Suspicion for parliamentary hack must fall on China
20 Feb 2019|

Scott Morrison’s shock announcement in parliament that the three major political parties have had their computer systems hacked by a ‘sophisticated state actor’ will have impacts long after the federal election.

There’s a lot that we don’t know, including the identity of the attacker, although it’s likely that the agency with the lead role in ‘protecting Australia from cyber adversaries’, the Australian Signals Directorate, will be able to identify the perpetrator.

Here’s what we can say with certainty. This cyberattack comes hot on the heels of a widespread hack of the parliament’s IT system that is used by members and senators and their staff.

It is a sophisticated, sharply targeted operation that is clearly looking for political information rather than industrial intellectual property or financial information.

We also know that state-based cyberattacks on key Australian agencies, universities and businesses are increasing.

As ASIO’s 2017 annual report clearly stated: ‘The threat from espionage and foreign interference to Australian interests is extensive, unrelenting and increasingly sophisticated.’

We don’t yet know if the attackers were successful in exfiltrating information, but they have been able to get into the Liberal, Nationals and Labor computer networks, infecting those systems with computer codes, presumably to steal information and potentially corrupt data.

The major parties have large databases of information about voters based on the electoral roll and information gleaned through phone calls, doorknocking and other contacts.

These databases shape campaign plans down to individual households. Information on hundreds of thousands of people is ­recorded.

Political databases would offer intelligence-collection gems every bit as useful to cyber spies as, for example, the 500 million hotel registration records stolen from the Marriott hotel chain last year.

Beyond electoral data, political party IT systems will contain emails between senior officials and politicians, election plans, the files parties maintain about their opponents—all the things that intelligence agencies would want to collect from target countries.

Which country is responsible for this interference in our political system? Finding out is difficult, but there is no agency better placed to forensically identify the attacker than the ASD.

One can speculate about potential perpetrators by applying the well-tried indicators of suspicion in criminal investigation: which country has the means, motive and opportunity to commit the crime?

There are 193 member countries of the UN. Fewer than 10 would have the smarts and scale of cyber-intelligence capability to mount an attack as sophisticated as this. We can discount our allies, the US, Britain, New Zealand and Canada. The Five Eyes partners don’t spy on each other—they have no need to, ­because our political systems are largely open books to each other.

We know the Russians hacked the Democratic National Committee during the US presidential election in 2016. Russia’s broader intention seems to have been to weaken Hillary Clinton’s campaign and to favour that of Donald Trump.

Canberra has been a vocal critic of the Russian invasion of Crimea and of Moscow’s culpability in shooting down Malaysia Airlines flight MH17.

It’s just possible that Russian intelligence might be engaging in target practice, but the reality is that Russia doesn’t have any substantial stake in the outcome of the Australian election.

The attack is probably beyond the capabilities of the Iranians and North Koreans, nor again is there a motive.

China is the one country with the means and the motive to take on the risk of attacking Australia’s political parties.

We know Chinese intelligence services were responsible for attacks on parliament in the early 2000s, as well as on the Bureau of Meteorology and the Australian National University more recently.

Chinese intelligence tradecraft seeks out big-data holdings such as the Marriott booking records, and Beijing has a pressing interest in trying to halt the international contagion after Australia’s decision to block Chinese companies from the 5G mobile network.

More broadly, agents of the Chinese Communist Party have been seeking to suborn Australian political parties through donations and otherwise engaging in bullying tactics to shut opponents up.

This is the cyber equivalent of a smoking gun. Once the forensic work is done, the prime minister should make public the identity of the cyber attacker and then take steps to secure our political system against any further attempts by the Chinese Communist Party to influence it.

Bill Shorten’s reply to Morrison’s statement had an interesting sting in the tail, by suggesting that the national cyber coordinator role should be taken out of the Department of Home Affairs and report solely to the Australian Signals Directorate.

However it is organised, cybersecurity is a critical priority, including to protect the integrity of our voting systems at state and federal levels.

This attack is intolerable to a democracy and will surely have repercussions for relations with Beijing if, as I think is very likely, China’s Ministry of State Security is the cyber culprit.