China 'behind' huge ANU hack amid fears government employees could be compromised

Discussion in 'Networking and Security' started by themickey, Jun 5, 2019.

  1. themickey


    By David Wroe
    June 5, 2019 — 11.45pm
    China is the key suspect in the theft of huge volumes of highly sensivite personal data from the Australian National University, which intelligence officials now fear could be used to "groom" students as informants before they move into the Australian public service.

    The hacking, which occurred despite the government's elite electronic spy agency last year helping the university bolster its cyber defences, hoovered up 19 years’ worth of personal data including bank numbers, tax details and academic records of students and staff.

    Senior intelligence figures have been alarmed by the scale of the breach and the possible motivations behind it, with widespread ramifications for other Australian universities.

    The Sydney Morning Herald and The Age can reveal the intelligence community fears the data will be used to target promising young students in the hope they can be used as informants as they move through their careers, notably in government departments and even intelligence agencies.

    All ranks of the public service, including the Defence Department and secret intelligence bodies like the Australian Security Intelligence Organisation, are littered with ANU alumni.

    Australian officials regard the latest hack as a major national event following breaches of federal Parliament’s computer network and the Liberal, Labor and National parties last year.

    One source said that Chinese intelligence had likely learnt from other sophisticated international players such as Russia. During the Cold War, the then Soviet Union used long-term tactics such as contacting or recruiting western students at prominent universities. Among the most famous were the “Cambridge five”, the ring of British diplomats and spies who had been secretly recruited by the KGB while they were at Cambridge University.

    Authorities have described the ANU attack - the second on the university in a year - as "sophisticated", indicating it is almost certainly a foreign government rather than a criminal group or politically motivated hackers.

    While it is understood there is no clear evidence yet that Beijing is behind the attack, sources said China was one of only a handful of countries able to carry out such a breach while remaining undetected.

    The university’s vice-chancellor, Brian Schmidt, has admitted the breach was detected only a fortnight ago even though it began late last year, meaning the hackers had access to data for at least five months.

    About 200,000 current and former students and staff have had their data accessed - including personal details, contact information, tax file numbers, bank account numbers, passport details and academic records.

    The breach happened right across the university, including the prestigious National Security College, which mid-career government officials attend for short courses. It is understood that the college keeps no classified data.

    The university is also home to the influential School of Strategic and Defence Studies and the Crawford School of Public Policy - both of which have deep links with government departments and agencies.

    Intelligence officials are understood to hold a range of concerns about how the data could be exploited, including using it to build profiles of existing government officials based on their backgrounds.

    The more immediate prospect is that the Chinese agencies could target promising young students who might also have personal vulnerabilities that are revealed through data stolen from the university’s computers.

    The success of the hack and the length of time it took to be detected has concerned Australian authorities because the university upgraded its cyber defences after a previous attack that was revealed a year ago.

    One intelligence official said: “China probably knows more about the ANU’s computer system than the ANU does.”

    A spokesman for the Australian Signals Directorate, the nation’s electronic spy and chief cyber defence agency, said the latest hack was “a salient reminder that the cyber threat is real and the methods used by malicious actors are constantly evolving”.
    Nobert and Stockolio like this.
  2. Overnight


  3. comagnum


    IT secutity 101 - Use Geo-IP filtering in your firewall - the fist thing you block is China.
    nooby_mcnoob and Overnight like this.
  4. This SMH story doesn't pass the smell test, as usual -- it smells like a propaganda psy-op, likely originated from US neocon schemers or the CIA to elicit public support for ban against Huawei and other Chinese businesses (more bans coming IMHO).

    Assuming the breach has actually happened, the most likely culprit would be the CIA / Mossad, or their contractors. Last but the least, the world's most skilled, successful players at targeting personal vulnerabilities in politics are living in the US, the UK, and Israel.
    comagnum likes this.
  5. d08


    But that's assuming the Chinese are not using VPNs or proxies. I seriously doubt they don't use any layering.
  6. d08


    While you're not wrong, it's a mistake to assume that because X is bad, Y must be better. Chinese intentions are definitely not good.
    luisHK likes this.
  7. comagnum


    Well stated, I thought the same thing when I read the article. Clearly propaganda from the only ally the U.S. still has left that will blind follow our every move. Besides, universities are a low value target for sophisticated hackers. This notion of grooming students by leveraging their report cards, or how they financed their education is ludacris. Besides, recruiting & HR companies have had access to students university data for decades now.

    As someone pointed out - just because their IP addresses are in China does not mean the hacking is coming from China, any decent hacker will conceal their source IP origination - I suspect a great deal of the hacking from the China IP's has been the NSA, Russia, etc.
    Last edited: Jun 6, 2019
    elitenapper likes this.
  8. Overnight


    Just because an IP indicated it is from China, doesn't mean it is from China. The phone companies are dealing with that now. Too bad Mr. Mayhem will get all their shit before they figure it out.