I wrote about this earlier, I had concerns, I had questions and I had to some degree accusations. Yet that is nothing compared to now. The BBC gives us (at https://www.bbc.com/news/world-australia-63056838) ‘Optus: How a massive data breach has exposed Australia’ this shows a few sides, I was unaware of earlier. They start with “about 40% of the population – had personal data stolen in what it calls a cyber-attack” that is a lot, but Optus has a large user population. It is “Those whose passport or licence numbers were taken – roughly 2.8 million people – are at a “quite significant” risk of identity theft and fraud, the government has since said” which is close to everyone, to become most telecom members, you need 200 points of identification, which tends to include a passport or a drivers license. So when we get to “In an emotional apology, Optus chief executive Kelly Bayer Rosmarin called it a “sophisticated attack”, saying the company has very strong cybersecurity”, is that so? So when the BBC treats us to “Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data. The user contradicted Optus’s claims the breach was “sophisticated”, saying they pulled the data from a freely accessible software interface. “No authenticate needed… All open to internet for any one to use,” they said in a message, according to Kirk.” This seems like there is a serious flaw in the Optus system, and when we revisit the statement from Kelly Bayer Rosmarin “I’m disappointed that we couldn’t have prevented it,” she said on Friday”
I tend to side with the less diplomatic version of me stating to Kelly Bayer Rosmarin “Do you know that the condom is also used to stop making you fat? It is not just for the prevention of STD’s” now I might be ejaculating a bit premature (aka was Jeremy Kirk told a BS story or the truth) but if this is true, then Optus failed on a few levels. Protecting the data, protecting the servers and protecting their customer base. You see, the software interface might have allowed for injection of a backdoor making the Optus system now close to completely unreliable. The fact that there is a freely accessible software interface in play implies that its IT security failed, the data was collected and that happened without any red flags on access and transfer of data and we see the fact that all the data is accessible, from way too many places and that is the telecom company that Australia trusts? It gets to be even worse when we look at the article (at https://www.afr.com/companies/telecommunications/optus-hack-could-happen-to-anyone-ex-telstra-boss-warns-20220928-p5blrg) where we are given ‘Optus hack ‘could happen to anyone’ ex-Telstra boss warns’, a wannabe from the stables of Telstra, an immature greedy Microsoft minded telecom. There we see “Former Telstra chief executive David Thodey says the cyberattack on Optus “could happen to anyone” and urged all big and small organisations to be “vigilant” about online security”, Well David, if the information from Jeremy Kirk holds true, you better hope that you have a better cyber and IT security division, more importantly if this level of stupidity can happen to EVERONE, your systems ALL SUCK! And in my personal opinion you all need an overhaul and a 80% wage reduction. This level of stupidity when it comes to personal data is too stupid for any of you to be taken seriously as so called ‘captains of industry’ as such, please apply for an Uber or barber position.
Now this seems overly emotional, but these are the kind of people who judged me a not being professional and THEY set data next to an open interface? This is the 101 of stupidity. OK, if JK was told a bag of lies I would owe a few people an apology, but that is for tomorrow, for now it seems that a lot of people are not aware of the level of stupid their telecom company hung their personal data on and that is more than a simple investigation, there are plenty who will pay handsomely for that much personal data. The US, Russia, India and China. 4 players willing to pay twice what the hacker wanted and they will not ask questions. A whole collection of personal data that can aid in creating deeper learning personalised rainbow tables, a whole battery of data from all kinds of social media that can now be used for granularity and a whole range of other data sets that can now be completed. And it all hangs on a (currently unconfirmed) version of a freely accessible software interface. “No authenticate needed”. How angry would you be hen these so called professionals charged you again and again and as they changed membership status so that they had more legal options. And they are not held to account? Yes, I would be angry and I am (for now still) with Optus, I get to be angry, my data is out there. So how would you feel?