Cyber Defense Advisors

Courts service “PWNED” in Australia, as hackers steal sensitive recordings of hearings

Graham CLULEY

January 03, 2024

Promo Protect all your devices, without slowing them down. Free 30-day trial

Hackers are believed to have successfully accessed several weeks’ worth of sensitive video and audio recordings of court hearings, including one made at a children’s court where the identities of minors are supposed to be particularly critical to protect.

The ransomware attack happened on the computer systems of Victoria’s Court Service in Australia, and is believed to have extended from 1 November 2023 until the network compromise was detected nearly two months later on 21 December.

The first that staff knew about the issue was when they were locked out of the PCs in the run-up to Christmas, with messages reading “YOU HAVE BEEN PWNED” appearing on their computer screens.

Media reports describe how staff were directed to instructions that pointed them to the dark web in order to make ransom payments if they did not want stolen data to be published.

Court Services Victoria (CSV) declared to share details of who might be responsible for the cybersecurity breach, but commentators have pointed the finger of suspicion at the Qilin (also known as Agenda) ransomware-as-a-service group.

However, at the time of writing, the latest claimed victim announced on Qilin’s extortion blog is Serbian energy company EPS – reportedly hit by a ransomware attack before Christmas.

In an FAQ published on its website, CSV shared some limited details of its “cyber incident” which saw unauthorized access to its audio-visual in-court technology network, and admitted that it was possible that some hearings before 1 November are also affected – including the children’s court case which was held in October 2023.

Amongst those hit were the the Supreme Court, with recordings from the Court of Appeal, the Criminal Division, the Practice Court, and two regional hearings in November potentially accessed.

“Maintaining security for court users is our highest priority.  Our current efforts are focused on ensuring our systems are safe and making sure we notify people in hearings where recordings may have been accessed,” said CSV CEO Louise Anderson. “We understand this will be unsettling for those who have been part of a hearing.  We recognise and apologise for the distress that this may cause people.”

No other court systems or records are said to have been accessed or impacted, which are separate from the audio-visual network.

The good news is that CSV says it took immediate action to isolate and disable the affected network, and that hearings at the court have not been prevented from continuing by the cyber attack.

Ben Carroll, acting premier of Victoria, said that the CSV and Victoria police are working closely together on the investigation into the attack, and that anyone with useful information is encouraged to share it with the authorities.