It took less than an hour after the first report of a cyber attack on the Australian Parliament for suspicion to fall on China.
Australia’s security agencies are now investigating whether Beijing was behind a “sophisticated” cyber breach, which may have exposed the parliament’s computer system to foreign hackers.
The Chinese Embassy in Canberra is yet to comment.
Why is the finger so quickly pointed at China?
It’s not necessarily surprising — China has form at being blamed for cyber attacks against Australia and other nations.
But it’s more than just form that sees China come under suspicion.
Beijing has an entire military unit tasked with carrying out these sorts of actions — the People’s Liberation Army Unit 61398, a covert operation blamed in 2014 for stealing secrets from US companies.
So when Australia’s Parliament is hacked — a pretty blatant act by any state or group — it’s easy to point the finger at Beijing, even though Russia and North Korea are also “bad actors” known to have carried out cyber attacks throughout the world.
But analysts say it will take time to forensically identify exactly where the attack originated, even though it bears the hallmarks of a state-sponsored attack.
Until then, according to ASPI cyber security analyst Fergus Hanson, there will likely be no official attribution by the Australian government for some time — if ever.
“Once again, we will probably be in the grey zone, leaked out to the media as to who did this attack but no formal attribution,” he told the ABC.
Just last month, the Australian Cyber Security Centre publicly released a report into one of its lengthy investigations.
The ACSC investigated an attack in early 2018 that saw “eight Australian web hosting providers compromised, allowing a malicious actor access to customer websites”.
To a lay person it would have looked like a sort of digital ram raid by a criminal outfit.
The ACSC report, dubbed the “Manic Menagerie”, doesn’t mention China or Beijing except by way of a tool, a web shell used by the hackers called “China Chopper”.
Buried deep in a link from the ACSC report is a reference to the creator of that web shell, which an American government unit declares is “widely used by Chinese and other malicious actors”.
Publicly, the ACSC has never made clear the nationality of whom it thinks is to blame.
So it could have been the work of the Chinese Government, it could have been the work of Chinese criminals, or it could simply have been another “actor” using these tools.
What cyber attacks has Beijing been blamed for?
In 2015, Beijing was blamed for attacking Australia’s Bureau of Meteorology. The BOM is a rich vein of data which is directly relevant to this nation’s agriculture and wider economy.
But as ASPI’s Peter Jennings pointed out back then, it was also a gateway to other more “high-value” targets — the Australian Defence Force among them.
In 2013, Four Corners reported that hackers using a server in China had stolen the blueprints of domestic spy agency ASIO’s new headquarters in Canberra, later denied by the Gillard government.
“Once you get those building plans, you can start constructing your own wiring diagrams, where the linkages are through telephone connections, through WIFI connections,” the ANU’s Professor Des Ball noted at the time.
“Which rooms are likely to be the ones that are used for sensitive conversations, how to surreptitiously put devices into the walls of those rooms or into the roofings above those rooms.”
In the same year News Limited reported BlueScope Steel had been targeted by Chinese hackers.
So what were the hackers trying to steal this time?
Early reports suggest nothing was accessed or stolen from parliament’s servers, but hackers could have been targeting the emails of Australia’s MPs, their staffers and advisors.
“[There’s] lots of juicy correspondence between staffers about who is doing what and dirt files on politicians,” said Mr Hanson.
“Some interesting information about parliamentary perks that the public may not like. There may be whole email stashes that could damage one party or another party.
“[That] information could be used to wreak havoc during an election campaign.
“It could either be used to target one particular party — to discredit its leaders, to show some controversial gossip, to derail an agenda they might be running as part of their campaign — or it could be used as just a wider effort to discredit and undermine trust in public institutions, to show the Parliament may not be functioning the way we think it should be, and to undermine public trust.
“That is another way this type of attack could be used. ”
Just think about the damage Russia is alleged to have wrecked on Hillary Clinton and the Democrats during the 2016 US Presidential campaign.
What else do we know about China’s hacking capability?
In 2014, President Obama’s Attorney General indicted five members of the People’s Liberation Army for hacking dozens and dozens of American defence and industry sites for the benefit of Chinese industry.
But it was in February, a year earlier, that the president issued his shot across Beijing’s bow.
At his State of the Union address he declared to the world: “We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems”.
Mr Obama then declared: “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy”.
It was China in his sights.
Less than a fortnight later, the existence of secretive PLA Unit 61398 was exposed to the world.
A Shanghai building full of Chinese cyber soldiers: its ISP reportedly directly linked to those attacks on US companies.
If Beijing hadn’t got the message, Obama’s national security advisor Tom Donilon effectively drew a line in the sand in a speech in March 2013 to the Asia Society.
“Increasingly, US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale,” he said.
“The international community cannot afford to tolerate such activity from any country.”
And so it is that today when Australia’s Parliament is hacked, fingers are being pointed north.
If any formal complaint is ever lodged, Beijing may remind Canberra that it was Australian agents who attempted to bug the Chinese Embassy in 1995.
Australia is facing a growing threat from cyber attacks.
Data breaches rose throughout last year, according to the Office of the Information Commissioner and the Australian Cyber Security Centre.
In the December quarter alone there were 262 breaches, 168 of which were malicious or criminal.
The report doesn’t say where these attacks originated. Just as in today’s attack, suspicion may fall on China.
By Michael Vincent