Hacker uses early warning system for fake message campaign – Naked Security

0
47
Hacker uses early warning system for fake message campaign – Naked Security


Australians got scary texts, emails and phone calls from a trusted emergency warning service late last week after a hacker broke into its systems and used it to send fake messages.

On 5 January, the intruder compromised systems operated by the Early Warning Network, an Australian company that provides early warning information about severe weather events and bushfires to clients across the country. Started in 2007, the company provides emergency warning services to federal, state and municipal government clients to help protect their citizens.

The hacker used EWN’s systems to send messages to citizens via email, landline phone calls, and SMS. The messages, sent from alerts@ewn.com.au, were titled “EWM Hacked – Privacy Alert” and read:

EWM has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues. Please email support@ewn.com.au if you wish to subscribe. ewn.com.au ASX AER

The company moved quickly to fix the problem, catching the attack and shutting off the system. Nevertheless, a “small proportion” of its database received the alert, it said in a Facebook notice. Reports indicated that tens of thousands of people had been affected.

On Monday the company updated its post, adding that the hacker had hijacked a legitimate account to login and post the nuisance spam. It also dismissed fears that the link in the nuisance message could have been a phishing attempt, adding:

The link used in this alert were [sic] non-harmful and your personal information was not compromised in this event.

Luckily, Aussies are a savvy bunch. Comments on the Facebook post came mostly from people who said they had received the message and deleted it as suspicious, although a handful said that they had clicked on the link and were now worried. To its credit, EWN answered these comments – along with direct emails – reassuring concerned citizens that the message wasn’t a threat and their personal information was safe.

Some municipal councils in Australia that subscribe to EWN services and distribute alerts to their citizens also reposted the company’s warnings.