Australian intelligence officers have revealed how Chinese-backed cyberattacks operated and exploited weaknesses in the country’s institutions. The insight comes following the ground-breaking release of a joint international statement condemning Beijing’s cyber activities.
Rachel Noble, the head of the Australian Signals Directorate, said Beijing had exploited weaknesses—or “faulty locks”— in the country’s cyber defences, which left 70,000 Australian entities vulnerable to attack.
“When the Chinese government became aware of those faulty locks on the doors, they went in and propped all those doors open,” she told the Parliamentary Joint Committee on Intelligence and Security on July 29.
“What then happens is there were opportunities for all sorts of criminals and other state actors to pour in behind all those propped open doors and get into your house or your building,” she added.
Mike Pezzullo, the head of the Home Affairs Department, said the government now needed to consider state actors playing a more prominent part in what used to be a realm exploited by criminals.
Pezzullo said modern day cyberattacks involved tools that were “adapted from or need to be deployed with at least implicit permission of certain state actors.”
The Committee is considering new laws that will designate critical infrastructure and provide new powers to protect them against cyberattacks.
Earlier this month, Australia joined major democratic allies, the United States, United Kingdom, Canada, New Zealand, Japan, the European Union, and NATO, in condemning Beijing for its involvement in the Microsoft Exchange hack earlier this year.
Further, the statements also condemned Beijing’s Ministry of State Security for engaging third-party hackers to carry out these activities.
“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain,” the Australian statement read.
Prime Minister Scott Morrison has previously indicated that the federal government would only engage in public attribution of a state actor if a “high bar” of evidence were provided.
Cyberattacks targeting major institutions and companies have become commonplace in recent years, with some of Australia’s biggest firms being targeted.
In one of the most recent attacks in May, JBS, the largest beef and sheep meat producer in Australia, was targeted by ransomware hackers that effectively forced the company to shut down sales and lot feeding operations.
The attack also shut down meat processing plants in Queensland, Victoria, New South Wales, and Tasmania and saw thousands of workers stood down as well.
The FBI attributed the attack to Russian-linked hacking group REvil, also known as Sodinokibi.
Joseph Siracusa, adjunct professor of the history of international diplomacy at Curtin University, said one of the main issues with cyberattacks was publicly attributing the source.
“What we haven’t figured out yet is how to defend against it,” he told The Epoch Times. “You know, we could turn off the lights in downtown Moscow right now or turn off the electric toilets in Beijing if we want to, but then they could do the same thing to us.”
“Will U.S. President Biden hold Russian President Putin accountable for these cyberattacks? And the answer is: He can’t because he can’t prove that Putin had his hand in it,” he added.
“Do you hold the government accountable for the criminal behaviour of its citizens? And the answer is: You’d like to,” he said. “But in the real world, you can’t.”