{"id":6577,"date":"2021-01-10T23:28:21","date_gmt":"2021-01-10T23:28:21","guid":{"rendered":"https:\/\/www.radiofree.org\/?p=148312"},"modified":"2021-01-10T23:28:21","modified_gmt":"2021-01-10T23:28:21","slug":"reserve-bank-investigates-cyber-attack-latest-in-nz-digital-breaches","status":"publish","type":"post","link":"https:\/\/radiofree.asia\/2021\/01\/10\/reserve-bank-investigates-cyber-attack-latest-in-nz-digital-breaches\/","title":{"rendered":"Reserve Bank investigates cyber attack \u2013 latest in NZ digital breaches"},"content":{"rendered":"<div><a href=\"https:\/\/asiapacificreport.nz\/wp-content\/uploads\/2021\/01\/NZ-Reserve-Bank-RNZ-680wide.png\" data-caption=\"The NZ Reserve Bank says it is investigating the breach, which may have exposed &quot;commercially and personally sensitive information&quot;. Image: Alexander Robertson\/RNZ\"><\/a>The NZ Reserve Bank says it is investigating the breach, which may have exposed &#8220;commercially and personally sensitive information&#8221;. Image: Alexander Robertson\/RNZ<\/div>\n<div>\n<p><em>By <a href=\"https:\/\/www.rnz.co.nz\/news\/\">RNZ News<\/a><\/em><\/p>\n<p>A cyber security expert says attacks like the latest on the Reserve Bank could be due to the type of data systems they are using.<\/p>\n<p>The Reserve Bank <a href=\"https:\/\/www.rnz.co.nz\/news\/national\/434299\/reserve-bank-likely-hacked-by-another-government-expert\">revealed yesterday<\/a> a third party file sharing service it uses, which contains some sensitive information, had been hacked.<\/p>\n<p>It is the latest after a string of cyber attacks in the past year targeting several major organisations in New Zealand, including the NZ Stock Exchange \u2013 which had its servers knocked out of public view for nearly a week in August.<\/p>\n<p>Titanium Defence cyber security expert Tony Grasso, who was the cyber lead at the Department of Internal Affairs, told <em>Morning Report<\/em> file sharing systems could weaken security.<\/p>\n<p>Grasso said there were still lots of questions about the breach to be answered.<\/p>\n<p>\u201cThe question that will be on my mind, and I\u2019m sure this will be what they\u2019re looking at is, who got in, how did they get in, and more importantly, what information has been taken from this file share, but more interestingly than that, have they got from the file share onto the bank systems internally?\u201d<\/p>\n<p>However, he said it would be hard to say who could be behind the breach at this stage.<\/p>\n<p><strong>Foreign intelligence agency?<\/strong><br \/>\u201cYou have to always keep in mind it may be a foreign intelligence national agency whenever something as big as the Reserve Bank \u2026 any government department within reason, you always have to have that at the back of your mind,\u201d he said.<\/p>\n<p>\u201cIt would be interesting to find out how they were caught. Our detection systems here are good, if it\u2019s one of those systems that have come from another government agency, a more sensitive government agency, that may indicate it was a foreign actor, or these days criminal gangs are getting together and they\u2019ve become an industry on their own and are really good at getting into organisations.<\/p>\n<p>\u201cImagine the ransom you could put on the Reserve Bank if you encrypted all their data, for example.\u201d<\/p>\n<p>Grasso hoped for a more detailed report from the Reserve Bank on who it could be.<\/p>\n<p>\u201cThe Americans are very good at saying \u2018it was definitely a foreign government\u2019 and they normally name them as well. It would be good to know if it was that, if it was a criminal organisation or if was it a just a lone wolf \u2013 we have loads of these in our industry.\u201d<\/p>\n<p>The Reserve Bank said sensitive information \u201cmay\u201d have been breached.<\/p>\n<p>The type of information exposed would depend on who the third party was, Grass said.<\/p>\n<p><strong>Third party may be IT provider<\/strong><br \/>\u201cA third party could be just an IT provider and they\u2019re just sharing architecture documents, that would be bad of course. But it could be information around covid for example.<\/p>\n<p>\u201cIf they were working with external agencies about the recovery of the company from covid \u2026 it could be papers around how we\u2019re planning for our recovery, I mean who knows.<\/p>\n<p>\u201cI would hope that sensitive stuff like that isn\u2019t held in a third party file server, I\u2019m fairly sure it wouldn\u2019t be.\u201d<\/p>\n<p>He said even if its own systems were very secure, having a third party who was insecure connecting to the systems could bring a threat.<\/p>\n<p>Yesterday, Reserve Bank Governor Adrian Orr said they were investigating the breach with experts and authorities.<\/p>\n<p>\u201cThe nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information.<\/p>\n<p>\u201cIt will take time to understand the full implications of this breach, and we are working with system users whose information may have been accessed. Our core functions remain sound and operational.\u201d<\/p>\n<p>The Reserve Bank declined a request for an interview with <em>Morning Report<\/em>.<\/p>\n<p><em>This article is republished under a community partnership agreement with RNZ.<\/em><\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"https:\/\/asiapacificreport.nz\/2021\/01\/11\/reserve-bank-investigates-cyber-attack-latest-in-nz-digital-breaches\/#\" rel=\"nofollow\" title=\"Printer Friendly, PDF &amp; Email\"><img src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-pdf-button.png\" alt=\"Print Friendly, PDF &amp; Email\" \/><\/a><\/div>\n<\/div>\n\n<p class=\"syndicated-attribution\">This post was originally published on <a href=\"https:\/\/www.radiofree.org\/2021\/01\/10\/reserve-bank-investigates-cyber-attack-latest-in-nz-digital-breaches\/\">Radio Free<\/a>. <\/p>","protected":false},"excerpt":{"rendered":"<p>The NZ Reserve Bank says it is investigating the breach, which may have exposed \u201ccommercially and personally sensitive information\u201d. Image: Alexander Robertson\/RNZ By RNZ News A cyber security\u2026<\/p>\n","protected":false},"author":400,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[338,1732,1647,1733,5,365,387,1734,1735,255,4,12,1736,368,602,417,142,369,1737],"tags":[],"_links":{"self":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6577"}],"collection":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/users\/400"}],"replies":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/comments?post=6577"}],"version-history":[{"count":1,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6577\/revisions"}],"predecessor-version":[{"id":6578,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/6577\/revisions\/6578"}],"wp:attachment":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/media?parent=6577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/categories?post=6577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/tags?post=6577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}