David Bisson

David Bisson is an infosec news junkie and security journalist. He works as Senior Content Manager at Bora, Associate Editor for Tripwire's "The State of Security" blog, Contributing Editor for IBM's Security Intelligence, and Contributing Writer for Palo Alto Networks' Security Roundtable, Gemalto, Venafi, Zix Corp, AlienVault, Barkly and others.

Australian National University Notifies Students of Security Incident

The Australian National University (ANU) notified students of a security incident in which attackers compromised its systems.

News about the digital attack first emerged on 6 July. ANU confirmed the security incident as well as the fact that it was cooperating with federal government digital security officials in an email sent out to students. As quoted by ZDNet:

Over the past several months the university has been working in partnership with Australia government agencies to assess the scale and minimise the impact of the threat. We continue to seek and take advice from Australian government agencies.

The Sydney Morning Herald, which first reported the attack, learned that national security insiders had attributed the incident to China. Those sources had not published evidence substantiating that attribution at the time of publication.

Even then, SMH noted it might be difficult to prove China was responsible, as computer criminals commonly hide their tracks in order to deliberately mislead security researchers and law enforcement.

One of the reasons why ANU has been working with federal digital security experts to investigate the incident is because of its unique relationship with the Australian government. In the past, the university conducted research that had national security implications.

Alex Joske, a China researcher for the Australian Strategic Policy Institute’s International Cyber Policy Centre, feels that these projects could help reveal a motive for Chinese digital criminals to target ANU.

“ANU has involvement in important Australian government projects,” Joske said, as quoted by SMH. “This hack might have been aiming to steal information for commercial gain or for strategic or technological gain for the Chinese military.”

In its email sent to students, ANU said it had no evidence to suggest the attackers had stolen students’ or staff members’ personal information. It also denied the notion that bad actors had accessed research information.

Peter Jennings, executive director of the Australian Strategic Policy Institute, said that this scenario was far from likely. As quoted by the Australian Broadcasting Corporation (ABC):

I can tell you that is ultimately to be shown to be incorrect. My sense is that it would be impossible for a sophisticated Chinese entity to be operating on the ANU system and not get value out of it.

ANU hasn’t shared any details yet about how the security incident occurred and when it first became aware of it. It also hasn’t elaborated on certain elements of its response, including what security measures it possibly implemented after detecting the attack.

Those details could reveal whether China violated a mutual non-hacking agreement it struck with the Australian government in April 2017. They could also illuminate whether a technological vulnerability or human error was responsible for the incident.

The university did say, however, that “counter-measures are being undertaken” without providing additional details.

Like all other organizations, universities need to protect against digital attackers. These defensive measures should involve training their employees to be on the lookout for phishing attacks and other email-based threats.