Nigel Phair, from the Center for Internet Safety at the University of Canberra, talks about the massive breach that’s seen Medicare details being sold on the Darknet
Introduction: Medicare details for sale on the darknet
Ross Greenwood: Well, here’s a concern about your security that makes you really shake your head and wonder why. That is, according to reports in The Guardian newspaper and its website, your Medicare card numbers are now available potentially for sale on a part of the internet known as the dark web. Now, how this occurs, as I say, your biggest belief because it’s the type of information that should be quite secure. It means your identity could potentially be stolen and also that people are prepared to pay good money to be able to gain an Australian identity.
Well, Alan Tudge, who is the minister of human services and responsible for Medicare, he today has ordered an investigation not only by his own department, but also for the Australian Federal Police, to start to look at why this has occurred. Now, the revelations came after the journalists from The Guardian, and good piece of work this was, was able to buy their own Medicare details from a trader on the Darknet illegally selling the information. It was an incredible thing to be able to imagine that would occur. If that journalist was able to do it, well, could you technically go out and buy your own
Nigel Phair is with the Centre for Internet safety at Canberra University he joins me now. Nigel, this is something that most people would be gravely concerned about, I would have thought.
Interview: Nigel Phair, Centre for Internet Safety, Canberra University.
Nigel Phair: I would have thought greatly personified, Ross.
Ross Greenwood: In that sense, Nigel, just explain exactly what the Darknet is for somebody who hasn’t heard about that, and what is it that this could have occurred?
Nigel Phair:Sure. The internet has three areas; we’ve got the normal web which you might use Google or perhaps Bing to just do your normal web surfing and look up various websites etc. Then as we move on, we have the Deep Web, which is the normal pilot of work but isn’t yet indexed by search engines. Then we move into the dark web which is neither publicly-accessible nor indexed. To get that, you need to use a browser known as Tor, a specific software that you can download. That’s how you get access to the dark web.
Ross Greenwood: In that regard also, it’s one of these important things, Nigel, that if people can’t get access to the dark web, my understanding is there’s a whole lot of nefarious information and things that are available for sale there. This is the way in which people with illicit and highly illegal activities continue to conduct their trade.
Nigel Phair:Absolutely, it’s a completely anonymous place to go. Because of the Tor software, you anonymize and hide your tracks when you get there. It’s where everything is for sale: illicit drugs, contraband, hit men. You name it, it’s there.
Ross Greenwood: Then go back to the other thing about Internet safety, which is one of your important aspects, and that is; how could it possibly be that details of my Medicare number could possibly have been acquired and then put up for sale on this Darknet?
Nigel Phair:Well, the way I’m seeing this on play is I’ve been pretty sure that what’s happened here has been a compromise at a Medical Centre or something similar. It’s someone who’s got bonafide authorized access to the Medicare Network, but they’re accessing patient records without authorization and outside the bounds of the scope of that medical practice. I think you’ll find then that persons or person again on the dark web and offering them for sale. When you say, “I’d like to know the Medicare numbers of Ross Greenwood,” and give you a date of birth which isn’t too hard, I think, to find out online.
They’ll now replay those Medicare data back to you and you can use that to transact in certain ways.
Ross Greenwood: Because you can use a Medicare number to identify yourself when you’re making a transaction, they might sometimes ask for two forms of identification, it might be your passport or your driver’s license and maybe your Medicare number. The other thing, of course that would be significantly of a concern, is that people could go into pharmacies and potentially acquire drugs or prescriptions as a result of this as well.
Nigel Phair:Absolutely. Both those scenarios are a simple thing to do. We have in Australia basically 100 points of ID which is a pretty much dead and very concept but one we keep sticking to. Medicare details are a large chunk of that 100 points. Once you work out where someone lives you just go around to their place town or from their letterbox take out their like gas, electricity or water bill and there’s the rest of your ID for your hundred points.
Ross Greenwood: Is there any way that authorities can potentially put this genie back in the bottle? Because it seems to mean if it’s out there, it’s going to be very hard to get that information back, unless you go and reissue brand-new cars right throughout the community and new forms of safety to make certain this can’t occur again.
Nigel Phair:Well, I’d like to think that they’re busy working, as we speak, trying to identify who that person or persons behind this is, and that could be done by an undercover transaction with the people that the worker then go through the audit process to see what details and what transactions have been accessed. When you think about it, whilst we travel a lot, certain medical centers in some areas really only deal with people from that area.
There must be a pretty solid audit regime going on, I believe, to look at what are the anomalies where medical practices and the like are accessing details from people completely unrelated to that area or the type of work that they do there.
Ross Greenwood: I’ll tell you what, Nigel, always great to have you on the program because you explain it so clearly to people. It is a worry and of concern that this is taking place right now. I should also make mention of Paul Farrell, a journalist from The Guardian newspaper, who did say, “I purchased my own Medicare card details from the dark web auctioneer for just $20 US. The vendor even uses a fake Australian government logo. In fact, they go by the name of the Medicare machine.”
This is the type of thing, this is your information, and as I say, it really is a situation where somebody could potentially acquire your identity by having that information as well. Nigel, as always, we appreciate your time here on Money News Tonight.
Nigel Phair:Thanks, Ross.
Other articles relating to Health: