SYDNEY (AFP) - Australia on Monday (Feb 18) said a "sophisticated state actor" had hacked the country's main political parties and Parliament, just weeks before a closely fought election.
Prime Minister Scott Morrison told lawmakers that security agencies looking at a hack of lawmakers "also became aware that the networks of some political parties; Liberal, Labor and Nationals have also been affected".
"Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity," he said, without mentioning any specific country.
"Our security agencies have detected this activity and acted decisively to confront it. They are securing these systems and protecting users," he said.
It is not yet clear what, if any, material was stolen during the hacks, how long the perpetrators went undetected, or whether it could make some political figures vulnerable to blackmail.
Earlier this month, the authorities reported a "security incident on the parliamentary computing network", forcing users - including the Prime Minister and the Cabinet - to change passwords and take other security measures. That forced users – including the prime minister and the Cabinet – to change passwords and take other security measures.
The Australian Signals Directorate confirmed it was working with the Parliament in response to the attack, giving a strong indication that sophisticated actors were suspected from the start.
Speculation has focused on China, although there is no official finger pointing at Beijing and cyber experts frequently warn that attribution is time consuming and difficult.
“I think it’s definitely too early to say,” said Mr Fergus Hanson, a cybersecurity expert at the Australian Strategic Policy Institute. He added, however, that there were only “one or two actors” capable of carrying out such an attack.
Hanson said he would put China “at the top” of the list of possible suspects, but “wouldn’t rule out” Russia’s involvement.
Chinese foreign ministry spokesman Geng Shuang said such speculation about Beijing was “irresponsible” and an attempt to “smear” the country. “When investigating network breaches, there should be sufficient evidence, unreasonable guesses can’t be made,” Mr Geng said at a regular press briefing in Beijing.
Mr Geng urged media to “stop using so-called cyber leaks and hacking attacks to discredit China and stop compromising China’s interests and China’s bilateral relations with the countries concerned”.
Beijing and Canberra have sparred over access to natural resources, maritime claims and the use of Chinese state-backed technology companies.
Relations have recently been frayed over Canberra’s decision to ban Huawei from the country’s 5G network amid national security concerns and the expulsion of Huang Xian, a Chinese billionaire who doled out millions in Australian political donations.
Australians are expected to go to the polls in mid-May, raising the spectre that hackers could be trying to influence the outcome of the vote, or change the tenor of the debate.
Mr Morrison said the Australian Cyber Security Centre stood ready to help any party or electoral body in need of support. "They have already briefed the Electoral Commissions and those responsible for cyber security for all states and territories."
As part of the Five Eyes intelligence network – which also includes Britain, Canada, New Zealand and the United States – Australia is a particularly rich target for foreign interests.
“Our political institutions represent high-value targets. But we have resilient systems in place to detect compromises and remediate them,” said Mr Alastair MacGibbon, head of the Australian Cyber Security Centre.
Five Eyes membership also gives Australia access to a host of signals and human intelligence to back up any suspicions of state hacking.
Mr MacGibbon said the hackers were sophisticated enough to get into the network, but “not sophisticated enough to remain undetected”. His organisation has already briefed electoral commissions across the country and could be deployed to provide technical support to those affected.
He said it was unclear whether the attackers gained access to sensitive data or emails. “We don’t know. These are very early days,” he said. “We genuinely do not know.”
Mr Morrison insisted, however, “there is no evidence of any electoral interference”. “We have put in place a number of measures to ensure the integrity of our electoral system.”