Beijing Accused of Finding ‘Faulty Doors’ To Leave Open For Cyber Attacks: Australian Intelligence Officials

Beijing Accused of Finding ‘Faulty Doors’ To Leave Open For Cyber Attacks: Australian Intelligence Officials
Laptop with binary code and Australia flag on the screen. littlewolf1989/AdobeStock
Daniel Y. Teng
Updated:

Australian intelligence officers have revealed how Chinese-backed cyberattacks operated and exploited weaknesses in the country’s institutions. The insight comes following the ground-breaking release of a joint international statement condemning Beijing’s cyber activities.

Rachel Noble, the head of the Australian Signals Directorate, said Beijing had exploited weaknesses—or “faulty locks”— in the country’s cyber defences, which left 70,000 Australian entities vulnerable to attack.

“When the Chinese government became aware of those faulty locks on the doors, they went in and propped all those doors open,” she told the Parliamentary Joint Committee on Intelligence and Security on July 29.

“What then happens is there were opportunities for all sorts of criminals and other state actors to pour in behind all those propped open doors and get into your house or your building,” she added.

Mike Pezzullo, the head of the Home Affairs Department, said the government now needed to consider state actors playing a more prominent part in what used to be a realm exploited by criminals.

Secretary of the Department of Home Affairs Mike Pezzullo speaks during a Senate inquiry at Parliament House in Canberra on September 24, 2020. (AAP Image/Lukas Coch)
Secretary of the Department of Home Affairs Mike Pezzullo speaks during a Senate inquiry at Parliament House in Canberra on September 24, 2020. AAP Image/Lukas Coch

Pezzullo said modern day cyberattacks involved tools that were “adapted from or need to be deployed with at least implicit permission of certain state actors.”

The Committee is considering new laws that will designate critical infrastructure and provide new powers to protect them against cyberattacks.

Earlier this month, Australia joined major democratic allies, the United States, United Kingdom, Canada, New Zealand, Japan, the European Union, and NATO, in condemning Beijing for its involvement in the Microsoft Exchange hack earlier this year.

Further, the statements also condemned Beijing’s Ministry of State Security for engaging third-party hackers to carry out these activities.

“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain,” the Australian statement read.

Prime Minister Scott Morrison has previously indicated that the federal government would only engage in public attribution of a state actor if a “high bar” of evidence were provided.

Cyberattacks targeting major institutions and companies have become commonplace in recent years, with some of Australia’s biggest firms being targeted.

In one of the most recent attacks in May, JBS, the largest beef and sheep meat producer in Australia, was targeted by ransomware hackers that effectively forced the company to shut down sales and lot feeding operations.
The company logo sign sits at the entrance to the JBS Australia's Dinmore meatworks facility, west of Brisbane, on May 12, 2020. (Dan Peled/AAP Image via AP)
The company logo sign sits at the entrance to the JBS Australia's Dinmore meatworks facility, west of Brisbane, on May 12, 2020. Dan Peled/AAP Image via AP

The attack also shut down meat processing plants in Queensland, Victoria, New South Wales, and Tasmania and saw thousands of workers stood down as well.

The FBI attributed the attack to Russian-linked hacking group REvil, also known as Sodinokibi.

Joseph Siracusa, adjunct professor of the history of international diplomacy at Curtin University, said one of the main issues with cyberattacks was publicly attributing the source.

“What we haven’t figured out yet is how to defend against it,” he told The Epoch Times. “You know, we could turn off the lights in downtown Moscow right now or turn off the electric toilets in Beijing if we want to, but then they could do the same thing to us.”

“Will U.S. President Biden hold Russian President Putin accountable for these cyberattacks? And the answer is: He can’t because he can’t prove that Putin had his hand in it,” he added.

“Do you hold the government accountable for the criminal behaviour of its citizens? And the answer is: You’d like to,” he said. “But in the real world, you can’t.”

Daniel Y. Teng
Daniel Y. Teng
Writer
Daniel Y. Teng is based in Brisbane, Australia. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Got a tip? Contact him at [email protected].
twitter
Related Topics