Analysis of the Australian Catholic University Cyber Attack Case Study

Verified

Added on 2022/11/25

AI Summary

This case study examines the cyber attack on the Australian Catholic University (ACU) that occurred on May 22nd, 2019, involving the theft of sensitive personal information. The attack was executed through phishing, compromising staff email accounts and university systems, leading to the exposure of login details, bank information, and calendars. The case study details the involvement of law enforcement agencies, including the Australian Federal Police and the Queensland Police Service's cyber crimes unit, and highlights the variations in investigating cybercrimes compared to traditional crimes, focusing on the use of digital artifacts and collaboration with specialized entities. It also explores the challenges posed by the cyber world, such as the difficulty in identifying perpetrators due to the use of fake IP addresses and obfuscation technologies. The study concludes by outlining the resources that could have assisted law enforcement, such as dedicated cybercrime laboratories and trained forensic investigators, emphasizing the need for advanced tools and expertise to effectively combat cyber threats.

CYBER ATTACK CASE STUDY: THE AUSTRALIAN CATHOLIC
UNIVERSITY CYBER ATTACK

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

What happened
The attack on the Australian Catholic University involved the hacking and theft of sensitive
personal information belonging to its staff; the event is reported to have taken place on may 22nd
2019. The attack was executed using phishing, resulting in several e-mail accounts belonging to the
affected staff and some of the university’s systems being compromised. The attacks resulted in the
log-in details of some staff being obtained and used in accessing the e-mails of the staff, in addition
to their bank details and calendars (Fellner, 2019).
Role of Law Enforcement
The law Enforcement were given a report of the cyber attack, including the Office of the Australian
Information Commissioner (OAIC) and the Australian Cyber Security Center. The crime falls
under the jurisdiction of the Australian Federal Police and they work with Local Law Enforcement
authorities to deal with cyber crimes. Unlike normal crime cases such as theft, the Australian law
Enforcement Agencies (Federal and State) work with other organizations such as the Australian
Cyber Security Center (Australian Catholic University, 2019). The Queensland Police Service has a
dedicated cyber crimes unit and were responsible for taking the report, available evidence, and
opening an investigations file into the cyber attack (Stewart, 2019).
Variation with Traditional Law Enforcement
The same principle is used in investigating traditional crimes and cyber crimes; it is based on the
victim, the evidence, and suspect making physical exchanges that create a link to the crime. The
evidence in cyber crimes, however, include digital artifacts, such as digital pictures, social media
site activity, IP (Internet Protocol) addresses, and other files of a digital nature. Investigating cyber
crimes also involves close collaboration with other entities other than law enforcement, such as data
recovery experts and firms that can be roped in to help find evidence (Sherry et al., 2015). The
crime ‘scene’ shifts from the physical environment to the ‘cyber/ digital’ environment and can
sometimes go across borders to other jurisdictions.
Effect of the Cyber World
The cyber world makes near-impossible to know for sure the perpetrators behind the attack and its
origins. Attackers can use fake IP addresses and the fact that evidence is digital rather than physical
(such as DNA samples) means finding the source of the attack is very difficult; the computer used
in the attack could have been used from a public access point and thereafter destroyed, making all
evidence unavailable (Stewart, 2019; Rogers, 2016). Attackers employ obfuscation technologies
that disguise their IP addresses; these obfuscation tools are legal and generally free- it is therefore
difficult to track and trace the sources of the attack.
Resources that Could have Assisted law Enforcement

A dedicated cyber crimes laboratory with advanced tolls such as packet tracers that can help in
tracking the source of the phishing e-mails. Law enforcement also need the physical computers that
were attacked as well as firewall and e-mail logs to know the time when the attacks were carried out
and the data packets. They also need specially trained cyber security and forensic investigators to
perform the reverse engineering of data packets and deep packet inspection to help unravel the
attack source and nail the culprit (Sherry et al., 2015).

References
Australian Catholic University (2019). Cyber attack on ACU IT systems. [online] Australian
Catholic University. Available at: https://www.acu.edu.au/about-acu/news/2019/june/cyber-attack-
on-acu-it-systems [Accessed 13 Sep. 2019].
Fellner, C. (2019). Australian Catholic University staff details stolen in fresh data breach. [online]
The Sydney Morning Herald. Available at: https://www.smh.com.au/national/australian-catholic-
university-staff-details-stolen-in-fresh-data-breach-20190617-p51yif.html [Accessed 13 Sep. 2019].
Rogers, M. (2016). Psychological profiling as an investigative tool for digital forensics. Digital
Forensics, 2, pp.45-58.
Sherry, J., Lan, C., Popa, R. and Ratnasamy, S. (2015). BlindBox. Proceedings of the 2015 ACM
Conference on Special Interest Group on Data Communication - SIGCOMM '15.
Stewart, R. (2019). Australian Catholic University suffers data breach impacting the personal
details of its staff | Cyware Hacker News. [online] Cyware. Available at:
https://cyware.com/news/australian-catholic-university-suffers-data-breach-impacting-the-personal-
details-of-its-staff-9c97875a [Accessed 13 Sep. 2019].

1 out of 4

Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support