Hackers target gold miner

A Canadian gold miner has become the latest target of hacker and digital activist group Anonymous.

The group has relaunched its #OpCanary movement, a strike against multinational corporations, with Canadian gold miner BCGold Corp its latest target, according to HackRead.

Anonymous hacked BCGold’s website and defaced its website, rickrolling the miner by posting a video of 80’s singer Rick Astley’s hit ‘Never Gonna Give You Up’.

However, it is understood that the group did not access the miner’s data.

{^youtubevideo|(width)425|(height)264|(rel)True|(autoplay)False|(fs)True|(url)|(loop)False^}According to Anonymous, it is targeting Canadian miners as the “Canadian government and judiciary shield their global mafia from accountability from their human rights abuses and environmental destruction worldwide”.

This is not the first time miners have been targeted by hackers.

Earlier this year a Ukrainian coal miner was amongst a group of critical infrastructure operations targeted, with hackers introducing malicious codes into their industrial control systems which shut down electric distribution networks and cut power.

Closer to home, NSW’s Department of Industry, Resources and Energy was the target of hackers.

The Department’s Maitland office came under attack in an attempt to access confidential resources commercial information.

“In December [2015], our IT systems noticed a marked increase in virus activity around our Maitland office,” a Department spokesperson said.

“The attacks were identified by specialist software we have in place to detect breaches to our firewalls. Given the ­increased levels of activity, we took further steps to ensure our systems were protected.

“We do not believe the ­attacks penetrated our systems, or that any data was ­accessed at this time.”

However they are yet to identify the person or groups behind the attack.

This is not the first time miners and mining information have come under attack by hackers.

In 2011 hackers broke into Federal Parliamentary email accounts to gain access to emails between ministers and Australian companies mining in China.

These hacking incursions came on the back of earlier Wikileaks releases showing BHP’s CEo at the time, Marius Kloppers, expressing his concern over Chinese surveillance and interference in BHP’s operations.

A recent E&Y Global Information Security Survey also highlighted mining and metals companies and associated groups becoming a target for hackers.

“The centralisation of many business functions across the supply chain as a result of increasing mining company cost rationalisation has made mining firms easy targets,” it explained.

“The centralisation of business functions has translated into the need for a more sophisticated IT system and network infrastructure to connect the geographically diverse workforce, which increases an organisation’s exposure to, and dependence on, the internet.

“With the trend toward remote operation to improve operational integration and cost efficiency, there is a convergence of IT and OT [Operations technology] which provides cyber hackers an access path to the operations systems from the internet. Further, OT systems are inherently less secure as many old systems were not designed with security in mind,” EY observed.

According to David Higgins, the regional director, ANZ, for WatchGuard Technologies, a cyber-security firm, there are a number of ways miners can protect themselves against digital incursions.

“It is recommended that organisations establish a layered approach to security to mitigate the risk of being affected cyber-attacks,” Higgins told Australian Mining.

“This requires the use of several highly effective security systems working cooperatively to stop threats at different stages of an attack. Some threats are sophisticated enough to bypass general security systems such as Anti-Virus, Intrusion Prevention or Anti-spam before being detected and quarantined by additional systems such as an Advanced Malware Detection provider.

“Alternatively, they may be able to bypass several security systems before being detected and managed by another part of an organisation’s defences.”

This is often referred to as the 'Cyber Security Kill Chain'.

“Other examples of potential threats may be an email from a trusted employee such as a Vice President sent to an employee requesting critical or sensitive data” he said.

“This is labelled as being a Spear-Phishing attack that directly targets individuals to gain access to an internal system, or larger organisation through a trusted supplier. Without training for scrutiny and awareness, most employees are vulnerable to these socially sophisticated attacks and can cost organisations considerable amounts of resources to resolve issues arising from a breach.

“Additionally, a key element in effectively managing network security is visibility of activity on a network. To do this, detailed network monitoring tools are an essential part of implementing layered security solutions and managing network issues.”

He went on to state that as some mining operations do not have the scale and resources to justify significant spend on an IT department and several appliances or services to provide effective layered security, this will likely make small and midsized organisations – such as BCGold – the preferred targets for cyber criminals given that they are easier targets than larger organisations.

“As a result, it is recommended that these organisations utilise a single Unified Threat Management appliance that leverages several top-performing security suppliers to minimise cost and management requirements, whilst delivering enterprise level security protection.”

Send this to a friend