Australian Government ministers may have been partly to blame for hacks on their email accounts reported in News Ltd websites today.
The Parliament House email accounts of Prime Minister Julia Gillard, foreign minister Kevin Rudd and those of other ministers were allegedly compromised and potentially thousands of emails accessed, according to the Daily Telegraph, which quoted unnamed sources.
The Sydney paper quoted those familiar with the case of suspecting Chinese hackers were involved, ferreting out information related to Australian mineral exports.
It was unknown if the attacks believed to be underway since last month were related to an operation dubbed 'Night Dragon' by an anti-virus company that revealed last month the extent of Chinese intrusions against oil and gas companies seeking competitive bid information however the mode of attack was similar.
Attorney General Robert McClelland would not comment on the claims or say if an investigation was being conducted.
But the newspaper report said "four separate government sources confirmed that they had been told Chinese intelligence agencies were among a list of foreign hackers that are under suspicion".
It was believed that the Parliament House email system was not as secure as that used by ministers for confidential communication.
A well-placed internet industry source told SC Magazine that although the attacks were unfortunate they could have a silver lining if they elevated the issue of computer security in the public's mind: "If the PM can be hacked then anyone can be".
If the attacks proved true, Chinese hackers would not have had a high bar to vault.
Auditor warnings too late
A report last week by the Australian National Audit Office found that one in 10 of the passwords used by those in Gillard's department could be broken by brute force attacks, using common words found in the dictionary or the login name. It pointed out that simple, six-letter password can be "cracked in minutes".
- Australian Office of Financial Management
- Department of the Prime Minister and Cabinet
"It is critical that agencies have an appropriate password policy that is consistently implemented, in order to manage the risk of attack from an external source," auditors wrote.
It recommended more complex passwords should be used and that access to webmail systems such as Gmail and Hotmail be blocked.
Although the office found some Government agency policies were dated, inconsistent between agencies and patches not applied in a timely way in half the agencies surveyed, agencies were generally operating according to principles laid down in operating procedures.