Australia’s emergency warning system hacked to deliver flood of messages

Spam rains down on service subscribers

UPDATED Australia’s Emergency Warning Network (EWN) suffered a data breach after hackers gained access to its systems and sent messages to thousands of users.

Luckily for the organization, which handles weather, fire, and other emergency warnings for councils across the country, the hackers didn’t use the opportunity to spread a fake alert or distribute malicious URLs.

Instead, they sent a message via text, email, and landlines reading: “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues.”

The message included a link to EWN’s customer support services website, suggesting that users might wish to unsubscribe from the service.

EWN says it’s working with the Police and Australian Cyber Security Centre to investigate the breach, adding that the link in the message was “non-harmful”, and that no personal information was compromised.

“The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to login and post a nuisance spam-notification to some of our customers,” it said in a statement.

“EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out.”

However, thousands of users still received the message – including residents of Queensland, where alerts through the system are believed to have saved thousands of lives during the recent bush fires.

EWN has confirmed that the attack appears to have originated in Australia. ABC News said messages were sent out to “tens of thousands” of people.

Given the nature of the messages and the fact that the links were non-harmful, it appears that the hack was conducted in an effort to damage the organization’s reputation.

Kerry Plowright, CEO of EWN, took a firm stance against the perpetrators.

"Regarding intent, it was definitely malicious and we believe we know who it is,” Plowright told The Daily Swig yesterday.

Warning shot

The breach highlights the risks inherent in emergency warning systems, which could potentially allow hackers to wreak havoc by issuing fake emergency alerts.

This time last year, for example, Hawaii’s state government mistakenly issued a false incoming missile warning through its emergency alert system.

Days later, Japanese public broadcaster NHK did the same, thanks to accidental misuse of its warning system.

This article has been updated to include comments from Kerry Plowright