Espionage or interference? The attack on Australia’s parliament and political parties
21 Feb 2019| and

It doesn’t get much bigger than attacking the home of democracy—parliament house—and a country’s major political parties only months out from a federal election.

In his statement on these attacks, Prime Minister Scott Morrison said there was no evidence of ‘electoral interference’. But elections aside, there is a much broader question here about what these attacks might mean.

By being caught with its hands squarely in the cookie jar, this ‘sophisticated state actor’ guaranteed that its actions would garner global media attention. It has also, likely unintentionally, placed itself smack in the middle of an ongoing public debate about ‘foreign interference’ in Australia.

Let’s cut to the chase: Chinese state intelligence was probably involved in the breach. This was a sophisticated attack that used a suite of new malware and techniques that—at the time—weren’t detected by almost all malware-detection software. Building a new toolset of this type takes considerable time and effort, and although Russia, North Korea, Iran and Israel undoubtedly have the capability, Australia is simply not a high enough priority for those countries to expend their finite cyber espionage resources on this kind of advanced attack. The Chinese state, however, has the motive, the capability and an extensive track record.

But we will only know who is responsible for the attacks if the government chooses to tell us, and that’s where things get tricky.

The Australian government has been reluctant to ‘name and shame’ states engaged in cyber operations—what is known as ‘attribution’. It has formally blamed Russia several times for malicious cyber behaviour that hasn’t involved obvious Australian interests, but has named China only once. In that December 2018 attribution, which occurred after Chinese hacking in Australia that affected industry, universities and think tanks, the government focused on the theft of intellectual property for commercial gain and was drawing a distinction between ‘acceptable’ intelligence that seeks to uncover government or military secrets and ‘unacceptable’ intelligence for commercial advantage.

It is also notable that this formal attribution was conducted collectively with many other affected countries. Safety in numbers matters when China’s approach to international engagement is taking an increasingly coercive and vengeful tone. And let’s face it, while it may not be effective in dissuading further attacks, remaining silent is often the more palatable option from a political and diplomatic perspective.

So the first prerequisite for the Australian government to formally name the attacker would be for its purpose to have been ‘unacceptable’ espionage. In parliament and political parties there wouldn’t be much commercially valuable intellectual property at stake, but perhaps this attack could be a form of foreign interference?

It’s clear that this act of cyber espionage isn’t, in and of itself, an act of foreign interference. Intelligence, at least in Western countries, is typically used to gain insights and to inform our government positions and plans. From this perspective, the highest priority targets would be government departments and ministers, but it’s not hard to imagine how information about the powerbrokers and personalities of parliament could be used to refine and hone a foreign government’s posture and diplomatic approach.

Another possibility that doesn’t involve foreign interference is that the hacker was after our political parties’ campaign databases. There is already good evidence that Chinese state intelligence is hoovering up large datasets to enhance its intelligence-gathering and counter-intelligence efforts. If Chinese state intelligence was behind this attack, it’s possible that these comprehensive campaign databases could be a useful addition to the data they have already collected.

It is worrying, however, that the Liberal, Labor and National parties were targeted. The more that intelligence-gathering extends beyond government and parliament, the less likely it is that any intelligence gained will provide any insight into official government positions, and the more useful it would be for interference activities.

One way this espionage could be used for foreign interference is—as seen in the 2016 US presidential election—through the release of stolen campaign emails to damage a particular party or candidate and sway public opinion. But this tactic is now embedded in the public consciousness and our political parties and media could well respond in a way that is detrimental to the attacker.

But a far subtler, more covert, and much more difficult to detect form of foreign interference could be the use of the stolen information to identify politicians and staffers who may be susceptible to influence, enable future relationships with them and find points of leverage that might convince, cajole or coerce them into a supportive position. An in-depth understanding of our political parties and the machinations of parliament—the exact targets of this hack—would be far more helpful in enabling this kind of interference than it would be in illuminating our official decision-making processes.

Forensic investigation of these breaches is difficult and time-consuming, and the attacker took active steps to hide its tracks. The investigation is in its early stages, and the culprit may never be officially identified, but knowing what was stolen will be key to formulating a response and preparing for any interference that may occur in the future.

This attack may never be classified as electoral interference, but the very public statements made by Morrison in parliament—the scene of the crime—make it unlikely that it will be brushed under the carpet. While the short-term focus is on securing the systems in parliament and our political parties, we also need to face the far more difficult, long-term task of protecting our political systems and democracy from undue influence.