The Weekly Cybers #63
Fallout from last week’s superannuation company hacks, AI passes the Turing test (or not), and yet another call for a civilian cyber reserve.
The Weekly Cybers #63 | 11 April 2025
Welcome
News of the last week’s hack of some of Australia’s major superannuation companies has probably been the highest profile digital story in Australia this week.
Meanwhile, has AI passed the famous Turing test? Probably not, but how about we create a civilian cyber corps in any event, just to be safe?
There’s a bunch of smaller stories too — smaller in the sense that I’m not writing much about them — so read on.
OK, the superannuation hack is kinda important
I didn’t pay much attention to the Australia superannuation hack last week because in many ways it’s just like all the rest. A lack of two-factor authentication meant that Bad People could use stolen passwords, and as always many people would have been using the same passwords that the Bad People found in other data breaches.
Some would say this doesn’t even count as a “hack”, given there was no tricky technical aspects to it, although personally I think that semantic battle has long since been lost. Hack or plain old data breach, accounts were accessed without permission and money was stolen. Maybe this is just me.
Anyway, according to cybersecurity news service Risky Business, five major funds were hit: Australian Retirement Trust, AustralianSuper, Hostplus, Insignia Financial, and Rest. “Two other funds — Hesta and Mercer — said their members weren’t affected, although they didn’t deny being targeted,” they report.
While around $500,000 was stolen, at least according to early reports, that’s across all five funds that were attacked, and all affected customers. In the grand scheme of “major hacks” it’s not really that much — although one unfortunately customer reportedly lost $300,000 in one go.
The National Cyber Security Coordinator has warned of scams following the superannuation hack, with Bad People pretending to be victims’ super funds and offering to “help”.
Superannuation funds are prime targets for Bad People. They often contain large amounts of money, and once the account-holder has reached retirement age they’re able to withdraw lump sums fairly easily. People rarely check their accounts, so hacks can go unnoticed for some time.
Meanwhile, AI has increased opportunities for fraud and deception.
CHECK YOUR PASSWORDS: It’s always a good time to check with ';--have i been pwned? to see whether any of your passwords have been compromised.
Does Australia need a civil cyber reserve?
Your writer was amused to see a call for a civilian cyber reserve at ASPI’s The Strategist this week. Such an organisation might use the state emergency services as its model.
“By setting up such a reserve, the federal government can overcome a shortage of expertise in cybersecurity and increase national resilience to cyber threats,” write Samuli Haataja, an associate professor at Griffith University. and Dan Svantesson, a professor at Bond University.
It’s a reasonable idea, and it would follow similar initiatives in Estonia and even a pilot program the US.
Why am I amused? Because this idea has been floated many, many times before.
Back in 2019 I wrote about a sharpened call for an Australian cyber civil defence organisation, listing similar such calls dating back to at least 2012. There was even a Labor proposal in 2020. However it’s never progressed beyond the brain fart stage.
It’ll be interesting to see whether anything happens this time.
ChatGPT passes Turing test, or does it?
Now here’s a headline: “Terrifying study reveals AI robots have passed ‘Turing test’ — and are now indistinguishable from humans, scientists say.”
“The dystopian lessons in every sci-fi movie from Terminator to Ex Machina appear to be coming true,” apparently. Wow.
Look, check this piece in The Conversation which argues yeah nah not so much. And anyway, is the Turing test even relevant?
Also in the news
- In case you’re wondering how Australia’s social media age restrictions are going and need a good summary, well, we’re no closer to knowing how it would work, although Melbourne-based blockchain technology firm ShareRing has started trials with students in Darwin. Why blockchain would help with any of this is a complete mystery to me.
- The government spent $2.7 million with X for advertising in the first year it was owned by Elon Musk, despite having announced a pause on spending from 29 September 2022. If you are so inclined, here’s the full audit report.
- The Mandarin has some interesting analysis, “What Signalgate tells Australian officials about secure channels and disappearing ones”.
- Also at The Mandarin, news that NSW is pressing ahead with digital credentials rather than waiting for the federal government.
- Experts from the University of NSW have called for stricter regulation of dating apps after their research revealed that child sex offenders use the services at “high rates”.
- Western Sydney University has posted notification of two more data breaches. They’re not having a good run.
- From Cyber Daily, “Women aged between 45 and 54 in the state of NSW are most likely to fall victim to retail scams, losing on average $1,034 to each incident”.
- Australia’s baseline broadband speeds could rise from 25 Mbps to 100 Mbps.
- The Australian Communications and Media Authority (CMA) has published the latest telco complaints-handling performance report, covering October to December 2024.
IF YOU’VE FOUND THIS NEWSLETTER HELPFUL, PLEASE SUPPORT IT: The Weekly Cybers is currently unfunded. It’d be lovely if you threw a few dollars into the tip jar at stilgherrian.com/tip.
Elsewhere
- From Platformer, “From Meta to Nvidia, tech CEOs are paying the president to get the outcomes they want — and it’s working.”
- From 404 Media, “‘Elon Musk’ was a prolific money launderer for hackers and drug traffickers. It was secretly the FBI.” That’s not the actual Elon Musk, obviously.
- From The Conversation, a discussion of a point I’d have thought would be obvious but, you know, people: “Friend, tutor, doctor, lover: why AI systems need different rules for different roles”.
- The UK is creating a “murder prediction” program which it hopes, as the Guardian puts it, “can use personal data of those known to the authorities to identify the people most likely to become killers”.
Inquiries of note
- I thought we’d have no new inquiries during the caretaker period, but in this week’s biggest tech and comms news, the Australian Competition and Consumer Commission (ACCC) is “seeking stakeholder feedback on its preliminary view to not object to Australia Post’s proposed stamp price increase of 13.3% from mid–2025”.
What’s next?
The Australian government is currently in caretaker mode before the federal election on Saturday 3 May, so there will be policy pitches but few real actions before then.
Next Friday 18 April is the public holiday for Good Friday, and Friday 25 April is Anzac Day, so the next two editions of this newsletter will appear on Thursday afternoon.
DOES SOMETHING IN THE EMAIL LOOK WRONG? If there’s ever a factual error, editing mistake, or confusing typo, it’ll be corrected in the web archives.
The Weekly Cybers is a personal look at what the Australian government has been saying and doing in the digital and cyber realms, on various adjacent topics, and whatever else interests me, Stilgherrian, published every Friday afternoon (nearly).
If I’ve missed anything, or if there’s any specific items you’d like me to follow, please let me know.
If you find this newsletter useful, please consider throwing a tip into the tip jar.
This is not specifically a cyber security newsletter. For that that I recommend Risky Biz News and Cyber Daily, among others.