Cybersecurity agencies within the Five Eyes intelligence-sharing alliance are working together to thwart hacking attacks against political institutions following a recent incursion into parliamentary computer servers in Australia.
The breach earlier this month targeted the country’s three main political parties and came after a global hacking blitz in December against government agencies and companies in Europe, Australia and the United States.
Canadian electronic eavesdroppers have confirmed they are cooperating with their Australian counterparts. There have also been information exchanges with the US, United Kingdom and New Zealand, the other Five Eyes nations.
“We work closely with our Australian partners, including ongoing efforts to understand the full extent of this incident,” Canada’s Communications Security Establishment spokesman Ryan Foreman said after the attacks.
Australia and Canada both have pending general elections — Australia in May and Canada in October — and are concerned efforts may be made to influence voting. Canada blocked a hacking operation during its 2015 poll.
Australian Prime Minister Scott Morrison said there was no evidence of any electoral interference when parliamentary servers were hacked in Canberra. Government ministers use a different system and the target appears to have been communications by the Liberal, Labor and National parties.
He did not name the “sophisticated state actor” behind the attacks, but it is widely believed to be China. Hacking by other cyber agencies with state backing, like Russia and North Korea, has been largely exploratory.
“There are a limited number of countries, but we have low confidence at being able to publicly state who we think it is,” Alistair MacGibbon, head of the government-run Australian Cyber Security Center, said obliquely.
Danielle Cave, a cyber analyst at the Australian Strategic Policy Institute, said China was the only country showing persistent interest in Australia.
“If you think about the other state actors that would have the cyber capabilities to pull breaches like this, like Russia, North Korea, Iran,” she said. “Those states are less interested in what’s happening in Australia. China is very, very interested. History teaches us they are a very likely culprit.”
But Cave dismissed speculation that the attacks were connected with the general election or any effort to influence electoral trends. She believes the motivation is purely to gather intelligence on Australia and its allies.
Such efforts have been underway since at least 2007, when highly secret government computer networks in Australia and New Zealand were hit by a hacking offensive that was said to be part of a global operation by China to access military secrets shared by the Five Eyes partners.
Canada was another target of that attempt, as were Germany and Japan; the Germans and Japanese have access to some Western intelligence, though not the full menu shared by the Five Eyes partners. It is not believed that any sensitive information was lost during the hacking.
China was also blamed for a global hacking offensive in December, given the code name Advanced Persistent Threat 10 (APT10) by cyber experts, that targeted public agencies and commercial firms in a dozen countries.
Believed again to be intelligence-based, the operation led to the arrests of two Chinese nationals in the US and a rare condemnation of China by Australia.
“Australia calls on all countries — including China — to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage,” a government statement said.
China did not take kindly to the outburst and there is unlikely to be any public denunciation this time for fear of Beijing’s economic retaliation. Recently, China quietly began to delay the processing of Australian coal shipments, with clearances now taking up to 45 days — double the previous time.
Chinese importers have responded by scrapping orders from Australia and switching to rival suppliers. Coal from other nations is not being affected. Similar Chinese tactics were employed against Australian wine imports last year, with reports that one supplier had 800,000 cases held up in warehouses.
Relations between the two countries have deteriorated because of the cyber accusations and a series of diplomatic spats over China’s attempts to woo Pacific nations with aid handouts. Canberra has enacted new laws against foreign meddling in politics that were clearly aimed at Beijing.
Even though it wasn’t held officially responsible for the latest hacking, China still issued a rebuttal through foreign ministry spokesman Geng Shaung over what he termed as “irresponsible” speculation, warning it would raise tensions.
“One should present abundant evidence when investigating and determining the nature of a cyberspace activity, instead of making baseless speculations and firing indiscriminate shots at others,” he said.
According to a tracking index maintained by the US-based Council on Foreign Relations think tank, China was responsible for 102 state-sponsored cyberattacks in 2018, followed by Russia (71), Iran (26) and North Korea (23).
The US mounted 11 operations, including three in conjunction with Israel, one with Taiwan and one with the UK. The UK also had one of its own.
In Asia and the Middle East, Israel was the other most active cyber player with four operations in addition to the US collaboration. Pakistan, Saudi Arabia, the United Arab Emirates and Vietnam each mounted two operations, and India, Kazakhstan, South Korea and Lebanon one each, the research shows.