Two of Nine's staff put out a podcast on 30 March in which some pretty crazy claims were made, illustrating the fact that the company, as is common with many big fish in small ponds, has a highly inflated sense of its own importance.
Nathanael Cooper and John McDuling even made mention of cyber war! It seems like everyone at Nine has been given instructions to make the incident look as grave as possible.
It takes a cynical infosec professional like DomainTools ace researcher Joe Slowik to put the whole thing in perspective:
Well that's one way to describe "macro-enabled document delivered via sketchy email, Mimikatz, Cobalt Strike, and ransomware bought off a forum" pic.twitter.com/xysi8rcxVB— Joe Słowik ? (@jfslowik) April 1, 2021
Claims about North Korea or Russia being behind the incident — which is looking more and more like a bog standard ransomware attack by some freelancers from Russia — appear to be an almighty stretch.
Wait, so there's no "ransom note" in the AU event, but victims were instructed to check for "Recovery_Instructions.html", which kind of sounds like a ransom note....https://t.co/3QMiHwIBDL pic.twitter.com/lm5cyr1vKH— Joe Słowik ? (@jfslowik) March 29, 2021
A similar ransom note from MedusaLocker was posted online by Slowik and it clearly says who should be contacted to negotiate a deal. I have posted it below, with the email contacts of the attackers removed.
Nine staff have been at pains to try and compare their own program on Kim Jong-un to the 2014 Hollywood film The Interview which got Kimbo all riled up. But how does Channel Nine, the company's prime TV channel, compare to Hollywood? Does it compare at all? Channel Nine is a small TV channel functioning from a country at the arse-end of the world.
Australian politicians generally have an over-inflated sense of their country's importance and this could be infecting Channel Nine as well. My mind goes back to the time when an Australian journalist asked the Taliban leader Mullah Mohammed Omar in the early 2000s whether his troops would attack Australia as well since it was joining the Americans in the war against them.
Omar simply laughed. He probably didn't know where Australia was on a map and that's true of a majority of the world's seven-billion-plus people.
Speculation that Vladimir Putin might be behind the ransomware attack sprang from the program the TV channel ran about Russia's use of chemical poisons to kill its enemies abroad, as part of its new Under Investigation series. But that was another stretch too.
One of the funnier aspects of the whole drama was the reaction of the editor of The Age, Gay Alcorn, who appeared to suddenly realise about two days after the first stories appeared that she needed to say something in order to appear clued in.
And so she came up with this screed, "oh poor us, we are suffering due to ransomware, and doing a great job nevertheless", a laughable story if ever there was one.
It's high time for some sober reporting from Nine about the attack. One of the reasons people have been turned off the mainstream media is because they are obsessed with themselves and also because they try to hype up events in order to suck in readers.
Asked for her take on the attack, Kaspersky senior researcher Noushin Shabab told iTWire that of 61 targets breached with targeted ransomware last year in the APAC region [graphic below courtesy Kaspersky], seven focused on media outlets and technology.
"On top of financial gain, motives have evolved to disrupt the digital reputation economy. One of the intents here is to steal data to then sell [it] on the dark web," she said. That's the reality. Not very exciting, but them's the facts.
The author worked for The Age for nearly 17 years until May 2016 and was the first online technology editor for theage.com.au and smh.com.au, from May 2002 to December 2005.