Australia’s Prime Minister Blames ‘Sophisticated State Actor’ for Parliament Hack
Prime Minister Scott Morrison of Australia making a statement on cyber security, on Monday. Credit: Mick Tsikas/EPA, via Shutterstock
SYDNEY, Australia — Prime Minister Scott Morrison of Australia on Monday blamed a “sophisticated state actor” for the recent hacking of Parliament’s computer network, raising the specter of foreign interference in the country’s politics weeks before a national election.
The government has not identified the country behind the attack, but Mr. Morrison said that along with Parliament, the networks of the major political parties were also affected.
Mr. Morrison did not detail how the country’s security agencies had detected or dealt with the malicious activity, but he insisted that “there is no evidence of any electoral interference.”
Cybersecurity experts, he said, briefed the country’s electoral commissions and met with state and territory officials. “They have also worked with global antivirus companies to ensure Australia’s friends and allies have the capacity to detect this malicious activity,” he said.
Alastair MacGibbon, the national cybersecurity adviser, said on Monday that the government had not learned the identity of the hacker before it acted to block the activity.
That defensive action, he said, “also does other unpleasant things, like remove some of the forensic evidence we’re interested in.”
A government cybersecurity expert said one difficulty in identifying the perpetrators was that the hackers used tools that had not previously been seen.
The nations most likely to carry out such an attack are China and Russia, security experts said, though Iran, Israel and North Korea also have sophisticated cyberwarfare capabilities.
Australia has frequently warned of Chinese interference in its politics. Last year, the government barred the Chinese technology giant Huawei from building a 5G telecommunications network. In a speech in October, the head of the Australian Signals Directorate, an intelligence agency, hinted that the decision was about maintaining the integrity of data and critical infrastructure.
“If it is China, then I think it’s important for the public to know that,” said Alex Joske, a researcher at the International Cyber Policy Center in Canberra. “Discussions about Huawei and influence will be issues during the election, and letting the public know that the Chinese Communist Party was in our system is important knowledge.”
Mr. Joske said Russia, which interfered in the 2016 United States presidential election, had less interest in the Australian election.
After the American experience in 2016, Western democracies should be increasingly aware of the vulnerability of their institutions, said Roderick Jones, founder and president of the cybersecurity firm Rubica in San Francisco.
“It is gross negligence to have any significant breach of a system at this point, given everything that’s happened around the world, to have a penetration of a parliamentary system is just negligent,” he said.
The Australian hack was above all designed to damage voter confidence, Mr. Jones said.
“People are suddenly questioning electronic voting, some of those processes get brought into focus and people stop having trust in them. Every Western election has had interference, every one has been damaged in some way. Russia and China are more allied than ever to destroy confidence in the system,” he said.
The prime minister’s acknowledgment of the hack represented a departure from past policy, in which the government has been reluctant to single-handedly call out cyberattacks by foreign governments. Last April, Australia, the United States and Britain accused Russia of state-sponsored hacking. In December, Australia followed the United States in condemning Chinese hackers for trying to steal intellectual property.
The Australian government’s conundrum now is what it will do once it has uncovered the identity of the foreign state actor, said Fergus Hanson, head of the International Cyber Policy Center.
“This sets up Australia for its first attribution without a coalition, it’s never had the confidence to say that for an attack that just affected Australia,” he said. “In a couple of months’ time, they’re going to have to come out and say who was behind it and then they’ll have to react to it.”
How the Australian government responds will be closely watched, not least by the other members of the Five Eyes intelligence-sharing alliance: the United States, Britain, Canada and New Zealand.
“Will Australia fall out of the intelligence-sharing community if it doesn’t act, or is shown to have less than robust cybersecurity around key infrastructure?” asked Mr. Jones of Rubica. “There’s not a lot Australia can do, but that’s the point of alliances.”
Correction: Feb. 18, 2019
Because of an editing error, an earlier version of this article misstated the nationality of Roderick Jones, founder and president of the cybersecurity firm Rubica. He is British, not American.
Originally published at www.nytimes.com on February 18, 2019.