Professional Documents
Culture Documents
On an interview with security specialists and insiders, Four Corners also highlights specific high
level incident regarding Government departments. It further demonstrated how security systems
might have been breached. A hard truth facing these issues cannot be comprehended. Companies
refrain from speaking about the intrusion to avoid a setback from customers and stockholders.
The uncomfortable answer about the offender who keeps attacking has made the government and
organizations to remain silent on the matter. Most leads from reliable sources like former
government advisors in cyber security, indicates China as the main suspect. It has not been
proven whether the hackers works for the government of China, but it is likely that most
established companies in China stand to be a target of corporate espionage.
The implications of the inability to share secure communications in the event of a cyber-attack;
whether it is espionage or the use of espionage collected data for warfare, would be catastrophic
during a conflict. Giving an adversary the ability to monitor information sent via a computer
system and then providing them with the complete ability to shut down a critical system
remotely would be detrimental to the safety of any country. The impact of this could be
enormous if flight control systems, weapons systems, or other critical infrastructure is shut down.
1
Introduction
The ABC's Four Corners program, aired on 27 May, made a number of claims about intrusions
into Australian Government and commercial IT systems. The emphasis of the program was on
two specific cases - allegations that the plans for the new ASIO building were ex filtrated by
Chinese hackers and that Adelaide based communications company Codan had, as a result of
cyber intrusions, lost commercially valuable intellectual property information and export
contracts to Chinese competitors. Passing reference was made to allegations that sensitive
information was extracted from Department of Foreign Affair and Trade's network, but few
details were provided. Attorney-General Mark Dreyfus who was interviewed would not
comment on the claims. Interviewees expressed mixed views about international efforts to
address cyber threats, such as through new treaties.
Adelaide-based communications, metal detection and mining technology firm Codan was a
successful Australian multi-national electronics company that had offices in the US and the UK.
In 2012, sales figures for their famous and popular metal detectors started dropping and it took
some detective work to figure out why. The Australian Security Intelligence Organization
(ASIO) reported that the reason for the decline in sales figures was that their computer systems
had been hacked and blueprints stolen to sell cheap imitated product into global market. Codan
was a victim of cyber espionage and the cyber-attack allegedly came from China.
On one occasion, former president of US addressing tech-savvy campaign cautioned that he was
never obsessed with his BlackBerry but rather understood the security precautions needed with
government device while in office. On stage he pointed out that none had his email address to
digitally communicate with him neither did the Alfalfa Club crown obtain presidents email
address, but six years later, Russian spies obtain the address and even read the content of the
emails. They also gained access to White House communication system that staffers used for
legislative affairs, personnel developments, presidential scheduling, correspondence with
diplomats overseas, and more. (Buchanan, 2017).
2
Background information
Documents detailing the ASIO building's communication cable layouts, server locations and
security systems had all been illegally accessed, ABC TV's Four Corners reported. The new
building, which overlooks Canberra's Lake Burley Griffin and was due to open, could not be use
even after costing taxpayers $630 million which was $41m more than anticipated. The reason
was an act of espionage that took place in 2013.
Codan CEO, Donald McGurk, could not talk about the details of the attack on camera to Four
Corners, but said the company had taken serious steps to improve the security on its computer
systems with multiple firewalls. According to the report, an ASIO investigation found Chinese
hackers found a vector into the Codan network when an executive from the company visited
China and logged into the Wi-Fi at a hotel.
The hackers inserted malware on work laptop, which then infected the computer system in
Australia. The malware contained code designed to target files on the Codan system
specifically, design information regarding the secure military radio system used by Australia and
its allies. This were the two main incidents that were reported majorly, however their more issues
relating to the content in different scenario.
It is paramount for Australian government and businesses in general to put into consideration the
need of developing a safer and more secure network that can minimize intrusion and provide
business continuity roadmap whenever an incident has occurred. Government cyber security
agency should also provide standards to help secure business from being attacked. The recent,
WannaCry ransomware which recently infected 10,000 organizations and 200,000 individuals in
over 150 countries exemplifies the magnitude of threat to information security.
