The IT systems of a leading Australian university were hit by hackers suspected to be Chinese, university and Australian government officials confirmed to an Australian news outlet last week.
The attacks on Australian National University’s computer networks began last year and have not been fully contained. Over the course of the past few months, the university has been working with domestic intelligence agencies to mitigate the fallout from the breach, secure the university’s servers and stage countermeasures.
The incident was first reported by the Sydney Morning Herald.
Australian National University (ANU) is among the country’s top-ranked colleges, with numerous research outfits dedicated to national security, defense-related issues and strategic affairs. ANU houses the National Security College, which grooms officers for the Australian military and intelligence services. Australia is a member of the Five Eyes intelligence alliance along with the U.S., Canada, the United Kingdom and New Zealand.
“Over the past several months the university has been working in partnership with Australia government agencies to assess the scale and minimize the impact of the threat,” the university told students via email.
The university also said that no staff, student or research information had been taken. But that shouldn’t be considered a final conclusion, an unnamed Australian intelligence source told Australia’s ABC, since the threat is still active.
A university spokeswoman confirmed the breach to the Herald, adding that ANU had been “working to contain a threat to IT within the university.”
“The university has been working in partnership with Australian Government agencies for several months to minimize the impact of this threat, and we continue to seek and take advice from Australian government agencies,” the spokeswoman said.
The scope and scale of the breach is still unclear. “We can assume this cyber intrusion has involved the theft of information,” an unnamed national security source told the Herald. “The question is ‘what was sucked out and how sensitive is it?’”
One intelligence official told Australia’s 9news: “China probably knows more about the ANU’s computer system than it does.”
The attack’s timing comes as Australia continues to take measures to shore up its cyber defenses and boost information-sharing between the private and public sectors. Australia’s federal government recently announced it was opening its fourth Joint Cyber Security Centre (JCSC) in Perth.
Diplomatic solutions do not appear to be an effective deterrent against Chinese cyber-espionage. Last year, Australia and China struck a deal to refrain from carrying out cyber-enabled theft of intellectual property, trade secrets or sensitive corporate information against one another.
If the ANU attack is attributed to the Chinese, it may call into question the efficacy of purportedly norm-establishing cyberspace agreements. China has made this sort of agreement with a range of countries, including the United States, yet it does not always follow through on its pledges.
There have been a slew of cyber-espionage attacks staged from Beijing-backed groups in recent years, directed at public and private U.S. targets, along with those of allied countries.
Australian cybersecurity experts say that the ANU attack was likely carried out for purposes of intellectual property theft, or to steal information for commercial, strategic or technological gain. State-backed Chinese hackers often target foreign networks with the intention of analyzing and utilizing tranches of hijacked information for the benefit of Chinese security services, the People’s Liberation Army and national industries.
“China has likely stolen more secrets from businesses and governments than any other country,” wrote Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School.