Cory Bernardi, AFP officers and judges hit by hacking
THOUSANDS of Australian government officials, including federal ministers and senior defence officials, are among the victims of a massive Yahoo data hack.
Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, Shadow Health Minister Catherine King and Liberal senator Cory Bernardi were among the victims of the hacking, ABC reports.
InfoArmor, a US cybersecurity firm which investigates data theft, told the ABC the data was stolen from Yahoo in 2013 by a hacker organisation from Eastern Europe.
The stolen database contains email addresses, passwords, recovery accounts, and other personal identifying data belonging to more than 3000 Australian officials.
Australian Federal Police officers, diplomats, judges and magistrates were also reportedly affected.
According to InfoArmor, the Yahoo accounts were sold to cyber criminals and what is believed to be a foreign intelligence agency for the equivalent of AU$401,400 each.
The ABC reports it was able to identify the Australian officials because they had used their government emails as backup accounts in case they forgot their passwords.
The Prime Minister's Cyber Security Special Advisor Alastair MacGibbon told ABC criminals could exploit the content of those accounts, if for example the victim recycled a password.
InfoArmor's chief intelligence officer Andrew Komarov told the ABC the hackers were cyber-criminals motivated by profit, not a state-run entity.
Mr Komarov said the organisation had years to exploit the data, making it difficult to determine what happened and how many government employees could have been compromised.
"This group has no presence on any forums or marketplaces," Mr Komarov said.
"In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking."
"They sell their data indirectly using some trusted channels, contacts and proxies.
"Not through any marketplaces or forums because of their security measures, they don't need it.
"They have pretty serious contacts in the underground and some trusted rounds of various cybercriminals with whom they work."
Most of the politicians reportedly affected by the hack declined to comment but one adviser told the ABC some accounts linked to politicians could have been set up by staffers.
A spokeswoman for Mr Porter told the ABC "as far as the Minister is aware he has never used a Flickr account", while a spokesperson for Senator Bernardi said "to the best of his knowledge, [senator Bernardi] doesn't have a Yahoo account."
A Department of Defence spokesperson told the ABC it had notified its employees after it was informed of the hack last October, via NSW Police, two months before Yahoo announced the massive breach.