The rogue attackers who are suspected of hacking into the parliamentary computers of Prime Minister Julia Gillard and others could have already covered their traces, a security expert said this week, as news of the apparent break-in is generating comment in Australia’s security community that the event is a “wake-up call” on cyber espionage.
Earlier this week, The Daily Telegraph reported that at least 10 computers, including those belonging to Gillard, Foreign Minister Kevin Rudd and Defence Minister Stephen Smith, were suspected of being hacked, with the attackers gaining access for more than a month. In the process, thousands of email are reported to have been accessed.
Nigel Hedges, technical services manager for the Australia/NZ division of Russian security vendor Kaspersky, said the Government should have deployed data leakage prevention functionality and at least looked at notifying when sensitive information was being communicated. “Although this is more of a detection countermeasure, it could have provided an early warning that information was making its way out of the environment” he said. “If reports are true, thousands of emails later, there is sufficient time for the source attacker to obfuscate and complicate their trail.”
Hedges said basic prevention measures included assessing that all necessary security applications were installed, enabled and running on the ministers’ machines — especially those of top-level ministers; while in the long run, educating public servants on security could contain further risks of exposing government information. “A security awareness program that could give ministers important cyber-crime and [an information security bulletin] would go a long way in making our countries’ most important representatives secure,” he said.
According to Hedges, another key factor in building a more secure environment could be changing the selection criteria put in place by the Government when choosing a vendor. Hedges said that the Government should change its “rigid” selection process so that it could benefit from more flexibility when selecting information security solutions. “The Government should ‘think outside the square’ and change their rigid selection process so that they can be more agile in selecting information security solutions that address real world problems,” he said.
Commenting on what happened, IBRS advisor and information security expert, James Turner said the case demonstrated cyber espionage was a reality, and that an attacking party could put great resources into going after information they valued important. “The effort they put in it is directly proportional to the value of the information to them,” he said. “And that creates problem for the people that are trying to defend against the attacks, because they can’t put in the same degree of resources … because literally you can bankrupt yourself in trying to put in ultimate security.”
Turner said that as far as the nation had been told, nothing of “tremendous” value have been lost during the attacks; however, he also said the case highlighted that if someone was willing to attack, they could have access to material the Government would not want them to be have. The Daily Telegraph reported that The Australian Parliament House email network – which MPs use for correspondece – was the only one believed to have been the target of the attacks; instead, the departmental network, used for sensitive communications, was reported not to have been accessed.
Turner said the only way to protect against this kind of attacks was to have a complete segment of the network where computers were entirely not interacting with the outside world. “And that becomes increasingly less feasible when we deal with an interconnected world,” he said adding the security breach should be a wake up call for authorities and the Government.
“The value to Australian industry of an attack like this occurring is that it highlights that this is happening,” he said. “A lot of organisations should use this kind of case study to demonstrate the fact that their computers should probably more secure than they actually are.”