Medibank hack: Australia plans to ‘hack the hackers’ as government begins new policing push

Cybersecurity Minister Claire O’Neil has vowed to bring the Russian hackers behind Medibank’s data breach to justice.

Ms O’Neil said the government is launching a new cybersecurity police operation to breach networks of hackers who steal private information from Australian citizens.

“You have the right to keep information about your health… completely private. That is your right and it was stolen from you by Russian criminals,” she told reporters in Melbourne.

“Our message today is that those crooks need to be careful.

“We’re going to hack the hackers.”

Attorney General Mark Drefyus said the joint permanent cybercrime operation targeting the hackers will be led by the Australian Federal Police and the Australian Signals Directorate in a permanent and formalized arrangement.

‘The AFP is working day and night on this problem. It works with international partner agencies…including the FBI,” he explained.

Dreyfus said diplomatic channels with Russia would be open regarding extradition, but claimed it will not slow down the work of national security services.

He called on Russia to do everything possible to ensure that people within its borders do not engage in this type of criminal activity.”

The announcement comes after AFP Commissioner Reece Kershaw confirmed that a network of Russian criminals was behind the cyber attack on Australia’s largest health insurer, Medibank.

Kershaw had a blunt message for the people responsible for the hack.

“We know who you are,” he said.

“The AFP has some important points on the scoreboard when it comes to bringing foreign offenders back to Australia to face justice.”

Kershaw said the crime could affect millions of Australians and harm an important Australian company.

“This cyber attack is an unacceptable attack on Australia and deserves a response commensurate with the malicious and far-reaching consequences this crime is causing,” he said.

Mr Kershaw said talks would be held with Russian law enforcement officers about the individuals involved, who were known but would not be named publicly at this stage.

He stressed that Russia has benefited from intelligence sharing through Interpol “and associated responsibilities and responsibilities.”

But the Russian embassy in Canberra protested Mr Kershaw’s claim about the Russian origin of the hack.

“For some reason, this announcement was made before the AFP even contacted the Russian side through the existing professional communication channels.

“We encourage the AFP to properly liaise with the respective Russian law enforcement agencies,” it said in a statement.

Opposition spokesman James Paterson said the revelation opens up the possibility of sanctions under Australia’s Magnitsky regime.

The regime, adopted with bipartisan support in December 2021, allows targeted financial sanctions and travel bans to be imposed in response to serious corruption and significant cyber incidents.

Prime Minister Anthony Albanese previously told reporters he was “disgusted by the perpetrators of this criminal act,” and he authorized the AFP chief to release the information.

The hackers have since released more sensitive details of customers’ medical records on the dark web, including data on abortions and alcohol problems.

It follows Medibank’s refusal to pay a ransom for the data, with nearly 500,000 health claims stolen, along with personal information.

Medibank has created a one-stop shop for mental health and other support services accessible to affected customers through its website.