‘Tens of thousands’ of Australian firms could be affected by Chinese hack

One of the nation's top cyber security officials has warned that "tens of thousands" of Australian companies may have been compromised by Chinese intelligence services' hacking of major global technology firms.

"It's the biggest and most audacious campaign I've seen," said Alastair MacGibbon, the head of the government's Australian Cyber Security Centre.

Alastair MacGibbon, Deputy Secretary National Cyber Security Adviser.Credit:Alex Ellinghausen

"This is massive in its scope and its scale. It's breathtaking."

China's intelligence services have hacked the world's biggest providers of software services, including Hewlett Packard, SAP and IBM, in an extraordinary penetration that has exposed those firms' client companies.

The global giants, known as managed service providers (MSPs), are trusted by other firms to store, process, and protect commercial data, helping run every aspect of Australian businesses, from human resources to accounts management.

Mr MacGibbon, who also serves as national cyber security adviser, said that hacking major MSPs gave the Chinese state-backed hackers access to the MSPs' customers – themselves major firms across all sectors of industry – while masking it as legitimate activity.

FBI Director Christopher Wray with Deputy Attorney General Rod Rosenstein, speaks during a news conference blowing the whistle on China’s hacking operation.Credit:AP

He said the number of Australian companies exposed was "potentially tens of thousands", though the number that had actually been breached was likely lower simply because the hackers would prioritise the most attractive targets.

His comments came as Australia for the first time pointed the finger publicly at the Chinese government over industrial-scale hacking effort to steal intellectual property from Australian companies, in a co-ordinated name-and-shame campaign with key allies.

In a significant diplomatic gesture that makes overt what Australia and other western nations have long complained of privately, Foreign Minister Marise Payne and Home Affairs Peter Dutton joined counterparts in the United States and Britain to express “serious concern” over what they call a “global campaign of cyber-enabled commercial intellectual property theft”.

China has denied the claims.

Echoing Mr MacGibbon's remarks, a national security official told The Age and The Sydney Morning Herald: "These MSPs have thousands of clients.

Former prime minister Malcolm Turnbull and Premier Li Keqiang of China agreed not to steal commercial secrets.Credit:Andrew Meares

"No country poses a broader, more severe, and long-term threat to our nation's economy and cyber infrastructure than China," Mr Wray said.

"China's goal, simply put, is to replace the US as the world's leading superpower, and they're using illegal methods to get there."

The indictments were immediately welcomed by the Australian government, which called on China to stop seeking a competitive advantage by stealing trade secrets and confidential business information from other nations.

Mr MacGibbon said the theft had disadvantaged Australian businesses and their staff.

"And that essentially takes food from the people of Australia," Mr MacGibbon told the ABC. "It helps them compete in a way that we can't."

China's Foreign Ministry said on Friday it resolutely opposed "slanderous" accusations criticising China for economic espionage, and urged Washington to withdraw its accusations.

The United States should also withdraw charges against two Chinese citizens, the ministry said, adding that China had never participated in or supported any stealing of commercial secrets and had lodged "stern representations" with Washington.

"We urge the US side to immediately correct its erroneous actions and cease its slanderous smears relating to internet security," it said, adding that it would take necessary measures to safeguard its own cyber security and interests.

The decision by governments in the US and Australia to effectively name and shame Beijing over the industrial espionage marks a major departure from the usual practice of not attributing hacking behaviour, and reflects the intense frustration of Canberra at China's persistent efforts to steal commercial secrets.

"China is the real concern in the cyber area, and the West is now calling them out," said the Australian official, who cannot be named because of their position.

"They will want to continue stealing. We need to make it harder for them."

It is understood that the MSPs did not always respond to warnings as robustly as authorities would have liked.

The providers have been notified by intelligence services of the hack. According to the official, some have resisted telling their own clients about the problem.

A poster displayed during a news conference at the Department of Justice in Washington shows two Chinese citizens suspected of being with the group APT 10 carrying out an extensive hacking campaign to steal data from US companies. Credit:AP

A statement from SAP said they were "aware that SAP, among others, has been identified as a target of an attack.

"We have no evidence that our environment has been compromised by this threat. We are investigating these claims."

International Business Machines Corp (IBM) said it had no evidence that hackers took "sensitive" company and client information.

Among the dozens of hacking victims named at an overnight press conference in Washington D.C. were major banking, healthcare, telecommunications, mining and manufacturing companies. The US space agency NASA was also targeted as were the US Navy and Department of Energy.

The theft of intellectual property has formed a key part of US President Donald Trump's trade war with China.

Source: Read Full Article