Aust to 'hack the hackers' behind Medibank

Cybersecurity Minister Claire O'Neil has vowed to bring the Russian hackers believed to be behind the Medibank data breach to justice.

Ms O'Neil said the government would launch a new cybersecurity policing operation to break networks of hackers stealing private information of Australian citizens.

"You're entitled to keep information about your health ... completely private. That is your right and it's been stolen from you by Russian thugs," she told reporters in Melbourne.

"Our message today is that those thugs should watch out. We're going to hack the hackers."

She said the operation would collect intelligence and identify the ring-leaders, networks and infrastructure to disrupt and stop their operations "regardless of where they are in the world".

Attorney-General Mark Dreyfus said the 100-office-strong, joint-standing cybercrime operation targeting the hackers would be led by the Australian Federal Police and the Australian Signals Directorate in a permanent and formalised arrangement.

"The AFP is working day and night on this problem. It's working with international partner agencies ... including the FBI," he said.

Mr Dreyfus said "all options remain on the table" when asked about any possible moves to expel Russian diplomats but quickly emphasised the government's preference is "to maintain diplomatic channels".

He maintained that would not slow down the work of national security agencies.

Mr Dreyfus called on Russia to do "all that it can do to ensure people who are within its borders are not engaging in this kind of criminal activity".

The announcement comes after AFP Commissioner Reece Kershaw confirmed a network of Russian criminals was behind the cyber attack on Australia's largest health insurer Medibank.

Mr Kershaw had a blunt message for the people responsible for the hack.

"We know who you are," he said.

"The AFP has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system."

Mr Kershaw said the crime had the potential to impact millions of Australians and damage a significant Australian business.

"This cyber attack is an unacceptable attack on Australia and it deserves a response that matches the malicious and far-reaching consequences that this crime is causing," he said.

Mr Kershaw said talks would be held with Russian law enforcement about the individuals involved, who were known but would not be publicly named at this stage.

He emphasised Russia benefited from the intelligence sharing through Interpol "and with that comes responsibilities and accountabilities".

But the Russian Embassy in Canberra protested Mr Kershaw's assertion about the hack's Russian origins.

"For some reason, this announcement was made before the AFP even contacted the Russian side through the existing professional channels of communication," it said in a statement.

"We encourage the AFP to duly get in touch with the respective Russian law enforcement agencies."

Opposition cyber security spokesman James Paterson said the disclosure opened up the possibility of sanctions under Australia's Magnitsky regime.

The regime, passed with bipartisan support in December 2021, enables the imposition of targeted financial sanctions and travel bans in response to serious corruption and significant cyber incidents.

The hackers have since released more sensitive details of customers' medical records on the dark web, including data on abortions and alcohol issues.

It follows Medibank's refusal to pay a ransom for the data, with almost 500,000 health claims stolen, along with personal information.

Medibank has created a one-stop shop of mental health and other support services that can be accessed by affected customers via its website.