Dec 21, 2018 01:11 PM

Australia Blasts China for Allegedly Hacking Australian Companies

Alastair MacGibbon, head of the Australian Cyber Security Centre at the Australian Signals Directorate, called the alleged hacking attacks “audacious.” Photo: Alex Ellinghausen/AFR
Alastair MacGibbon, head of the Australian Cyber Security Centre at the Australian Signals Directorate, called the alleged hacking attacks “audacious.” Photo: Alex Ellinghausen/AFR

(AFR) — The Morrison government has taken the unprecedented step to publicly rebuke China for stealing commercial secrets from Australian businesses, joining foreign allies in a coordinated push back against Beijing’s state-sponsored cyberattacks on entities around the world.

Australian mining companies, universities and high-tech businesses are believed to be among the thousands of global victims targeted by China’s economic espionage committed through cyberattacks.

Within hours of U.S. prosecutors charging two Chinese nationals with computer hacking attacks on a wide range of American government agencies and corporations and accusing China of trying to overtake the U.S. as the world’s superpower, Foreign Affairs Minister Marise Payne and Home Affairs Minister Peter Dutton on Friday issued a strongly-worded joint statement condemning China.

Alastair MacGibbon, head of the Australian Cyber Security Centre at the Australian Signals Directorate in Canberra, said potentially thousands of companies including Australian large and midsize firms using outsourced technology providers had suffered cyberattacks from APT10, a group acting on behalf of the Chinese Ministry of State Security.

“This is audacious, it is huge and it impacts potentially thousands of victims globally,” MacGibbon said on ABC Radio on Friday morning.

“We know there are victims in Australia,” he said. “It is time now to use this as a point of inflection in how we protect our economy.”

The cyberattacks and theft of commercial intellectual property breach a 2017 deal then-prime minister Malcolm Turnbull and China’s Premier Li Keqiang not to steal each other’s commercial secrets.

China’s APT10 unit was accused of infiltrating providers of outsourced IT services, known as managed service providers (MSPs), which control sensitive data and information for thousands of clients globally.

The government will not disclose and is not sure exactly how many Australian entities were compromised. It is working with the private sector to detect if there are hacks that are yet to be noticed.

The U.S. Federal Bureau of Investigation said 12 countries were affected by the hacks by Zhu Hua and Zhang Jianguo, who were charged for infiltrating biotechnology, oil and gas, health care and agriculture businesses, as well as the U.S. Navy, space agency NASA and the U.S. Energy Department to gather intellectual property and confidential business and technological data to give Chinese companies an unfair competitive advantage.

Payne and Dutton said: “Today, the Australian government joins other international partners in expressing serious concern about a global campaign of cyber-enabled commercial intellectual property theft by a group known as APT10, acting on behalf of the Chinese Ministry of State Security.

“The sustained cyber intrusions by APT10 were significant and focused on large-scale Managed Service Providers (MSPs) — specialist companies that manage IT services and infrastructure for many medium to large businesses and organizations, both in Australia and globally.

“When it is in our interests to do so, Australia publicly attributes cyber incidents, especially those with the potential to undermine global economic growth, national security and international stability.

“Australia calls on all countries — including China — to uphold commitments to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining a competitive advantage. These commitments were agreed by G-20 Leaders in 2015. Australia and China reaffirmed them bilaterally in 2017.”

The federal Labor Opposition backed the government’s criticism.

“Labor supports the government making clear to any nation engaging in this behavior that such actions are unacceptable, and also make clear Australia expects that all countries act in accordance with international laws and norms,” Labor’s foreign affairs spokeswoman Penny Wong said.

It is the first time Australia has publicly called out China for economic espionage against Australian businesses.

Western Five Eyes allies, including the U.S., Australia, Britain and New Zealand, were among those to publicly condemn China for an alleged global campaign of cyber-enabled commercial intellectual property theft. Finland, Sweden and Denmark also spoke out.

An investigation by The Australian Financial Review and Nine News in November confirmed China’s Ministry of State Security was responsible for what is known in cyber circles as “Operation Cloud Hopper,” a wave of attacks detected by Australia and its partners in the Five Eyes intelligence sharing alliance.

Tom Uren, visiting fellow at the Australian Strategic Policy Institute’s International Cyber Policy Centre, said the government’s public action was welcome and overdue. “Ideally it would have been better sooner, and it helps that other affected countries have spoken out,” Uren said.

The U.S. experienced a drop-off in attacks after former President Barack Obama struck an agreement with President Xi Jinping in 2015, but since then the cyber intrusions have ramped up again, according to the U.S.

This article was originally published in The Australian Financial Review.

Share this article
Open WeChat and scan the QR code