July 30, 2021
China “crossed a line” with its state-sanctioned hacking of Microsoft Exchange email servers, Australia’s top cyber security official said, because it opened the door to criminals to exploit vulnerabilities.
Australian Signals Directorate chief Rachel Noble told a parliamentary inquiry that an estimated 70,000 Australian businesses used Microsoft Exchange servers and had potentially been exposed earlier this year.
Australia joined almost 40 countries last week, including the US, Japan and European Union, to name Beijing as the culprit after western intelligence services concluded China’s Ministry of State Security was behind a large-scale espionage operation.
At least 70 Australian organisations had data stolen or malware installed as part of a global wave of ransomware attacks.
While China has denied responsibility, Ms Noble told the inquiry it was an “extremely large and significant” attack.
“To explain it in plain language, it would be like houses or buildings having faulty locks on the doors,” she said.
“When the Chinese government became aware of the faulty locks on the doors, they went in and they propped all those doors open.
“There was opportunity for all sorts of criminals, other state actors, you name it, to pour in behind those propped-open doors and get into your house or your building. It’s that action from a technical point of view which crossed a line in the judgment of policy agencies and governments around the world.”
Home Affairs Department Secretary Mike Pezzullo said Australia was actively engaged in developing global “cyber norms”.
“Such reckless action should not be tolerated as a matter of international and global norms, and that’s why the Australian government joined with such a significant coalition of free democratic nations,” he said.
Under questioning from Liberal Senator James Paterson, Mr Pezzullo agreed that ransomware attacks are not just the preserve of criminal gangs, and that countries may be involved in facilitating them.
Ms Noble and Mr Pezzullo were appearing before a parliamentary intelligence and security committee into proposed legislation to protect critical infrastructure from cyber attacks.
The new powers include giving government agencies the power to “step in” when a business is under cyber attack, imposes new reporting requirements to inform agencies of cyber attacks and security obligations on staff.
However businesses, unions and technology groups have raised concerns about how the new regime would work, including the compliance burden.
Mr Pezzullo said the legislation would “fill regulatory gaps rather than duplicate existing regulation”.
He said the Home Affairs Minister would only be able to declare a positive service obligation for a critical infrastructure provider to strengthen their cyber defences after consultation with the sector and relevant regulators.
Mr Pezzullo said the minister would only use powers to take charge of a network under attack when they satisfied the infrastructure provider was “unwilling” to protect itself.
Curtin University lobbies for retraction of unethical AI study on Uyghur facial recognition
September 15, 2021
An Australian university implicated in unethical research using facial recognition technology to identify Uyghur and Tibetan minorities has unsuccessfully lobbied for it to be retracted by publishers on multiple attempts.
SAS survives to fight another day as Peter Dutton reverses recruitment move
September 11, 2021
Peter Dutton has reaffirmed the elite status of Australia’s Special Air Service Regiment, overruling a Defence plan to strip it of its ability to select its own recruits.
Test cricket match between Australia and Afghanistan likely to be cancelled after Taliban says it will ban women from playing
September 9, 2021
Calls for the police to stop accessing check-in data
September 6, 2021
The nation’s privacy watchdog has called for police forces to be banned from accessing information from QR code check-in applications after law enforcement agencies have sought to use the contact-tracing data on at least six occasions to solve unrelated crimes.
Senator Paterson warns against the use of Covid Check-In data to investigate crime
September 6, 2021