Australian Parliament Hacked

Uploaded on 2019-11-29 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Australian government authorities say that a simple click of a mouse was all it took to penetrate  in what should have been  one of the country's most secure IT systems at the Federal Parliament in Canberra which took place in January this year.. 

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is continuing to respond to the widespread malware campaign known as Emotet while also responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.

Cyber security experts say it took more than a week in January to eject the state-sponsored attacker from the Australian Parliament’s computing network after it was compromised by malware. In answers to questions on notice to budget estimates hearings, Senate President Scott Ryan said the malware infection occurred when a small number of the network’s 4000 users visited an unnamed website that itself had been compromised.

“A small number of users visited a website that was outside of parliamentary management and that website had been compromised causing malware to be injected into the parliamentary computing network,” he said. Ryan said the cyberattack took a total of nine days before the infiltration was stamped out after it was first discovered on 31 January.

Previous Cyber Attacks

In February 2010 there were a series of denial of service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyberattacks by the perpetrators.

They resulted in lapses of access to government websites. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Current Attack

While it was previously said only a small amount of data had been taken by the attacker new details on the type of data taken has now been disclosed. “The small amount of non-sensitive data refers to DPS corporate data and data related to a small number of parliamentarians..... I will not address matters related to members of the House of Representatives; they should be addressed to the Speaker,” Ryan said. Any impact on the email accounts of parliamentarians either had or would be discussed with those parliamentarians directly" he added.

The new information is likely to be the some of the only details released about the attack, with the federal government unlikely to release a report. This is at odds with other organisations like the Australian National University, which was credited for its openness regarding its recent cyber hacks. 

A state-sponsored actor is still widely believed to have been responsible for the attack, which was also later found to have hacked into the different National Parties networks/websites. 

Reuters reported in September that multiple sources claim that the attack came from China. Ryan also confirmed recently that there was no evidence of “insider involvement or assistance in the compromise”.

ITN News      ABC:     Gov,au        Wikipedia:  

You Might Also Read:

Cyber Security Experts Needed in Australia:

Parliament Wants A New Cyber Security Director:


 

 

« Tracking 5G Protocol Flaws
Internet of Things: Cyber Security Threats In 2020 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.