Suspicion is falling on Chinese spies for targeting the computer systems of Australia’s three major political parties, with intelligence officials acknowledging the skilled cyber hackers were the most sophisticated to confront Australia in years.
In a major security risk, Prime Minister Scott Morrison revealed the attack on the Liberal, National and Labor parties’ networks, attributing it to a foreign government but saying there was no evidence of electoral interference.
Security sources told The Australian Financial Review the techniques and signatures used by the hackers had not been seen before by Australian investigators or among fellow Five Eyes intelligence sharing members and other western spy agencies.
Investigators did not know what information, if any, had been stolen and the “point of entry” for placing the malware in the parties’ servers.
They said it was unclear what the motivations behind the attack were – whether it was for conventional espionage or the intent was to gather information to support political interference and disinformation, similar to the Russian-orchestrated campaign that nobbled Hillary Clinton’s 2016 bid for the White House.
One senior intelligence official described the hackers as the “A team” who had presented an “advanced threat”.
“It’s been a long time since we’ve been faced with an actor with this level of sophistication,” the official said.
“This trade craft is good. This actor is good.”
The hacking team’s efforts to disguise their attack and use of new software had made it difficult to identify the perpetrator. Publicly revealing the attack now and removing forensic evidence from the parties’ networks to stop the intrusion, had also made it harder to track the attackers.
Officials said there was no conclusive proof Beijing was responsible but another security source said “all fingers point to China”.
Hackers began attempting to break into the parties’ servers, as well Federal Parliament’s network, in mid November but the major activity only occurred in more recent days.
The nation’s cyber spies, the Australian Signals Directorate, uncovered the attacks on the political parties as part of its investigation into a hack of Parliament’s network, revealed earlier this month.
They are working with the parties to bolster their cyber security and remove the bugs in their systems.
Among the information political parties store on their networks are emails, campaign strategy and detailed databases on voters.
“Our political institutions represent high value targets,” Australian Cyber Security Centre head Alastair MacGibbon said.
Head of the Australian Strategic Policy Institute’s International Cyber Policy Centre, Fergus Hanson, said the attack was most likely from China but Russia could not be discounted.
“China has form,” Mr Hanson said, citing Beijing’s 2011 hack of Parliament House’s computer network and other attacks on the Bureau of Meteorology, Australian National University, defence contractors and theft of blueprints for ASIO’s headquarters.
He said the attackers could have been gathering political intelligence on contentious issues like the South China Sea, or snooping for gossip that could then be used to damage candidates and disseminated through Chinese-language platforms like WeChat.
Mr Morrison told Parliament a “sophisticated state actor” was responsible for carrying out “this malicious activity” and agencies had acted decisively to stop it.
“Public confidence in the integrity of our democratic processes is an essential element of Australian sovereignty and governance,” he said.
Opposition Leader Bill Shorten said the attack showed Australia was not immune to the attempted infiltrations and manipulations that have affected democracies in Germany, Japan, Ukraine, the United Kingdom, the United States, France and Canada.
The government gave $75,000 each to the head offices of Liberals, Nationals, Labor and Greens to increase their cyber security to combat state-sponsored attacks.
By Andrew Tillett