The Australian National University (ANU) recently suffered a hack where 19 years’ worth of data about students and staff was stolen. According to intelligence officials, China is the number one suspect of the attack.
“In late 2018, a sophisticated operator accessed our systems illegally. We detected the breach two weeks ago… We’re working closely with Australian government security agencies and industry security partners to investigate further… The University has taken immediate precautions to further strengthen our IT security and is working continuously to build on these precautions to reduce the risk of future intrusion,” Brian Schmidt, Vice Chancellor of the university, said in a statement (South China Morning Post).
Data of almost 200,000 people is estimated to have been hacked. Information about students, staff, and visitors to the university from the past 19 years has been compromised. The stolen information includes full names, dates of birth, phone numbers, addresses, emergency contact numbers, email addresses, payroll details, passport information, academic records of students, tax file numbers, and bank account information. Credit card details and medical records remain unaffected.
Though there is no clear evidence of the hack being supported by China, many Australian intelligence officials suspect Beijing to be behind the information theft. ANU is home to the Crawford School of Public Policy and School of Strategic and Defence Studies, both of which are known to have deep ties with the government. Authorities believe that the stolen information could be used to create profiles of government officials so that Beijing knows how to influence them when the time comes.
Some believe that Beijing might use the stolen information to identify bright students who have vulnerabilities and lure them to work for China. For instance, a high-ranked student involved in Artificial Intelligence systems and facing a rough financial situation might be offered a well-paying internship by Beijing. Officials have warned that similar attacks might be targeted at other major Australian universities very soon.
“This compromise [hacking] is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving… Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an Internet-connected computer network,” a spokesman for the Australian Cyber Security Centre said to The Guardian.
Recently, communication app Telegram was hit by a massive distributed denial of service (DDoS) attack. Given that the attack coincided with the current protests in Hong Kong where citizens are fighting the government against implementing a pro-China extradition law, many believe that the attack may have been orchestrated by Beijing. Protestors in Hong Kong use Telegram extensively to communicate with each other. The company has assured users that despite the attack, their personal data remains safe.
“Your servers get GADZILLIONS of garbage requests which stop them from processing legitimate requests. Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper… There’s a bright side: all these lemmings are there just to overload the servers with extra work – they can’t take away your Big Mac and coke. Your data is safe,” the company said in a statement (Forbes).
Almost 200 million users across the world were affected by the attack. The CEO of Telegram, Pavel Durov, said that all state actor sized DDoS attacks the company has experienced historically have coincided with protests in Hong Kong.