For any organization to have a standard network for information security, three major basic
requirements need to function. (Cheminod, M., Durante, L., & Valenzano, A., 2009).
3
o Integrity the ability to guarantee and protect the accuracy of requested data is actually
from the requested entity.
o Confidentiality this is a guarantee of secrecy. An assurance that requested information
is undisclosed to unauthorized processes and individuals.
In support of this assertion, (Mikko & Harri, 2007) also classifies confidentiality, availability,
integrity and non-repudiation of data to be the most valued constituent and requirement to
support secure communication across a network.
Table 1.1 shows threat face by different organizations with the magnitude of impact
Threats Impacts
Cyber espionage Bluescope Steel was one of the contractors involved in the construction of
on Bluescope the new ASIO headquarters; it was among several companies that were
hacked by the Chinese for military and/or political advantages.
The ASIO building, was being built near the location of Australias top-
secret Defense Signals Directorate, was supposed to have some of the most
sophisticated hacking Defenses in the country, which was part of a global
electronic intelligence gathering network including the US and the UK.
(Agencies, 2013)
4
countermeasures of threats faced by Australian Government Departments and business
organizations as explained by four corners video.
5
services attack of have powerful and multitasking servers with capacity of processing a large
chunk of request that might be originating from the attackers end.
On the other hand, across the network, servers should be connected to
Gigabit per second Ethernet channels on full duplex mode to enable these
severs packet switch frames as soon as possible. This is in bid to avoid link
congestion and free up the communication channel as much as possible even
during attack.
Recommendation;
Using light web server Nginx as front end to apache while deploying Apache
at back end is highly recommended. This is due to Nginx advantage of high
fault tolerance and consuming lesser system resource and memory for
multiple requests. (Ihor & Yuri, 2012)
Developing and implementing business continuity and disaster recovery
plans which are tested, documented and printed in hardcopy with a softcopy
stored offline. Focusing on the highest priority systems and data to recover.
Unsolicited User training education and awareness would have ensured staff understood
email how personal information can be openly accessed, and made them suspicious
attachments of unwelcome email with unexpected attachments and that could run
executable files to their systems.
Recommendation;
Configure Microsoft Office macro settings to block macros from the Internet,
and only allow vetted macros either in 'trusted locations' with limited write
access or digitally signed with a trusted certificate.
Failure to ensure It was discovered that the blueprint of new ASIO headquarter building was
that contractor stolen, together with communications cabling structure, server locations,
services are floor design plan and security systems. This was as a result of cyber hit on
adequately the tendered contractor and eventually exported to a server in China.
secure Recommendation;
Contractor working for government project should be vetted to meet the set
standards of information security.
6
Skills and These groups are increasingly professional and have industrialized their
sophistication of criminal activity so they can act at scale. Some of these groups are now so
cyber-crime well established and business-like that they have well-defined organizational
groups structures, access to specialist skills and functions like call centers and
translators.
Recommendation;
Operating system hardening based on a Standard Operating Environment,
disabling unneeded functionality e.g. RDP, AutoRun, LanMan,
SMB/NetBIOS, LLMNR and WPAD would serve a great deal of network
protection. Networks with classified information should be isolated from
accessing internet. VPN encryption should be considered for communication
over internet.
Theft on As stated, intellectual properties of great value to the companies have been
intellectual stolen and therefore significantly reducing their return on investments which
property and data negatively impact the economy. The government should establish National
Cyber Security Centre to act as a single point of contact to simplify and
strengthen government effort on cyber security and improve engagement
with industry.
Recommendation;
Mounting personal firewall on computers connected to the Internet.
Update antivirus software with the latest virus signature or malicious
code definition.
Installing intrusion prevention system on the computer network in the
organization to detect and prevent further attacks by eavesdroppers.
Eavesdropping It was presumed that a factor of ten times the entire database, or the entire
amount of information stored within the Defense Restricted Network was
leaked out several years; this included classified emails, basic reports and
administrative information.
