'Night Dragon' burns Gillard, Rudd?

By

Ministers' emails laid bare to suspected Chinese hackers may make public sit up and take notice.

Australian Government ministers may have been partly to blame for hacks on their email accounts reported in News Ltd websites today.

'Night Dragon' burns Gillard, Rudd?
Australian Government ministers may have been the latest victims of Chinese cyber aggression.

The Parliament House email accounts of Prime Minister Julia Gillard, foreign minister Kevin Rudd and those of other ministers were allegedly compromised and potentially thousands of emails accessed, according to  the Daily Telegraph, which quoted unnamed sources.

The Sydney paper quoted those familiar with the case of suspecting Chinese hackers were involved, ferreting out information related to Australian mineral exports.

It was unknown if the attacks believed to be underway since last month were related to an operation dubbed 'Night Dragon' by an anti-virus company that revealed last month the extent of Chinese intrusions against oil and gas companies seeking competitive bid information however the mode of attack was similar.

Attorney General Robert McClelland would not comment on the claims or say if an investigation was being conducted.

But the newspaper report said "four separate government sources confirmed that they had been told Chinese intelligence agencies were among a list of foreign hackers that are under suspicion".

It was believed that the Parliament House email system was not as secure as that used by ministers for confidential communication.

A well-placed internet industry source told SC Magazine that although the attacks were unfortunate they could have a silver lining if they elevated the issue of computer security in the public's mind: "If the PM can be hacked then anyone can be".

If the attacks proved true, Chinese hackers would not have had a high bar to vault.

Auditor warnings too late

A report last week by the Australian National Audit Office found that one in 10 of the passwords used by those in Gillard's department could be broken by brute force attacks, using common words found in the dictionary or the login name. It pointed out that simple, six-letter password can be "cracked in minutes".

Auditors probed:

  • Australian Office of Financial Management
  • ComSuper
  • Medicare
  • Department of the Prime Minister and Cabinet

"It is critical that agencies have an appropriate password policy that is consistently implemented, in order to manage the risk of attack from an external source," auditors wrote.

It recommended more complex passwords should be used and that access to webmail systems such as Gmail and Hotmail be blocked.

Although the office found some Government agency policies were dated, inconsistent between agencies and patches not applied in a timely way in half the agencies surveyed, agencies were generally operating according to principles laid down in operating procedures.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?