Protecting data retained under the government’s new laws is almost impossible, a former hacker-turned-security-expert says.
Australia’s data retention legislation, passed earlier this year, means telcos and ISPs must retain customer metadata for up to two years.
Former black-hat, now white-hat hacker Kevin Mitnick said establishing a database which holds that much information is something hackers will be watching and could become a target.
“They’re extremely attractive because of the information it stores,” he said, adding the government needs to ensure the security standards protecting the centres is very high because “that’s a target-rich environment”.
He also said there would probably be a number of foreign nations which may target them as well.
“In my experience, everything has been hackable. Can it be defended? You can raise the bar extremely high and make it extremely difficult but at the end of the day, everything that I’ve seen out there has been broken. It’s just time, money and resources,” he said.
Once one of the FBI’s Most Wanted because he hacked into 40 major corporations just for the challenge, Mitnick explained that back in his hacking days during the ’90s, to bust into NEC he used to dial up to a modem in Australia to access its network because the systems were being too closely watched in the US.
“Australia is just as vulnerable as anywhere else in the world, I don’t think geographical location means you have better security standards. Of course I think geographical locations bodes to whether it’s a hotbed of hacker activity like Russia or Ukraine,” he said. “There’s always a way.”