FRESH AIR

Australia Parliamentary Hack: China or Iran?

Feb 26, 2019 | Oved Lobel

Iran Hackers

Less than a month ago, Australian National Cyber Security Adviser Alastair MacGibbon signed a Memorandum of Understanding (MoU) on cyber cooperation with the Israel National Cyber Directorate (INCD) in Tel Aviv, building on a previous MoU with Israel on cybersecurity signed by former Prime Minister Malcolm Turnbull in 2017. This was perfect timing, as Prime Minister Scott Morrison announced this week that a “sophisticated state actor” had hacked Australia’s parliamentary networks and all major political parties in a cybercoup mere months before federal elections. While Israel was bizarrely mooted as a potential culprit in certain reports, nearly all coverage and commentary obliquely or explicitly blamed China, given its history of aggressive cyberattacks against Australia and interest in Australian politics. Of course, China continues its consistent policy of denial. There was one country, however, that was missing from speculation in the news: Iran.

To their credit, Peter Jennings of the Australian Strategic Policy Institute and The Australian’s Greg Sheridan, among others, both at least mentioned Iran in their respective commentaries before downplaying the likelihood. Given the particulars of this case, it is natural that China should be the country under suspicion – but  it’s a mistake to rule out all speculation about Iranian responsibility based on either capability or intent.

As we’ve covered in-depth in previous articles, Iran is quite a sophisticated actor in cyberspace in its own right, and has specifically targeted Australia in the past, including most recently a hack of Navy shipbuilder Austal. What’s more, there are indications of cooperation between Chinese and Iranian intelligence, according to U.S. intelligence officials, with some suggesting a countervailing alliance in cyberspace made up of Russia, China and Iran opposing the “Five Eyes” – the intelligence alliance of the US, UK, Canada, Australia and New Zealand .

More importantly, on February 21, US cybersecurity firm Resecurity claimed that the hack of the Australian parliamentary system was in fact consistent with those conducted by Iran, specifically the Mabna Institute, as part of a global campaign against Five Eyes, and it was suggested that they’d simply tried to make it look as if China had carried it out. The Mabna institute, a front for Iran’s Islamic Revolutionary Guard Corps (IRGC), has previously been implicated in a massive hack of dozens of Australian universities, and it was cited specifically by former Prime Minister Malcolm Turnbull when he established the new national cyber security centre in 2018. Some Australian sources involved in the investigation, however, have dismissed Resecurity’s analysis regarding Mabna and say China remains the primary suspect, although Resecurity now says that the Australian Signals Directorate has confirmed its attribution of the attack to Iran.

Attribution is notoriously difficult to assign when it comes to sophisticated cyberattacks, and in this case  even more so than usual, as a rapid reaction was required to neutralise the hackers, resulting in the loss of forensic evidence. The hackers may even still be embedded in the system. All we know publicly is that the attack was apparently unique, “a ‘first-seen in terms of the tools and tradecraft used,” a source told The Australian. Five Eyes, as well as other Western intelligence sources, all told The Australian Financial Review that they’d never seen the likes of it, either. While these claims make the Mabna Institute – a known quantity – a less likely suspect, it’s still clear that Australia is going to need to pursue all available avenues to upgrade its capacities in order to counteract the malicious cyber-activities of this coalition of hostile and sophisticated state actors.

The MOU with Israel, a global leader in cyber-security, must be looking like a very good move in Canberra right now.

RELATED ARTICLES


French UNIFIL troops on patrol in southern Lebanon in April 2015 (image: Sebastian Castelier/ Shutterstock)

UNIFIL, the LAF and the myth of Lebanese sovereignty

Nov 13, 2024 | Featured, Fresh AIR
GbVvR9GWgAAfPGb (1)

“Backbone”? UNRWA delivers just 13% of the aid in Gaza

Nov 8, 2024 | Featured, Fresh AIR
The sentiment is clear on the streets of Kuala Lumpur (Image: Shutterstock)

Malaysia’s recalcitrant antisemitism

Nov 8, 2024 | Featured, Fresh AIR
Screenshot 2024 02 08 At 9.45.23 pm

Gaza polio clinic blast coverage a classic case of ABC bias

Nov 7, 2024 | Featured, Fresh AIR
Image: Shutterstock

The secret history of  UNIFIL’s relationship with Hezbollah

Nov 6, 2024 | Featured, Fresh AIR
Israeli Settlements Near Bethlehem

Report: Approvals for West Bank settlement expansion ‘stuck’

Nov 4, 2024 | Featured, Fresh AIR

RECENT POSTS

Image: Lev Radin/ Shutterstock

AIJAC deeply disappointed by Australian vote change on “woefully one-sided” UN Resolution

Rabbi Genende (3rd from left) with Christian and Muslim delegates at the Abrahamic Peace Working Group conference in Bandung, Indonesia

Faith, Unity and the Spirit of Abraham

Palestinian solidarity rally in Sydney (Image: Shutterstock)

Australia’s shameful government has acted shamefully yet again

Senator Simon Birmingham (Image: Facebook)

AIJAC congratulates Senator Simon Birmingham

A plane takes off from Beirut International Airport as smoke rises from airstrike on Beirut southern suburbs, amid ongoing war between Hezbollah and Israel (Image: Ali Chehade Farhat/ Shutterstock)

An opportunity for Lebanon, a blow for Hezbollah

Image: Lev Radin/ Shutterstock

AIJAC deeply disappointed by Australian vote change on “woefully one-sided” UN Resolution

Rabbi Genende (3rd from left) with Christian and Muslim delegates at the Abrahamic Peace Working Group conference in Bandung, Indonesia

Faith, Unity and the Spirit of Abraham

Palestinian solidarity rally in Sydney (Image: Shutterstock)

Australia’s shameful government has acted shamefully yet again

Senator Simon Birmingham (Image: Facebook)

AIJAC congratulates Senator Simon Birmingham

A plane takes off from Beirut International Airport as smoke rises from airstrike on Beirut southern suburbs, amid ongoing war between Hezbollah and Israel (Image: Ali Chehade Farhat/ Shutterstock)

An opportunity for Lebanon, a blow for Hezbollah

SORT BY TOPICS