October 3, 2019

Australian National University Breach- Despite Report, Many Unanswered Questions Remain

A group of about 15 highly sophisticated hackers began their attack on Australian National University on November 9, 2018 by sending an email infected with a virus to a staff member at the university. But due to the superiority of the attack, all the employee had to do was preview the email, not click on a clink or open the message, and the virus was unleashed onto the ANU network. Hackers spent about 6 weeks inside the university’s network. In December 2018, while the hackers were successfully inside the system, ANU launched planned maintenance, effectively kicking them out. But just temporarily. The hackers found another door without proper protections and continued to take information. The university first detected a suspicious intrusion in April 2019 and by May confirmed a breach had occurred.

To-date the responsible parties are still unknown.

Such data targeted in the attack included human resources, financial management and student administration. These systems included information such as names, addresses, and birth dates, as well as tax file numbers, payroll information, bank account details and academic results. Perhaps most troubling is that investigators cannot pinpoint exactly how many and which records were compromised, let alone what hackers plan to do with the data they obtained.

But why?

“From a cybersecurity perspective, this data would be highly valuable to hackers and could be used for ID fraud or other malicious activities,” the university said.

Since the attack was discovered, the university has been proactive in hiring specialists to monitor the dark web to see if the stolen information is being traded by criminals. No activity has been detected yet nor have any reported incidents of ID fraud connected to the hack.

However maybe the attack has more long-term objectives. ANU can be seen as an attractive target due to its close association with the Australian government. By stealing data on staff and students, the hackers could be developing a long-term snapshot of the types of people who continue on to hold critical positions in the Canberra government.

“Universities have a responsibility to protect the information they hold about individuals and the research they are conducting,”

– Education Minister Dan Tehan

Since the breach was first reported, the university has been spending millions upgrading its computer network to better safeguard against future attacks. They have recently released their report on the breach here.