14 DAY TRIAL // A Freedom of Information (FOI) request made by The Australian Financial Review has revealed that the Australian Bureau of Statistics (ABS) has been targeted on numerous occasions by cybercriminals over the past four years.
Although the declassified documents and internal incident reports are heavily redacted, The Australian Financial Review has learned that the ABS recorded at least 11 incidents over a seven-month period in 2012.
In many cases, the attacks preceded the release of confidential data, including information that affects financial market prices.
While some attacks have been catalogued as being “low-risk,” some of them have been successful, including 229 of the 10,500 attempts to penetrate ABS servers, recorded over a two-day period in July 2012.
The largest attacks were launched in October last year, just before the ABS released consumer price index information for that quarter. At the time, some login credentials used by ABS staff might have been compromised.
Despite all these attempts, the ABS is confident that none of the attackers have managed to compromise the organization’s networks and that no data has been stolen from their systems.
All the incidents have been reported to the Australian Defence Signals Directorate and its Cyber Security Operations Centre.
So where did these attacks originate?
A couple of them, launched in September 2010, have been traced to Croatia. However, the country that’s named the most times as being the origin of the cyberattacks is China.
Some attacks have been linked to Chinese universities, a mobile account from China and various other sources.
While it’s true that China has been named as being responsible for numerous cyberattacks over the past period, it’s worth noting that this doesn’t necessarily mean that the attackers that hit ABS are located in that country.
Cybercriminals have often used compromised machines to hide their tracks.