I’m glad we’re not Optus customers. The theft of something like ten million customer records from the Telco’s databases is … frightening. I can understand why Optus would have a record of people’s phone numbers and addresses but it took me a while to work out why the company would have Medicare, licence, and passport numbers until I remembered that to buy a mobile phone (legitimately) you have to prove who you are with appropriate documentation.
The hacker’s intention was to extort money from Optus to prevent release of the stolen records on the dark web but the perpetrator apparently got cold feet and backed out of the theft, having released ‘only’ 10,200 of the records. S/he claims to have deleted the only copy of the data. Even if we believe that, there are still 10,200 people who have already been seriously inconvenienced. Some will have to get new drivers licences or new passports or new Medicare cards or new credit cards. All the rest will need to keep a close eye on their emails, letters, and phone texts for any sign of misuse of their data.
All of this raises a number of questions:
- Let’s say a person gives a passport number to verify identity. Does Optus have a direct link to the Federal Government’s database to check the data? If not, how does it work? The same goes for Medicare numbers and so on.
- Having confirmed a person’s identity, is there any need for Optus to keep this information? Properly deleted data can’t be stolen.
- Apparently the hacker was an amateur. How did s/he get into a supposedly secure system so easily? And now the breach has been widely publicised, have any other, more sophisticated, hackers done the same thing? Selling the data would bring in a substantial pay cheque without the fuss of a ransom attempt.
Optus is the kangaroo in the headlights on this one. But make no mistake, lots of other large organisations, as well as the Government, may well be vulnerable. Hopefully this will be a wake-up call to Chief Information Officers throughout the country to make sure their firewalls and their alarm systems are functioning as they should.
On a lighter note, I’ve just discovered an online art creation system called Midjourney. I have a number of Facebook friends who’ve played with the software with stunning results. It’s art created by an Artificial Intelligence and it’s currently still in development. The idea is that the user writes a description of what they want to see and the AI uses algorithms to interpret what is required. To do that, the AI analyses images across the web.
You type in a prompt and the AI dummies up four pictures. You can then choose one to get other ideas based on your selection until you (might) end up with one that works for you. Be warned, most of the results are dead ordinary and you’ll need a number of iterations. Needlessly to say, what this means in terms of copyright is not clear – beyond saying that no-one has a copyright on pictures made by an AI.
These are a few of my creations. It’s lots of fun. You can try it for free, but take the time to look at some of the Youtube videos to explain what to do. It’s not intuitive. The real pros take their Midjourney creations and take them up another notch or three in Photoshop. I’m not in that league yet so these are all straight out of Midjourney. I’ve typed the prompt I used under each picture.
I’m just playing with the medium. If you’d like to see what the pros can do, as well as a discussion on the copyright issue, take a look at Derek Murphy’s article. It’s worth it just to see the pictures.
All you artists out there, sorry, but the genie’s out of the bottle.
Love those Midjourney images. I may have to learn more about it and play around with that a bit. It would be great to create visuals for WIPs instead of having to rely on stock photo images. And yes, we have constant data breach announcements here, too. Seems like every other month some major corporation or the federal government has had a breach. We have monitoring software that alerts us to many data thefts. (And we’re glad it does!)