Australian Parliament Hacked

Uploaded on 2019-11-29 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Australian government authorities say that a simple click of a mouse was all it took to penetrate  in what should have been  one of the country's most secure IT systems at the Federal Parliament in Canberra which took place in January this year.. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is continuing to respond to the widespread malware campaign known as Emotet while also responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.

Cyber security experts say it took more than a week in January to eject the state-sponsored attacker from the Australian Parliament’s computing network after it was compromised by malware. In answers to questions on notice to budget estimates hearings, Senate President Scott Ryan said the malware infection occurred when a small number of the network’s 4000 users visited an unnamed website that itself had been compromised.

“A small number of users visited a website that was outside of parliamentary management and that website had been compromised causing malware to be injected into the parliamentary computing network,” he said. Ryan said the cyberattack took a total of nine days before the infiltration was stamped out after it was first discovered on 31 January.

Previous Cyber Attacks

In February 2010 there were a series of denial of service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyberattacks by the perpetrators.

They resulted in lapses of access to government websites. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Current Attack

While it was previously said only a small amount of data had been taken by the attacker new details on the type of data taken has now been disclosed. “The small amount of non-sensitive data refers to DPS corporate data and data related to a small number of parliamentarians..... I will not address matters related to members of the House of Representatives; they should be addressed to the Speaker,” Ryan said. Any impact on the email accounts of parliamentarians either had or would be discussed with those parliamentarians directly" he added.

The new information is likely to be the some of the only details released about the attack, with the federal government unlikely to release a report. This is at odds with other organisations like the Australian National University, which was credited for its openness regarding its recent cyber hacks. 

A state-sponsored actor is still widely believed to have been responsible for the attack, which was also later found to have hacked into the different National Parties networks/websites. 

Reuters reported in September that multiple sources claim that the attack came from China. Ryan also confirmed recently that there was no evidence of “insider involvement or assistance in the compromise”.

ITN News      ABC:     Gov,au        Wikipedia:  

You Might Also Read:

Cyber Security Experts Needed in Australia:

Parliament Wants A New Cyber Security Director:


 

 

« Tracking 5G Protocol Flaws
Internet of Things: Cyber Security Threats In 2020 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

YouWipe

YouWipe

Scandinavian Data Erasure Leader YouWipe is the number one choice of European Ministries, European Central Banks, Swiss Pharmaceuticals and Major Electronics Retail Chains.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.