How Hackers Hammered Australia After China Ties Turned Sour
Wave after wave of cyberattacks has shaken the country. Experts say even the wealthiest nations are at risk if they annoy China enough. How Hackers Hammered Australia After China Ties Turned Sour
A few days after Prime Minister Scott Morrison called for an independent international probe into the origins of the coronavirus, Chinese bots swarmed on to Australian government networks. It was April 2020.
The bots ran hundreds of thousands of scans, apparently looking for vulnerabilities that could later be exploited. It was a massive and noisy attack with little effort made to hide the bots’ presence, said Robert Potter, chief executive officer of Internet 2.0, an Australian cybersecurity firm that works extensively with the federal government.
“It was just a door knock, like someone walking up and ringing your doorbell,” he said.
The previously unreported network scans were followed by months of active hacks that would reverberate across the Australian economy. Victims included the parliamentary email network, the Bureau of Meteorology and the departments of defense and health, according to people familiar with the situation and reporting in the Australian media.
State government departments including education and finance were also hit, as well as numerous Australian universities and businesses. While Beijing denied any involvement, cybersecurity experts traced much of the activity to systems used by China-based advanced persistent threat groups or APTs, a term often used to describe state-sponsored hackers.
“China’s cyber reach is detectable on almost every government server,” Potter said. “It isn’t subtle and it increases and decreases in a way that correlates to our overall relationship.”
Beijing’s retaliation against Australia’s repeated calls for an international probe is a clear example of what can happen to even the wealthiest nations if they annoy China enough, according to people familiar with the situation.
Around the world, cybersecurity entered everyday vernacular last year, as businesses and people working from home were phished, scammed, hacked and extorted. Evidence of Chinese hacks has been found from the United States to India to Israel — and of course, China is far from the only nation-state that carries out such activity. But what sets apart the recent campaign against Australia — the world’s most China-reliant economy — is its sheer scale.
Those bot network scans, along with cyberattacks including breaches of the government’s networks, were sufficiently critical for the prime minister to announce in June 2020 that a “state-based cyber actor” was “targeting Australian organizations across a range of sectors, including all levels of government, industry,” as well as education and critical infrastructure.
Morrison refused to attribute the malicious behavior, but said “there are not a large number of state-based actors that can engage in this type of activity.” Unofficially, three people familiar with the situation said it was clear Beijing’s cyber army was behind it.
China’s foreign ministry denied the allegations, saying the “Australian government and media have wrongly accused China of hacking many times before based on insufficient evidence.” China has “always supported and actively participated in scientific studies” on finding the origins of Covid, the ministry added.
Even before the calls for a Covid probe, Australia’s relationship with China was looking shaky. Over the years, the country has increasingly legislated to curb foreign interference and acquisitions of critical infrastructure — moves widely seen as an attempt to contain Chinese influence. Australia was the first country to ban Huawei Technologies Co. Ltd. and ZTE Corp from bidding for contracts to install everything from the national broadband network to 5G. Other governments including the U.S. and Sweden have followed suit.
“China’s treatment of Australia has been distinctive if not unique,” said Hugh White, a former intelligence official who is now an emeritus professor of strategic studies at the Australian National University. “I haven’t been able to identify another country that had pressure placed on it over such a broad range of areas.”
Australia’s position in the region and its strategic partnership with the U.S. — which continues to vie for dominance in Asia — make it difficult for China to back down, White said.
“The Chinese have been eager to look for the opportunity to show the rest of Asia what’s at stake as they make their decisions about how they position themselves in relation to the US and China,” he said. “Australia is the perfect victim for that.”
Australian officials have been loath to publicly attribute much of the nation-state cyber activity to China, and have only done so when calling out international espionage campaigns in unison with allies in Washington and London. Beijing denied China was behind any cyberattack after Morrison’s announcement in June 2020, with Foreign Ministry spokesman Zhao Lijian describing the country as a “staunch upholder” of cybersecurity and “the biggest victim of cyberattacks.”
Australia’s director-general of security, Mike Burgess, has said attributing blame for spying is a distraction because “we all do it.”
