Computer networks at the Reserve Bank of Australia were compromised in 2011 by Chinese intelligence gathering malware, documents obtained under the Freedom of Information Act reveal.
The email disseminated Trojan Horse malware was planted on six computers at the RBA, bypassing anti-virus scanners, as first reported by The Australian Financial Review.
Several RBA staffers including heads of department were sent the malicious emails over two days, but it isn't known if the malware executed and succeeded in capturing information from the compromised computers.
According to the paper, the Defence Signals Directorate was brought in to rectify the compromise, but no details were given as to the type of malware utilised in the attack, beyond it being "Chinese-developed" and that it was attempting to seek intelligence on sensitive G20 negotiations between Australia's and 19 other countries.
State-sponsored hacking of government departments, financial institutions and private organisations has come to the fore lately after revelations that media such as the New York Times, Bloomberg News and Washington Post were breached last year, allegedly by the Chinese.
The FOI report also reveals a series of data breaches resulting from lost and stolen laptops, phones and documents, to email gaffes.
From 2008 to 2012, six laptops and two Blackberrys, an iPad and a USB drive were lost or stolen.
The thumb drive contained sensitive information and was taken home by a staff member as was "standard practice" in the several years to 2010. While the drive was password-protected, it was not encrypted in contravention to RBA security policies.
And in 2009, 82 staff members were locked out of their accounts after an autorun virus was loaded onto a machine and began brute-forcing accounts. A further 20 system accounts were locked for about 30 minutes.
In another breach, the RBA was forced to retract part of a tender after it sent a document revealing how it would consider evaluating bids to a interested external third party.
The attacks are thought to be numerous and cause widespread data leakage. A case study (pdf, registration required) by security vendor Team Cymru claims that an estimated 30,000 systems had data stolen over a period of few years.
Team Cymru said up to a terabyte of data a day in total is being "stolen" and that this is ongoing.
Targets for the hackers included an unnamed Australian mining conglomerate and also academic institutions and government departments in the Middle East, Asia and Eastern Europe.
While Chinese state hackers are often blamed for the hacks, cyber security observer Jeffrey Carr said they are often used as a convenient excuse to hide attacks from other countries such as the United States, Russia, France and Israel which are thought to operate clandestine digital intelligence gathering and sabotage programmes that use malware.
China's state news agency Xinhua reported yesterday that most cyber attacks on Chinese interests in the first two months of 2013 originated from the United States.
Update 3:57pm 11/3/13.
The Reserve Bank has released a statement:
"As reported in today's media, the Bank has on occasion been the target of cyber attacks. The Bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the Bank's network or systems.
At no point have these attacks caused the Bank's data or information to be lost or its systems to be corrupted. The Bank's IT systems operate safely, securely and with a high degree of resilience.
The Bank takes cyber security and its potential consequences extremely seriously. As part of its extensive efforts to ensure that security arrangements are best practice, the Bank routinely consults with the Defence Signals Directorate and draws on the expertise of specialist private firms. There is ongoing rigorous testing of the Bank's IT systems and regular training of staff."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
