em360tech image

Hackers have accessed the court recording database of Australia’s Victoria State in a cyber attack that hit the court’s audio-visual (AV) technology network. 

Court Services Victoria (CSV) first became aware of the attack on 21 December but it is believed the AV technology network was first compromised on 1 November. 

Video and audio recordings of hearings in the supreme, county, magistrates and coroner’s courts may have been accessed over this seven-week period, but hearings from before November may also have been affected. 

“The potential access is confined to recordings stored on the network,” Anderson said in a statement.“No other court systems or records, including employee or financial data, were accessed.

The stolen recordings reportedly include an October recording from the children’s court – which has strict restrictions to protect the identities of minors – as well as at least two cases involving historical and child abuse. 

Recordings of some Supreme Court hearings and several committal hearings in the magistrates courts were also hit hard. All county and coroner’s court hearings recorded on the network may have also been affected.

“We understand this will be unsettling for those who have been part of a hearing,” Anderson said. “We recognise and apologise for the distress that this may cause people.”

“The affected network was quickly isolated and disabled to ensure operations could continue across the courts,” Anderson added.

“YOU HAVE BEEN PWND”

The attack was discovered on December 21 in the lead-up to the Christmas break, when staff were locked out of their computers and messages appeared on screens reading "YOU HAVE BEEN PWND".

The message directed court staff to a text file, in which hackers threatened to publish files stolen from the court system, and directed them to a website on the dark web with instructions on how to recover the files.

In an updated statement published this morning, the CSV said it “took immediate action to isolate and disable the affected network and to put in place arrangements to ensure continued operations across the courts. As a result, hearings in January will be proceeding."

"Maintaining security for court users is our highest priority. Our current efforts are focused on ensuring our systems are safe," the statement added. 

Witnesses and other participants in hearings where recordings may have been accessed will also be notified, the CSV said, while a dedicated support contact centre has been set up. 

Acting Premier Ben Carroll said the CSV and Victoria police were working closely with CSV, but that no court operations were not affected.

"I understand that this attack has essentially been confined, and all court cases, all hearings, all evidence, all procedure is thoroughly protected. We are very confident that we will get to the bottom of it," he said.

“If anyone has any evidence, they are encouraged to come forward,” he said on Tuesday. “But I know, from my advice this morning, that this has been … a hack that has been well contained.”

Likely Russian Cyber Attack

Independent cyber security expert Robert Potter, who has seen evidence of the attack, told ABC News the court system had likely been hit by a Russian phishing attack, using commercial ransomware known as Qilin.

"They take the data out, and then encrypt it,” Potter said. If you don't pay, they leak your data, and you will never access it."

qilin ransomware cyber attack
Example of Qilin ransomware note. Source: SalvageData

CSV is just the latest government organisation to fall victim to Russian ransomware hackers. The UK government recently blamed Russia’s Star Blizzard intelligence service, for years of cyber attacks targeting public British institutions, politicians and journalists. 

The Russian ransomware gang LockBit was LockBit was also responsible for the ransomware attack on the NHS last summer, which forced crucial medical systems offline and forced doctors to keep patient records on pieces of scrap paper.