Recommendation;
o Deployment of encrypted connection, e.g. Hypertext Transfer Protocol
7
Secure (HTTPS) and Secure Shell (SSH) would offer better security, to
encrypt the data transmitted on the Internet. Even if attackers can
intercept the data, they cannot read or deface the information easily.
o Employing use of Internet services with mutual authentication such as
Public Key Infrastructure (PKI) to reduce risk of Man-in-the-Middle
attacks can be reduced.
Firewalls & According to Kurpjuhn (2015) SMEs should use an advanced type of
Anti-Virus firewall called Unified Threat Management (UTM). UTM is an improved
version of the traditional firewall which encompasses several functions
including; gateway anti-virus, gateway anti-spam, VPN, data leak prevention
and network intrusion prevention.
Recommendation;
Apply email content filtering that check on Whitelist allowed attachment
types. Analyze hyperlinks, PDF and Microsoft Office attachments.
Quarantine Microsoft Office macros. Antivirus using heuristics and
reputation ratings to check a file's prevalence and digital signature prior to
execution. Use antivirus from different vendors for gateways /computers.
8
September 2011 China reportedly modified the virus and disabled an Indian
telecommunications satellite.
February 2013 An American cyber security firm called Mandiant, released a
report directly implicating China in cyber espionage, hacking
into American government and corporate websites.
May, 2013 ASIO reported that an employee of the company that was
Malware attack on Codan visiting China had malware inserted into the company laptop
company. whilst staying at a hotel and it was this initial attack that
unlocked the front door to all of the companys data.
In a 2013 Meeting called by the Australian Signals Directorate, former IT
manager Daryl Peter was told the company had been seriously
infiltrated by foreign hackers. Mr Peter believed the hack was
from China.
The table 3.2 shows the risk matrix on the impact on attack and controls
Likelihood
The figure 2.1 below demonstrates how teams of information security personnel must guard their
respective organizations against dangerous and debilitating threats.
9
Mitigation Strategies to protect Information Systems
Restricting administrative privileges for accounts with prime privileges in organizations and
government departments, this is main target for attackers, limiting and tightly controlling will act
as first line of defense.
Perform and enforce application whitelisting to organizations and government network. Only
allows authorized applications to run.
Implement defense in depth to affected organizations and government departments. Do not rely
on one single technology or defensive measure; have multiple security controls in case one
approach fails.
Figure 2.2 shows different level of security that can be implemented to harden IT systems
(wsu.edu, 2017)
Conclusion
The attack on government departments has significant impact on Australias national security
and economic prosperity. Therefore, more robust network security implementation should be
considered. By accessing the state departments attackers gain advantage over Australia
economic, foreign policy, defense and security information.
References
Schneider, D. (2012). http://ac.els-cdn.com/S1353485812700168/1-s2.0-S1353485812700168-
main.pdf?_tid=4f5972213f6c73424a377aa3639e4d06&acdnat=1342459789_2caf69b6920cf6114
9028623c865b481. Retrieved July 26, 2012, from http://ac.els-cdn.com/S1353485812700168/1-
s2.0S1353485812700168main.pdf?_tid=4f5972213f6c73424a377aa3639e4d06&acdnat=134245
9789_2caf69b6920cf61149028623c865b481
S. Todd, M., & M. Rahman, S. (2013). Complete Network Security Protection for SME's within
Limited Resources. International Journal Of Network Security & Its Applications, 5(6), 1-13.
http://dx.doi.org/10.5121/ijnsa.2013.5601
http://www.foresightconsulting.com.au/resources/docs/T4MM.pdf
10
Wahlert, G. (1998). Crime in Cyberspace: Trends In Computer Crime In Australia. Conference
paper: Internet Crime held in Melbourne, by the Australian Institute of Criminology
Whitman, M., & Mattord, H. (2012). Principles of information security (1st ed.). Boston, Mass.:
Course Technology.
11