Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Hackers targeted personal data held at top Australian university: report

Published 10/03/2019, 12:06 AM
© Reuters. Man holds laptop computer as cyber code is projected on him in this illustration picture
NOC
-

By Colin Packham

SYDNEY (Reuters) - Cyber-attackers spent months targeting personal information of students and employees at one of Australia's most prestigious universities, a report into a 2018 breach released on Wednesday said, although the identities of the culprits remain unknown.

The Australian National University (ANU) said in June that attackers had managed to breach its cyber defenses in late 2018, potentially gaining access to sensitive data that included students' bank account numbers and passport details going back 19 years.

The ANU is one of Australia's highest ranked universities, with alumni including former and current members of the country's government - stoking fears that the attackers had been looking for potential leverage against high-ranking individuals.

Heightening those concerns, an assessment conducted by U.S. defense contractor Northrop Grumman (NYSE:NOC) concluded the attackers ignored typical targets such as academic research to go after the personal information of students, current and former, and former employees.

"In addition to their efficiency and precision, the (attackers) ... demonstrated an exceptional degree of operational security that left few traces of their activities," the report said.

ANU Vice-Chancellor Professor Brian Schmidt told Reuters there was no evidence on who the attackers were.

While investigators now believe the attackers obtained less than 1% of the 200,000 records kept on the server, and the data has not yet been released on the dark web - they do know which records were compromised.

"This wasn't a smash and grab. It was a diamond heist," said Schmidt.

"It was an extremely sophisticated operation, most likely carried out by a team of between five to 15 people working around the clock."

The ANU breach came amid a spate cyber-attacks, including one against Australia's parliament and three largest political parties that Reuters reported was attributed to China by local intelligence.

China has denied responsibility for the attacks.

But Canberra is worried about cyber-attacks, particularly attempts on Australian universities.

Many Australian universities remain financial dependent on foreign students - they are worth about A$35 billion ($23.45 billion) a year to the Australian economy, with Chinese students accounting for about a third of that figure.

The ANU generated A$249 million ($167 million) from overseas students in 2017, about 20% of its revenue, the university's annual report shows.

Australia said in August it will now require local universities to work with security agencies to ensure they are adequately protected against undue attempts of interference.

The Northrop report said the attack on ANU begun with a spear phishing email on Nov. 9, 2018 to a senior staff member.

The attackers had intermittent access to university records for about three weeks, the report says, before being cut off in December.

© Reuters. Man holds laptop computer as cyber code is projected on him in this illustration picture

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.