Without anyone clicking on a link, a massive cyber attack of unprecedented sophistication gained access to private information of potentially high-ranking officials across the globe.
- A massive cyber attack allowed hackers to access 19 years’ worth of personal information of staff and students
- The attack on Australian National University was so sophisticated it didn’t even need an email to be clicked on
- The extent of the hack remains unclear but names, dates of births, addresses and phone numbers were stolen
Thanks to the release of a 5,000-word report into the incident, the public can see for the fist time how sophisticated and extensive the attack on the ANU was.
For weeks, hackers quietly trawled through the computer system of the Australian National University (ANU) in Canberra.
It was months before ANU even realised the hackers had broken in, and almost a year later it remains a mystery just how damaging the attack was.
What is known is personal details were taken from a university that’s educated some of the best and brightest people.
What was taken?
A forensic investigation of the hack has been unable to determine the full extent of the attack.
That’s largely the result of the hackers being meticulous, clearing their tracks and leaving very little evidence for investigators to sift through.
Investigators have determined that names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers, payroll information, bank account details and student academic records were stolen.
The database that was accessed held 19 years’ worth of records but the investigators believe only a fraction of the available information was taken.
In getting to the personal information, the hackers bypassed intellectual property and research information.
Investigators believe this information remained untouched.
Who was responsible?
The ANU believes up to 15 people were involved in the hack but says it doesn’t have enough evidence to blame any one country and isn’t ruling out organised crime.
Vice chancellor Brian Schmidt argued it could be «a whole bunch of countries» behind the attack but a senior analyst with the Australian Strategic Policy Institute thinks there’s one obvious culprit.
«It’s likely to be China, frankly, they’ve got strong interests in Australia for a number of different reasons,» he said.
«We’re part of the Five Eyes alliance so there’s a relationship with American military and intelligence. Canberra is the heart of government and there’s many students at the ANU that go on to work in government.
«Plus, there’s also a lot of Chinese students who come to Australia to study and one theory that’s been told to me is that perhaps the Chinese Government wants to keep tabs on what its students in Australia are doing as well.»
There is no evidence that the information has been used by criminals for identity fraud to date.
How did they do it?
On November 9, 2018, the hackers sent an email to a senior staff member at the ANU.
Another staff member, who had access to their colleague’s account, previewed the email but never clicked on it.
Even though the email was deleted, it was too late to stop the hackers, who had already accessed the senior staff member’s username, password and calendar.
Once in, the hackers mapped the ANU computer network to get an understanding of how everything was connected.
The second stage of emails included a targeted mailout to 10 people at ANU, inviting them to attend an event at the university.
The hackers also accessed a directory that houses usernames, emails, phone numbers and job titles to better understand people’s roles and responsibilities within the university.
As the hackers gained more information, they sent out more emails to ANU accounts, ultimately gaining the username and password of at least one network administrator.
This allowed them to extend the reach of their attack.
Routine maintenance temporarily kicked the hackers out but within weeks they were back in stealing more information.
The hackers were ultimately kicked out on December 21 and future attempts to get back into the network failed.
Why hack ANU?
Based mere kilometres from the Federal Parliament, the ANU has a global reputation as being an institute of choice for future leaders.
The ANU prides itself on being home to the best and brightest — both in its student and academic ranks.
It’s the university of choice for an Australian wanting to become a diplomat, and has trained senior leaders that now work for governments and private organisations across the globe.
The ANU is home to the National Security College and prides itself on a large international student community.
Former and present prime ministers and premiers and senior military leaders have studied there, including Bob Hawke, Kevin Rudd, Annastacia Palaszczuk and Barry O’Farrell.
Indonesia’s former foreign minister Marty Natalegawa and former New Zealand opposition leader and governor of the Reserve Bank Don Brash studied at ANU.
They represent just the tip of an iceberg of bureaucrats, past and present, now in senior government roles internationally.
Are the details safe now?
This wasn’t the first hack on the university but it proved the most damaging and ANU has spent millions upgrading its computer network.
Professor Brian Schmidt said he hoped universities, organisations and individuals would learn from ANU’s experience.
A copy of the report has been issued to a university foreign interference taskforce, which aims to provide better protection for universities against foreign interference.
The attack on ANU was possible because of the university’s old computer network, rather than the result of a single user not downloading a security upgrade.
Despite ANU’s upgrades, the Australian Cyber Security Centre warns a computer network is never 100 per cent secure in the face of a growing industry of hackers keen to steal information.
It wants all Australians, from individuals to organisations, to take the threat seriously and ensure they’re adequately protected.