China suspected in ANU data breach

By Dylan Bushell-Embling
Friday, 07 June, 2019

Speculation is mounting over whether the recent ANU cyber attack was perpetrated by Chinese state-sponsored attackers.

Unnamed intelligence officials quoted by Fairfax Media have stated that China is the key suspect behind the attack.

The report cites fears among intelligence agencies that the data accessed in the attack — which includes details on nearly 200,000 current and former students and staff dating back 19 years — could be used to target students and former students in the hope of turning them into informants as they enter careers in government departments, Defence and intelligence agencies.

While no evidence has been presented proving China’s involvement in the attack, the officials claim that China is one of the only handful of countries with the capabilities required to compromise the network and lay undetected for at least five months.

Another potential motive could be industrial espionage, but in disclosing the attack last week, Vice Chancellor Brian Schmidt said there is no evidence that any research data was stolen and that email accounts were not compromised.

But Joseph Carson, Chief Security Scientist & Advisory CISO for privileged account management solutions provider Thycotic, suggested it is too early to call the attack “sophisticated” — a term that in the security industry is increasingly being used as a euphemism to denote suspected foreign government involvement.

“We must learn that calling all data breaches sophisticated and rushing to attribution before a detailed investigation has been completed is not a good policy,” Carson said.

He added that the most likely motivations behind the attack involve identity theft or intellectual property theft.

“Organisations should learn from this latest data breach that it is not about the organisation but all about the data that makes you a target of a cyber attack,” Carson said.

“If you require lots of sensitive data from applicants, employees and contractors and this data is valuable then you need to ensure the right security controls are in place and de-risk the data to make it more difficult for cybercriminals to get access. Cybercriminals will first recon the enrolment process to identify what type of data is required, and if it is valuable then they will go after the data.”

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.