Turnbull government blames Russia after hack targets Australian organisations
Advertisement

Turnbull government blames Russia after hack targets Australian organisations

The Australian government has warned that a global campaign mounted by Russian state-sponsored hackers against millions of computer networks was likely laying the groundwork for a damaging cyber attack on high-value targets.

Defence Minister Marise Payne said up to 400 Australian organisations may have been caught up in the years-long campaign affecting government agencies, businesses and critical infrastructure by exploiting vulnerabilities in internet routers and network equipment.

Russian President Vladimir Putin.

Russian President Vladimir Putin.Credit:AP

Law Enforcement and Cyber Security Minister Angus Taylor warned that attackers could gain a variety of powers over an infected system, including the ability to switch it off or intercept data.

"It's very clear that Australian organisations were targeted alongside many from around the world by a malicious cyber attack," Mr Taylor told Fairfax Media.

"There's no doubt it was a state-sponsored set of attacks looking to identify vulnerabilities and ultimately – presumably – exploit those when the time was right."

Advertisement

He said there was no indication that the campaign – targeting commercial devices produced by Cisco, widely used in the public and private sectors – had successfully compromised any significant information in Australian networks despite a "significant" number being affected.

The Australian Cyber Security Centre announced last August that Australian routers and devices were being targeted but the effort has only now been publicly attributed to Russian entities following consultation with intelligence agencies and a public alert issued by the United States and Britain.

Mr Taylor said cyber attacks like this were an assault on the rules-based international order and were important to call out.

"Attribution itself is new in this area. There was a view a number of years back that you couldn't attribute cyber attacks. But you can. That's an important first step in holding criminals or state-sponsored actors to account," he said.

Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute, said the Russian effort looked like "pre-positioning for delivering a payload on critical infrastructure" including energy grids or telecommunications networks.

Mr Hanson said attributing malicious cyber activity was important but it should be backed up with further action to deter future attacks.

"If you're just attributing and not following up, that creates almost a permissive environment for that kind of activity," he told Fairfax Media.

The US Department of Homeland Security, Federal Bureau of Investigation and Britain's National Cyber Security Centre issued a technical alert about the campaign on Monday night.

The alert outlined "high confidence" that Russian hackers were using compromised routers to intercept communications, steal intellectual property and "potentially lay a foundation for future offensive operations".

"The current state of US network devices — coupled with a Russian government campaign to exploit these devices — threatens the safety, security, and economic wellbeing of the United States," the alert said.

The news of the attacks follows a separate online disinformation campaign, also attributed to Russia, that has targeted Western allies following heightened tensions over the conflict in Syria.

On Monday, pro-Russia social media accounts and bots were fuelling a claim there was no chemical attack in the town of Douma or suggesting any attack was a "false flag" operation mounted by humanitarian volunteer group the White Helmets.

Fergus Hunter is a political reporter for Fairfax Media, based in Parliament House.