Australian Parliament Hacked

Uploaded on 2019-11-29 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Australian government authorities say that a simple click of a mouse was all it took to penetrate  in what should have been  one of the country's most secure IT systems at the Federal Parliament in Canberra which took place in January this year.. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is continuing to respond to the widespread malware campaign known as Emotet while also responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.

Cyber security experts say it took more than a week in January to eject the state-sponsored attacker from the Australian Parliament’s computing network after it was compromised by malware. In answers to questions on notice to budget estimates hearings, Senate President Scott Ryan said the malware infection occurred when a small number of the network’s 4000 users visited an unnamed website that itself had been compromised.

“A small number of users visited a website that was outside of parliamentary management and that website had been compromised causing malware to be injected into the parliamentary computing network,” he said. Ryan said the cyberattack took a total of nine days before the infiltration was stamped out after it was first discovered on 31 January.

Previous Cyber Attacks

In February 2010 there were a series of denial of service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyberattacks by the perpetrators.

They resulted in lapses of access to government websites. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Current Attack

While it was previously said only a small amount of data had been taken by the attacker new details on the type of data taken has now been disclosed. “The small amount of non-sensitive data refers to DPS corporate data and data related to a small number of parliamentarians..... I will not address matters related to members of the House of Representatives; they should be addressed to the Speaker,” Ryan said. Any impact on the email accounts of parliamentarians either had or would be discussed with those parliamentarians directly" he added.

The new information is likely to be the some of the only details released about the attack, with the federal government unlikely to release a report. This is at odds with other organisations like the Australian National University, which was credited for its openness regarding its recent cyber hacks. 

A state-sponsored actor is still widely believed to have been responsible for the attack, which was also later found to have hacked into the different National Parties networks/websites. 

Reuters reported in September that multiple sources claim that the attack came from China. Ryan also confirmed recently that there was no evidence of “insider involvement or assistance in the compromise”.

ITN News      ABC:     Gov,au        Wikipedia:  

You Might Also Read:

Cyber Security Experts Needed in Australia:

Parliament Wants A New Cyber Security Director:


 

 

« Tracking 5G Protocol Flaws
Internet of Things: Cyber Security Threats In 2020 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.