is a 21st century version of the Cold War being played out continually in the cyber realm. Hultquist cites some recent victories for the “white hats” in their battle against hackers, and mentions the case of Arizona woman Christina Chapman, jailed for eight months in July, who operated a “laptop farm” for North Korea. She was sent laptops, ultimately 90 of them, each of which ran under a distinct user profile and were accessed by remote actors in North Korea. The laptops enabled the scammers to appear that they were located in the US, and from there they wormed their way into the heart of some of the companies in the Fortune 500, stealing the identities of almost 70 people and generating over US$17m for the North Korean Government. The point of the story is that this is a model which the state sanctioned North Korean hackers are seeking to deploy around the developed world, including in Australia and New Zealand. Hultquist said that the scammers are so prolific that they are among the world’s biggest holders of crypto currency, and are funding a large part of their country’s nuclear weapons program. “It’s great news for the United States that they caught this person, but it’s bad news for everyone else, because if they’re feeling the heat in the United States, you know they will move their operations to wherever else,” he said. “We can see them pushing into other areas such as Europe, Australasia, and Asia to carry this stuff out because it’s a very successful money maker.”