With the release of a 5,000-word report, the public can see for the first time how sophisticated and extensive the attack on the ANU was, starting late 2018.
Without clicking on a link, opening an attachment, just simply previewing the email, a sophisticated Cyber Attack gained access to private information of potentially high-ranking officials in Australia and across the globe.
For weeks, hackers quietly tip toed through the computer system of the Australian National University (ANU) in Canberra in late 2018.
It was months before ANU even realised the hackers had broken in, and almost a year later it remains a mystery just how damning the attack was.
What was discovered is personal details were taken from the highly regarded university.
So, what was taken?
A forensic investigation of the hack has been unable to determine the full extent of the attack.
That’s largely the result of the hackers being sneaky and squeaky clean when rummaging around the networks and systems, clearing their tracks and leaving very little evidence for investigators to sift through.
Investigators have determined that names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers, payroll information, bank account details and student academic records were stolen.
The database that was accessed held 19 years’ worth of records but the investigators believe only a small part of the available information was taken.
In getting to the personal information, the hackers bypassed intellectual property and research information.
Investigators believe this information remained untouched.
Who was responsible?
The ANU believes up to 15 people were involved in the hack but says it doesn’t have enough evidence to point the finger.
Video: ANU Vice Chancellor Brian Schmidt – ABC News Australia
Vice chancellor Brian Schmidt argued it could be “a whole bunch of countries” behind the attack.
There is no evidence that the information has been used by criminals for identity fraud to date.
How did they do it?
On November 9, 2018, the hackers sent an email to a senior staff member at the ANU.
Another staff member, who had access to their colleague’s account, previewed the email but never clicked on it.
Even though the email was deleted, it was too late to stop the hackers, who had already accessed the senior staff member’s username, password and calendar.
Once in, the hackers mapped the ANU Network to get an understanding of how everything was connected.
The second stage of emails included a targeted email to 10 people at ANU, inviting them to attend an event at the university.
The hackers also accessed a directory that held usernames, emails, phone numbers and job titles to better understand people’s roles and responsibilities within the university.
As the hackers gained more information, they sent out more and more emails to ANU accounts, ultimately gaining the username and password of at least one network administrator.
Routine maintenance temporarily kicked the hackers out but it didn’t take long before they were back in stealing more information.
The hackers were permanently kicked out around December 21 and future attempts to get back into the network failed.
Why Attack this University?
Just a stones throw away is Federal Parliament, the ANU has a global reputation as being an institute of choice for future leaders.
The ANU prides itself on being home to the best and brightest — both in its student and academic ranks.
It’s the university of choice for an Australian wanting to become a diplomat, and has trained senior leaders that now work for governments and private organisations across the world.
Former and present prime ministers and premiers and senior military leaders have studied there, including Bob Hawke, Kevin Rudd, Annastacia Palaszczuk and Barry O’Farrell.
Indonesia’s former foreign minister Marty Natalegawa and former New Zealand opposition leader and governor of the Reserve Bank Don Brash studied at ANU.
Just knowing that alone, makes the ANU a perfect target.
Tom Uren, with the Australian Strategic Policy Institute thinks China was the culprit.
“It’s likely to be China, frankly, they’ve got strong interests in Australia for a number of different reasons, We’re part of the Five Eyes alliance so there’s a relationship with American military and intelligence. Canberra is the heart of government and there’s many students at the ANU that go on to work in government.” Said Tom.
“Plus, there’s also a lot of Chinese students who come to Australia to study and one theory that’s been told to me is that perhaps the Chinese Government wants to keep tabs on what its students in Australia are doing as well.”
Is ANU Safe?
Despite ANU’s upgrades, the Australian Cyber Security Centre warns a computer network is never 100 per cent secure in the face of a growing industry of hackers keen to steal information. We 100% agree for all types of users.
All Australians, from individuals to organisations, should take threats seriously and ensure they’re adequately protected.
Download our PDF on “How to Spot a Scammer”: