Government computer networks breached in cyber attacks as experts warn of espionage threat
Austrade and the Defence Department’s elite research division, now named the Defence Science Technology Group, both suffered significant cyber infiltrations in the past five years by hackers based in China.
Sensitive Australian Government and corporate computer networks — including those holding highly confidential plans for a privately financed geostationary communications satellite — have been penetrated by sophisticated cyber attacks.
Intelligence sources say they suspect the attackers in these cases were sponsored by Beijing.
Four Corners has also confirmed Newsat Ltd, an Australian satellite company whose assets were sold off last year after the company went into administration, was so comprehensively infiltrated three years ago that its entire network had to be rebuilt in secret.
But these incidents, revealed for the first time, are only a fraction of the cyber attacks being waged against Australian governments and companies.
The Prime Minister’s cyber security adviser, Alastair MacGibbon, told the program the Australian Government was “attacked on a daily basis”.
“We don’t talk about all the breaches that occur,” he said.
Skilled hackers were able to infiltrate satellite company Newsat.
Former Central Intelligence Agency boss Michael Hayden, who also served for six years as the head of the US electronic spying division, the National Security Agency (NSA), said both Australia and the US had to harden up their defences and “protect their data” from foreign cyber attacks.
“It is what adult nation states do to one another,” he said.
“What my dad told me when I came home beat up from a fight once when I was about 10 years old: ‘Quit crying, act like a man and defend yourself’.'”
A spokesman for the Chinese Embassy in Canberra denied China had conducted any cyber espionage against Australian interests, calling such allegations “totally groundless” and “false cliches”.
“Like other countries, China suffers from serious cyber attacks and is one of the major victims of hacking attacks in the world,” he said.
Defence assets may have been target in BoM hack
Four Corners has also been given fresh details about the high-profile hack of the Bureau of Meteorology (BoM), which was officially confirmed by Mr Turnbull earlier this year.
Government and industry sources said the true targets for the cyber attack may have been defence assets linked to the BoM and its vast data-collection capabilities.
What is being hacked?
One was the Australian Geospatial-Intelligence Organisation, an intelligence agency within the Department of Defence which provides highly detailed mapping information for military and espionage purposes.
The other was the Jindalee Operational Radar Network (JORN), a high-tech over-the-horizon radar run by the Royal Australian Air Force.
JORN provides 24-hour military surveillance of the northern and western approaches to Australia but also assists in civilian weather forecasting.
Four Corners was told the cyber attack failed to reach into these networks, and that it was “sandboxed”, or contained within the BoM.
Intelligence sources confirmed the attack was attributed to China, which was again denied by Beijing.
Mr MacGibbon said he did not know what the intention was of the people who compromised the system.
“I would say to you that people who compromise systems will usually try to find a way to move laterally through it. If that means through a third party that’s what they’ll try to do,” he said.
The Australian Signals Directorate (ASD) has conducted detailed investigations into the cyber intrusion, but its boss, Dr Paul Taloni, declined to comment.
A former high-ranking intelligence officer told Four Corners the Defence Department itself had significant, unresolved, cyber-security issues and had “to look at itself”.
He confirmed that in about 2011 the Defence Science Technology Organisation had been successfully hacked by China-sponsored hackers, but declined to provide any further details citing national security concerns.
A spokesman for the Defence Science Technology Group said: “Defence policy is to not comment on matters of national security.”
Sensitive information ‘stolen for profit’
Mr Hayden said, however, China’s efforts against Australia had been primarily focused on “the theft of information, and really by and large the theft of information for commercial profit”, activities which he said go beyond acceptable state-on-state espionage.
The Newsat attack by China-based hackers may be a case in point.
“Given we were up against China, state-sponsored, a lot of money behind them and a lot of resources and we were only a very small IT team, it certainly wasn’t a fair fight for us,” Newsat’s former IT manager Daryl Peter said.
While the company carried communications for resources and fossil fuel companies, as well as the US military’s campaign in Afghanistan, Mr Peter said the real target for the cyber infiltration was its plans for a Lockheed Martin-designed satellite dubbed Jabiru-1.
“A company like Lockheed Martin, they have restrictions on the countries where they can build their satellites,” he said.
“So a country like China being able to get a hold of confidential design plans would be very beneficial for them because it’s not something they would see or be able to have access to.”
Cyber crime: Why you should care
Mr Peter was first told about the hack of the company in 2013 at a top-level meeting with ASD. The issue had come to a head because of Newsat’s advanced plans to employ a restricted encryption tool for use with the new satellite designed by the US Government’s NSA.
ASD refused to release the tool to Newsat until it tackled the sophisticated cyber intrusion, with intelligence officials telling the company its networks were “the most corrupted” they had seen.
“They actually said to us that we were the worst,” Mr Peter said.
“What came out of that meeting was we had a serious breach on our network and it wasn’t just for a small period of time, they’d been inside our network for a long period, so maybe about two years. And the way it was described to us was they are so deep inside our network it’s like we had someone sitting over our shoulder for anything we did.”
To rid the network of the infestation, Mr Peter had to build a parallel network in secret so as to not tip off the hackers that had been identified.
That work took almost a year and cost the better part of $1 million.
Mr MacGibbon said the revelations were no surprise.
“I can’t say which particular nation state would get involved in getting into a telecommunications system but I can understand why a nation state would,” he said.
“If you wanted to listen to someone’s communications that’s probably a good place to start.”
Austrade regularly challenged by security issues
Australia’s trade and investment commission, Austrade, has had persistent problems with cyber security, Four Corners has learned.
The discovery of a major infestation in the Austrade network was made during work that began in 2013 within the department to develop a new data centre and a redesigned IT infrastructure.
In March 2014, the agency’s cyber security regime underwent an ASD-designed security assessment required because Austrade not only carries sensitive communications but works closely with the Department of Foreign Affairs and Trade.
An intelligence community figure said the tests resulted in a “series of red flags”. He said the infiltration was “covering the network”.
Austrade brought in UXC Saltbush, a cyber security contractor, to investigate its networks and put mitigation works in place to prevent future breaches
Cyber security incidents increasing
A former high-ranking intelligence official said the Austrade breach followed a previous problem in 2011, which was a textbook example of a “successful [and] deeper penetration”.
Jim Dickins, an Austrade spokesman, said the organisation “faces ongoing and fluid challenges to its information technology security”.
“Austrade has worked with the Australian Signals Directorate on occasion to contain and eradicate threats but is unable to comment on specific instances. Mitigation strategies developed on those occasions are applied on an ongoing basis.”
The intelligence community figure said the problems had still not been entirely addressed because of the high cost of a comprehensive network-wide security upgrade, but Mr Dickins denied there were any “significant” persistent issues.
“Austrade is not currently dealing with any significant threats or breaches of its network,” he said.
A third intelligence source told Four Corners that “Austrade is inherently vulnerable” because of its international footprint and reliance on locally-employed staff.
“People are getting breached all the time,” he said.