Baddies hacked us – but failed to steal data, RBA claims

SYDNEY – Australia’s banks and other financial institutions spent yesterday anxiously rechecking their IT systems for signs of hacking after the Reserve Bank of Australia admitted its system had been penetrated by agents using Chinese-developed spyware.

News of the RBA break-ins – which are said to have occurred in 2011 – was broken by The Australian Financial Review yesterday. The major attack appears to have occurred in November 2011, but it now appears the RBA had also been targeted in the lead up to a G20 summit in Cannes earlier that year.

The bank yesterday issued a brief statement confirming the attacks, but claimed it had not lost any data as a result of the attacks. The statement read, in full:

“As reported in today’s media, the bank has on occasion been the target of cyber attacks. The bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the bank’s network or systems.

“At no point have these attacks caused the bank’s data or information to be lost or its systems to be corrupted. The bank’s IT systems operate safely, securely and with a high degree of resilience.

“The bank takes cyber security and its potential consequences extremely seriously. As part of its extensive efforts to ensure that security arrangements are best practice, the bank routinely consults with the Defence Signals Directorate and draws on the expertise of specialist private firms. There is ongoing rigorous testing of the bank’s IT systems and regular training of staff.”

For all of that, the bank’s defences appear to have been penetrated on November 16 and 17, 2011, when six staff members reportedly clicked on an embedded hyperlink to what turned out to be a virus payload.

According to an internal report, “highly targeted malicious e-mails were sent to several bank staff, including senior management up to head of department”. The e-mail purported to come from RBA senior management, and bore a legitimate e-mail signature to successfully trick staff into downloading the malware via a hyperlink, which carried the title Strategic Planning FY2012.

Richard Byfield, a former Australian defence official who now runs IT-security company Datacom TSS, told the Financial Review central banks and listed companies were cyber targets “because they hold so much confidential information that has the potential to move markets”.

“We’re aware of sophisticated cyber incidents where the primary objective appears to be profiting from securing price-sensitive information” he said. “These include incidents where listed company CEOs are subject to intensive surveillance to gather intelligence on major deals, business strategy, financials, contracts and future plans.”