Cybersecurity: What a convicted hacker thinks Australia is lacking in cybersecurity

In 1998, Skeeve Stevens was jailed for a hack that was described at the time as Australia’s most “notorious” internet cybercrime. Today, it sounds very similar to the breach that hit Optus in September.
Under the pseudonym Optik Surfer, Stevens hacked internet provider AusNet and shared the credit card and personal details of 1200 people with journalists. His aim was to lay bare the shortcomings of AusNet’s system. For his actions, he was jailed for 18 months.
These days Stevens spends his time consulting with state and federal police, intelligence agencies, the Australian Defence Force and law firms, among others, discussing the weaponisation of technology.

Here’s what he wants you to know about the state of cybersecurity in Australia, who is drawn to hacking, and why they turn criminal.

Money aside, why do people hack?

Stevens told The Feed: you don’t “become a hacker, you kind of always are.”
It’s for people who are curious, talented, but mostly, it’s for people who like puzzles. Stevens just wanted to keep prodding to see where it would take him. Decades ago he hacked into Australian universities, vending machines, and even US agencies, just to see if he could.

“I thought ‘oh that’s cool, now if I do that, do I get that? Does this plus that equal that?” he said.

But he said hackers can veer towards criminality when their skills and talent aren’t met with enough ethical guidance during their learning process.
“I’ve seen eight-year-old girls that are coding three [computer] languages. Some of our kids are amazing,” he said.

“But are they being guided by teachers that can actually help harness and frame those skills? This is where you’re going to end up with bad actors or bad hackers.”

What is missing in Australia’s approach?

Stevens said the first thing Australia is lacking is literacy around cyber security at various levels. He said it starts with the average Australian and extends all the way to those making decisions about data collection and storage.
“There’s a lot of ‘FUD’ in the industry: fear, uncertainty, and doubt from officials,” said Stevens, noting that companies and politicians should be clearer in their communication and messaging.
While cyberattacks are commonplace and…