Students at the Australian National University had their records been targeted in a cyber attack on the university. Vice-Chancellor Brian Schmidt says the hackers may have been attempting to discover details about students who have gone on to have careers in Australia’s intelligence services.
The Australian National University says the attack was “extremely sophisticated” and has recently released a report which reveals that hackers gained access to almost two decades worth of student records. They managed to cover their tracks sufficiently to remain undetected within the system for more than a month, ignoring research data and concentrating solely on student records during the attack which began on November the 9th, 2018. The report, compiled with assistance from security agencies, states that the perpetrators displayed an “exceptional degree of operational security that left few traces of their activities.” Investigators have been unable to determine just how many, or exactly which records were accessed.
What is known is that the hackers were able to remain in the system undetected until mid-December. It was only then that IT staff at the university noticed unusual behaviour and shut down system access, according to the report. As Professor Schmidt put it: “This wasn’t a smash and grab. It was a diamond heist.”
Attackers tried to the system again in February but were unsuccessful. The report says that the techniques required to carry out the attack “highlight the sophistication and determination of the actor. The initial means of infection was a sophisticated spearphishing email which did not require user interaction, i.e. clicking on a link or downloading an attachment. In addition to their efficiency and precision, the actor evaded detection systems, evolved their techniques during the campaign, used custom malware and demonstrated an exceptional degree of operational security that left few traces of their activities.”
Cyberattack puts Students with Security Agency Ambitions at Long-term Risk
While information regarding intelligence agency and government officials who attend ANU on short courses is not stored in the system, there remains a suspicion that data harvested by the attackers could be used to groom students who go on to sensitive security or decision-making roles in the future.
Head of ANU’s national security college, Professor Rory Medcalf said “I would be concerned about the long-term risk of students or academics being targeted for future cultivation as intelligence assets. However, it is not clear whether this breach would have provided sufficient information for those purposes,” he added, “it would be surprising if it wasn’t a state actor.”