“If I’m pointing my finger at you accusing you of espionage, I’ve got three fingers pointing back at me,” Burgess told Sky News in March. “Sometimes, though, it is right that governments do it because someone’s overstepped a line — it’s not just the theft of a military secret, it’s something else more offensive to our nation or damaging to our nation. And that’s the judgement governments are best placed to make.”
Chinese diplomats in Canberra, Australia’s capital city, have accused the government of pandering to Washington, and wondered aloud whether their country’s tourists and students — who collectively brought more than A$22 billion ($16 billion) in revenue to Australia in 2019 — might stop patronizing a nation that isn’t friendly to China.
“It is up to the people to decide. Maybe the ordinary people will say “Why should we drink Australian wine? Eat Australian beef?” Ambassador Cheng Jingye told the Australian Financial Review after Morrison’s call to establish an inquiry.
Beijing followed up with a months-long series of trade reprisals hitting Australian exports ranging from coal and grain to lobster and wine — an industry worth about A$1.2 billion in 2019 that is now subject to tariffs of more than 200%.
There was more. In November the Chinese embassy in Canberra leaked a list of 14 grievances and accused Australia of “poisoning bilateral relations,” the Sydney Morning Herald reported. The list included complaints about the Huawei ban, the call to investigate Covid’s origins, the cancellation of academic visas and the blocking of 10 Chinese investment deals, according to the Herald.
There was also criticism of “thinly veiled allegations against China on cyberattacks without any evidence,” the newspaper reported.
And there were the hacks. For the first time, the government was among the top five sectors with the most reportable data breaches last year, according to a government agency that tracks the activity. State government systems and email networks were attacked, at least one government entity was subject to a brute force attack, and cabinet ministers were victims of phishing scams that attempted to extort money and collect information on their connections with dissidents in Hong Kong.
Unlike ransomware or denial of service attacks — which paralyze network systems until payments are made — state actor activity often goes unnoticed by targets, who only find out they’ve been compromised from government officials or outside threat analysts, said Paul Nevin, chief technology officer at Canberra-based cybersecurity firm CyberMerc.
“Those initial discussions usually come as a shock, and it takes a while for that to sink in,” Nevin said. Sophisticated cyber criminals or state actors may well be reading the emails of executives watching for breach notifications. “So one of the first things I would do is explain over the phone or a secure messaging system: do not mention this on email, do not talk about it, take it offline. You have to literally assume the actors are in there watching, and very often they are.”
In September last year, as the government’s cybersecurity agency released its first annual report, Defence Minister Linda Reynolds said there was a “new normal” of cyberattacks on Australia that blurred the line between “peace and war.”
While cyber criminals were taking advantage of the vulnerabilities laid bare by Covid, there were also “sophisticated and very well-resourced state-based actors who are seeking to interfere in our nation in this grey zone in any opportunistic way they can,” she said.
The business community has also been affected, said Michelle Price, chief executive officer of AustCyber, a government-funded company focused on building the domestic cybersecurity industry. “Industry threat analysts in Australia and elsewhere were telling me that as lobster shipments and barley were being rejected, they were seeing a commensurate level of activity happening in the cyber domain coming from China,” she said.
“We are going through the experience that other nations have before us, where it’s not just retaliation aimed at the government, it spills out over into the broader economy and to the community,” she said. “We become collateral damage in those kinds of government-to-government machinations.”
Australian universities, which collect about A$10 billion a year from Chinese students, are reluctant to discuss the country’s online behavior in any aspect. The cybersecurity research department at Monash University in Melbourne does not “get involved in any political stories relating to China” as their researchers “are not comfortable commenting on this issue,” Hande Cater, the media advisor at Monash’s Information Technology Faculty, wrote in an email.
Australia’s circumstances may be unique. Nevertheless its situation shows the range of tactics experts say China can deploy against any country that falls foul of Beijing.
For now, Australia is in the freezer, says former prime minister Malcolm Turnbull, and it’s unlikely either side will blink anytime soon.
“We have boundaries of trust with China, and there’s nothing wrong with that, but what we’ve got to do is focus on the areas where we do have a level of trust,” said Turnbull, who as prime minister banned Huawei from bidding to install Australia’s 5G network.
“If I say I don’t trust you enough to not misuse a capability that you would have if you built our 5G network, you are not going to persuade me by then beating me up in a whole lot of other areas.”