Chilling reasons behind political cyber attack
SOPHISTICATED foreign cyber spies may still be inside the Australian federal parliamentary network, and accessing files and communication from all three major political parties in an unprecedented hacking attack on some of the country's most sensitive information.
Australia's top online security Adviser admitted some "forensic evidence" had already been destroyed in the attempt to stop intruders accessing sensitive files, and officials may never confirm the "state actor" breaking into the country's networks.
But cyber security experts warned this online break-in would not be the last, and foreign attacks "would keep coming" as Australia approached its next national election this year.
Prime Minister Scott Morrison revealed the latest cyber attack on the Australian Parliament House network computer network on Monday, in what he said appeared to be the work of "a sophisticated state actor".
Despite a limited number of countries able to mount such a sophisticated attack, Australian Cyber Security Centre head Alastair MacGibbon said the Centre could not confirm who was behind the incident, their intent, or even if they were still accessing Australian political networks.
The announcement, he said, was in part to let the spies know Australian technical experts were on their tail.
"Given the sophistication of who we're dealing with, it would be churlish of me to suggest that our initial actions to get them out will be the only action we have to take," Mr MacGibbon said. "Any sophisticated hacker will make sure that they have multiple ways into systems and multiple ways out.
"Our job is to make sure that we take what is world's best practice, working with our allies of course, to understand who it is, what they were trying to do, and to get them out of our networks that are so vital to us as a nation."
But Mr MacGibbon said initial efforts to stop hackers gaining access to critical information had resulted in the removal of "some of the forensic evidence that we were interested in" and could mean Australia may not be able to confirm the country behind the attack.
UNSW Canberra Cyber director Nigel Phair warned cyber attacks on federal government targets would "absolutely keep happening" in the lead-up to the next federal election, and this attack was "very sophisticated" and could have seen sensitive information leak already.
"The attack would definitely have been designed to access data. It would have been to get files," he said.
"I'll give them the benefit of the doubt until we hear the outcome of the investigation but there's every chance we won't hear the full outcome."
Mr Phair said accessing Australia's parliamentary email system would have given the spies a look at inner workings of parliament and politicians, indications of how politicians voted or intended to vote, their calendar commitments, and a virtual "treasure trove" of information.
Cyber security consultant Thomas Jreige said depending on "data retention requirements," the cyber spies may have gained access to up to seven years' of high-level communication.
He said the break-in may have been the result of a "brute force attack," and could indicate that stronger security policies were needed in Australian government IT systems.
The successful cyber attack on Australian targets is not the first, however.
The Parliament House email network was also broken into in 2011, with computers belonging to then Prime Minister Julia Gillard, then Foreign Minister Kevin Rudd, and eight other federal politicians compromised.
Australian authorities were tipped off to the intrusion by America's Federal Bureau of Investigation and Central Intelligence Agency, with China widely tipped to be behind the intrusion.
A supercomputer at the Bureau of Meteorology linked to the Defence Department was also hacked in December 2015, which Australian Strategic Policy Institute executive director Peter Jennings said had the hallmarks of Chinese involvement.