Back to all news articles
02/04/2020
Speaking to a CEDA audience via a national livestream, he said that while organisations are arguably now at their most vulnerable, there are simple, cheap steps that can be taken to mitigate this.
“We've got a lot of communication going through the internet, perhaps more than we normally would have and as a result of that, that is making it more vulnerable for us,” he said.
“People that carry out these crimes do not respect borders and they don't respect the fact that we have other things going on in our minds at the moment.
“It is a bit like a parallel universe… cyberwarfare and the criminal element of that.
“Here in this parallel universe you can buy passwords, you can buy company addresses… and you can use those to enter somebody's system and that's what happened to us at Austal,” he said.
Mr Singleton said this is not unusual and that many companies have passwords stolen and posted ono the dark web without their knowledge.
“Someone had bought a password and they accessed our systems, they entered our electronic building and they walked straight through the front door and they were in the core of the building, that electronic building that we operate,” he said.
“Once they got through the front door they then walked around the house from room to room, going from one place to another, one virtual server to another virtual server, and whilst those doors should have been locked on the inside of our house they weren't and somebody was able to move through quite easily.
“The way that we found out what was going on was none other than they took information from rooms inside the house, loaded them onto a memory drive, overloaded the memory drive and as a result it set off an alarm.
“The reason for the hack became very clear very quickly.
“The hacker had made a ransom demand. This was just plain criminality.
“This is an individual who just wanted to extort money from the company, in order to return our data.
“They sent an email to 50 or 60 people in the organisation and said you've been hacked, these are the bitcoins I need for me to return the data that I have stolen.”
Mr Singleton said the first step Austal took once the cyber-attack became apparent was to contact their insurance company.
“They sent their expert down and they loaded software through our system to try and find whether anything untoward was happening,” he said.
“Secondly we'd contacted the Australian Cybersecurity Centre who were particularly helpful.
“We went to look at passwords, we forced two password changes so everybody had to change their passwords twice over a 24-hour period.
“At the end of that we ran a routine that allowed us to look through everybody's passwords in the company and there were 40 versions of these two passwords, which taught me something really important in all of this, the weak link in any system can often be your people. Even after a cyber-attack people were using password123 and austal123 as a password.
“We put in a new piece of relatively cheap software, which allows you to make the system demand much more complex passwords, so we now have a regime in the company where passwords are complex, they are changed frequently and you can't use the password twice.
“The next thing we did was we turned on the multi-factor authentication process inside the Windows environment, that's always been there, it's free, we just hadn't utilised it.
“This means that when somebody goes to log in from outside of the company, they get asked to authenticate that by an SMS message or some other message that goes through to their mobile phone.
“The head of the Australian Cyber Security Centre said to me at the beginning of all of this, you need to remember all the way through this process that you are the victim, you will be shamed as a victim and people will start to point to you as being the problem.
“If enough people talk about the pain of this, the difficulty of this, the cost of cleaning up afterwards, the disruption to your business, and to us it was relatively light but maybe more people will do some of these simple things that I've talked about, that can make a fundamental difference”
“We've got a lot of communication going through the internet, perhaps more than we normally would have and as a result of that, that is making it more vulnerable for us,” he said.
“People that carry out these crimes do not respect borders and they don't respect the fact that we have other things going on in our minds at the moment.
“It is a bit like a parallel universe… cyberwarfare and the criminal element of that.
“Here in this parallel universe you can buy passwords, you can buy company addresses… and you can use those to enter somebody's system and that's what happened to us at Austal,” he said.
Mr Singleton said this is not unusual and that many companies have passwords stolen and posted ono the dark web without their knowledge.
“Someone had bought a password and they accessed our systems, they entered our electronic building and they walked straight through the front door and they were in the core of the building, that electronic building that we operate,” he said.
“Once they got through the front door they then walked around the house from room to room, going from one place to another, one virtual server to another virtual server, and whilst those doors should have been locked on the inside of our house they weren't and somebody was able to move through quite easily.
“The way that we found out what was going on was none other than they took information from rooms inside the house, loaded them onto a memory drive, overloaded the memory drive and as a result it set off an alarm.
“The reason for the hack became very clear very quickly.
“The hacker had made a ransom demand. This was just plain criminality.
“This is an individual who just wanted to extort money from the company, in order to return our data.
“They sent an email to 50 or 60 people in the organisation and said you've been hacked, these are the bitcoins I need for me to return the data that I have stolen.”
Mr Singleton said the first step Austal took once the cyber-attack became apparent was to contact their insurance company.
“They sent their expert down and they loaded software through our system to try and find whether anything untoward was happening,” he said.
“Secondly we'd contacted the Australian Cybersecurity Centre who were particularly helpful.
“We went to look at passwords, we forced two password changes so everybody had to change their passwords twice over a 24-hour period.
“At the end of that we ran a routine that allowed us to look through everybody's passwords in the company and there were 40 versions of these two passwords, which taught me something really important in all of this, the weak link in any system can often be your people. Even after a cyber-attack people were using password123 and austal123 as a password.
“We put in a new piece of relatively cheap software, which allows you to make the system demand much more complex passwords, so we now have a regime in the company where passwords are complex, they are changed frequently and you can't use the password twice.
“The next thing we did was we turned on the multi-factor authentication process inside the Windows environment, that's always been there, it's free, we just hadn't utilised it.
“This means that when somebody goes to log in from outside of the company, they get asked to authenticate that by an SMS message or some other message that goes through to their mobile phone.
“The head of the Australian Cyber Security Centre said to me at the beginning of all of this, you need to remember all the way through this process that you are the victim, you will be shamed as a victim and people will start to point to you as being the problem.
“If enough people talk about the pain of this, the difficulty of this, the cost of cleaning up afterwards, the disruption to your business, and to us it was relatively light but maybe more people will do some of these simple things that I've talked about, that can make a fundamental difference”