Personal Data Potentially Exposed By Relentless Attacks On Australian Government Computers

04/12/2015 5:41 AM AEDT | Updated 15/07/2016 12:51 PM AEST
NEW! HIGHLIGHT AND SHARE
Highlight text to share via Facebook and Twitter
OcusFocus via Getty Images
hacker man without face in black hood mask and gloves sitting in business digital crack , assault of privacy and coded data, hacking expert sensitive information cracker and cyber crime concept

The accelerating digitisation of Australia’s personal data is leaving it exposed to global cyber attacks such as the one leveled at the Bureau of Meteorology (BOM) earlier in the week, experts say.

The recent attack on government systems on the BOM is believed to have emanated from China in what experts suspect was an “exploratory” attack on the network.

The BOM owns one of Australia's largest supercomputers and provides critical information to a host of agencies, including the Department of Defence at Russell Offices in Canberra.

But Cyber Security firm Nuix chief executive Eddie Sheehy told The Huffington Post Australia it was impossible to know at this stage just how serious the attack was.

“There isn’t enough information out there to know what happened,” he said.

“Until you actually see the data it’s unrealistic to know whether it was a teenager, or whether it was a real act.”

Sheehy cited the recent attack of a British telco described as sophisticated and previously unseen.

“And three weeks later it turned out to be a 15-year-old,” he said.

“He was not a complex hacker. He was just trying it on.”

He said however the BOM hack could be more serious and the work of commercial operators, terrorists, and nation state or even philosophical hackers.

“There’s a lot of data being produced on that super computer and it also has a huge amount -– more than likely –- of links into third party agencies. That indirect attack is the bit where you just don’t know, and it gives you lots of worries.”

University of Sydney Business School cyber security expert Associate Professor Philip Seltsikas said the big question was why the weather bureau was hacked.

“If you start thinking that way then you start to think that they are not really the target, it was intended for another agency, another department, that the BOM might be linked to,” he told the Huffington Post Australia.

“It may have been a weak entry point to some other potentially military or aviation, other users of the information the BOM would be processing.”

He said while this was the most likely reason for the attack, however evidence of where the attack came from was scant.

Seltsikas also expressed worry about the accelerating pace of digitisation of data.

"It can be all for good use as well, but if something goes wrong there can be big issues," he said.

The BOM has since said its systems were fully operational following the hack.

China has denied any involvement in the attack.

"As we have reiterated on many occasions, the Chinese government is opposed to all forms of cyber attacks," Chinese foreign ministry spokeswoman Hua Chunying told the ABC.

Australian Strategic Policy Institute (ASPI) executive director Peter Jennings said there was evidence China was behind the hack.

"We certainly know that among the most active intelligence gatherers is Chinese intelligence," Mr Jennings said.

"So what we understand of the Chinese attack on the BOM is entirely consistent with what we know of how Chinese intelligence operates."

Sheehy said a reality of cyber security is the burden of responsibility has ended up on the defender, who must guard their information constantly.

"The odds are stacked against the defender," he said.

"So the defender has to cover every single access point 24 hours a day, seven days a week, 52 and a half weeks a year.

"The attacker has to just get it right once."

News of the cyber attack comes as the government released a second draft of legislation to require telecommunications providers to increase network protection and strengthen oversight to government agencies to intervene for the purpose of protecting national security.

Seltsikas and Sheehy cited the 2013 Target hack -- where black-hats used vulnerabilities in an air conditioning system to harvest up to 40 million credit card details.

Target on Thursday agreed to pay out $US39 million for the attack.

“That’s a classic example of going in through a weak point,” Seltsikas said.

More On This Topic

Advertisement
Advertisement