Chinese hackers infiltrated Reserve Bank

Computer networks at the Reserve Bank of Australia were compromised in 2011 by Chinese intelligence gathering malware, documents obtained under the Freedom of Information Act reveal (pdf).

The email disseminated trojan horse malware was planted on six computers at the RBA, bypassing anti-virus scanners, the documents first reported by the Australian Financial Review state.

Several RBA staffers including heads of department were sent the malicious emails over two days, but it isn't known if the malware executed and succeeded in capturing information from the compromised computers.

The email purported to come from RBA senior management in order to trick staff to downloading the malware.

The Defence Signals Directorate was brought in to rectify the compromise, but no details were given as to the type of malware utilised in the attack, beyond it being "Chinese-developed" and that it was attempting to seek intelligence on sensitive G20 negotiations between Australia's and 19 other countries.

The FOI report also reveals a series of data breaches resulting from lost and stolen laptops, phones and documents along with email gaffes.

From 2008 to 2012, six laptops and two Blackberrys, and an iPad and a USB drive were lost or stolen.

The thumb drive contained sensitive information and was taken home by a staff member as was "standard practice" in the several years to 2010. While the drive was password-protected, it was not encrypted in contravention to RBA security policies.

And in 2009, 82 staff members were locked out of their accounts after an autorun virus was loaded onto a machine and began brute-forcing accounts. A further 20 system accounts were locked for about 30 minutes.

In another breach, the RBA was forced to retract part of a tender after it sent a document revealing how it would consider evaluating bids to a interested external third party.

State-sponsored hacking of government departments, financial institutions and private organisations has come to the fore lately after revelations that media such as the New York Times, Bloomberg News and Washington Post were breached last year, allegedly by the Chinese.

The attacks are thought to be numerous and cause widespread data leakage. A case study (pdf, registration required) by security vendor Team Cymru claims that an estimated 30,000 systems had data stolen over a period of few years.

Team Cymru said up to a terabyte of data a day in total is being "stolen" and that this is ongoing.

Targets for the hackers included an unnamed Australian mining conglomerate and also academic institutions and government departments in the Middle East, Asia and Eastern Europe.

While Chinese state hackers are often blamed for the hacks, cyber security observer Jeffrey Carr said they are often used as a convenient excuse to hide attacks from other countries such as the United States, Russia, France and Israel which are thought to operate clandestine digital intelligence gathering and sabotage programmes that use malware.

China's state news agency Xinhua reported yesterday that most cyber attacks on Chinese interests in the first two months of 2013 originated from the United States.