China-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia’s leading national security college and key defence research projects.
Federal government cyber security officials have been working with the university since detecting the cyber attack, assessing the scale of any information theft and who in China could be responsible for it.
The ANU conducts research that has defence, strategic, scientific, technological and commercial applications.
National security sources said the Chinese government was suspected of directing the cyber attack, but proving this may be difficult because hackers typically aim to hide their tracks. However, it has been confirmed by federal government officials that the cyber attack was launched from China and that the ANU computer network was significantly compromised.
“We can assume this cyber intrusion has involved the theft of information. The question is ‘what was sucked out and how sensitive is it?’” said a national security official. The official said the “clean up” by university staff and cyber security officials would also aim to safeguard the ANU’s computer systems against future attacks.
The ANU hosts the National Security College, which trains Australian defence and intelligence officials and often hosts meetings with senior national security officials in a secure room regularly swept for listening devices by ASIO.
A spokeswoman for the university confirmed the breach, saying the university had been “working to contain a threat to IT within the University”.
“The university has been working in partnership with Australian Government agencies for several months to minimise the impact of this threat, and we continue to seek and take advice from Australian government agencies,” she said.
“Current assessments indicate no staff, student or research information has been taken and counter-measures are being undertaken.”
Alex Joske, a China researcher for the Australian Strategic Policy Institute’s International Cyber Policy Centre, said the cyber attack was a major wake-up call.
“ANU has involvement in important Australian government projects. This hack might have been aiming to steal information for commercial gain or for strategic or technological gain for the Chinese military,” Mr Joske said.
“There has been a lack of caution on the part of Australian universities in their dealings with China. Australian universities need to keep working closely with the Australian government on cyber policy.”
The attack raises questions about China’s compliance with an agreement Beijing struck with the Turnbull government in April last year. The two countries promised not to hack one another for the purposes of stealing intellectual property, trade secrets or confidential information.
The accord, which was signed after Prime Minister Malcolm Turnbull raised cybertheft directly with Chinese Premier Li Keqiang, includes a mechanism for raising issues and incidents that could cause problems between the two countries.
The Turnbull government has been considering the role of government agencies such as the Australian Signals Directorate in protecting the nation’s critical infrastructure. It is understood to be looking closely at Britain’s National Cyber Security Centre, which plays an active role in blocking cyber attacks on organisations outside the British government.
Experts such as Dorothy Denning, a Professor of Defence Analysis at the US Naval Postgraduate School, have claimed that China has used hackers to steal “more secrets from businesses and governments than any other country”.
In 2015, it was revealed that hackers directed by a foreign government had infiltrated the Australian Bureau of Meteorology’s IT system using malicious software, known as “malware”. The intrusion led to the theft of information and potentially compromised the computer systems of other government agencies. Experts also blamed China for this attack.
A statement from the Minister for Law Enforcement and Cyber Security, Angus Taylor, said the Australian Cyber Security Centre had been working with the university for several months “to provide support on this matter”.
“The Australian Government condemns any malicious activity that targets Australians and Australian networks.
“We know that nation states and criminal groups actively target research and tertiary institutions to steal the intellectual property of hardworking Australians.”
Mr Taylor said “malicious cyber activity against Australia’s national interests, whether from criminal syndicates or foreign states, is increasing in frequency, sophistication and severity, and the Australian Government’s highest priority is ensuring Australians are safe and our interests are secure.”
Chinese hackers have previously been blamed for the Titan Rain cyber attacks in the US which involved the theft of sensitive defence information from private and public agencies. The number of cyber attacks dropped after the US and Chinese governments agreed in 2015 to stop government sponsored cyber hacking of commercial secrets.
President Donald Trump has also accused China of using hackers to steal US intellectual property.
In October, there were calls from Australian cyber-security experts for the Australian government to “name and shame” countries behind state-sponsored hacking after a major breach of a defence subcontractor.
Thirty gigabytes of unclassified but commercially sensitive data were stolen by hackers who accessed the systems of a Department of Defence subcontractor with lacklustre security protocols. The data included information about the $14 billion Joint Strike Fighter program, Australia’s next fleet of spy planes and several of its naval warships.
While the Australian government did not blame any country for the attack, a senior cyber-security official suggested it was carried out by state-sponsored hackers and that a tool popular with Chinese hackers was used to execute the breach.
Authors: Nick McKenzie & David Wroe
Source: Sydney Morning Herald