Experts are divided over whether the "sophisticated operator" behind the data breach involving 19 years of ANU staff, student and visitor data can be attributed to China, another state actor or cyber criminals.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The Australian National University revealed on Tuesday it had been victim of a massive data breach, which comes less than a year after a similar attack on the university, where IT systems were compromised by Chinese-based hackers and information was stolen.
Despite the earlier incident, government authorities wouldn't speculate on whether there was a connection.
A senior analyst at the Australian Strategic Policy Institute's International Cyber Policy Centre, Tom Uren, said it shouldn't be assumed the attack came from China, although it would fit into a pattern of behaviour by the country.
"The theory is they're creating databases they can mine for interesting intelligence or counter intelligence purposes," Mr Uren said.
It was possible cyber criminals were responsible for the attack, who would sell the data for identity theft purposes, he said.
Mr Uren said the university's close links to government could make it a happy hunting ground for an actor trying to gain information on bureaucrats.
"You start to build a picture and each little bit by itself may not necessarily get you much, but you start to get a rich picture sometimes."
Mr Uren said it wasn't uncommon for universities to be the targets of such attempts, and that ANU had made significant gains since the last attack was reported last year.
"If it is a state-sponsored group it's somewhat reassuring for most people. For most people China couldn't give a stuff what you do, but for a small proportion of people that could incur increased interest of risk," he said.
"But that group should already know who they are and work in places that train them and give them protection."
READ MORE
Mr Uren said the university had a duty of care to its students, especially international students from China, who the government could be trying to monitor.
UNSW Canberra Cyber director Nigel Phair said people could "safely assume" it was related to last year's hack on the university in July, which was pinned on China.
"It will be interesting when they call out the attribution," Mr Phair said. "That's an important thing for people to know."
Mr Phair said the nature of breach showed a high level of capability.
"It's obviously a very serious hack for it to be persistent in the network for so long and taken so long for them to discover," he said.
Mr Phair said as a Group of Eight university with the intelligence-focused National Security College, the international research and international students, the university was a great target.
"They've got lots of information people would like to get hold of," he said.
This included the foreign policy, intellectual property or information on the international conferences the university hosts and the people who attend them.
Mr Phair said students, particularly international students, could be at risk of being groomed".
"You could be induced by someone to do certain things, like covert spying for them for example," he said.
