RBA hack and the cyber cloak and dagger

The attacks on the RBA are nothing out of the ordinary and further highlights why it's business as usual for all the actors in the cyber-crime caper.

The Reserve Bank of Australia (RBA) under cyber-attack and venerable media companies infiltrated by faceless operatives; it would seem the Chinese have let loose a legion of hackers, all primed to pilfer our precious secrets.  

The narrative makes for some wonderful cloak and dagger imagery and a healthy dose of paranoia, but is there a risk of losing perspective on the matter?

There is no doubt that China is a significant actor in the global cyber warfare landscape but it’s hardly the only party with blood in its hands. The gnashing of teeth that has accompanied the RBA hack story seems perplexing, especially when there is no evidence of data loss and there is nothing concrete to indicate that the hackers were doing the bidding of their superiors at Beijing.  

As far as the security industry is concerned, this is as routine as it gets.

For the record, and the incident report has been on the RBA’s website for a couple of months, the attack occurred in 2011 and as it clarified yesterday at no point was RBA’s data or information lost or its systems corrupted. Interestingly, the RBA report also highlights that the attack was not exactly sophisticated.

Here’s what the RBA report says:

"A targeted malicious email was sent to several Bank staff, including senior management up to Head of Department. The email was purported to be from [REDACTED] regarding 'Strategic Planning FY2012'. The malicious payload was an Internet URL link to a zip file containing a trojan which, at the time, was not detectable by the Bank's Anti-Virus scanners. The six users that clicked on the link had their PCs isolated until such time [as] the AV vendors could deploy updated virus definitions. By close of business, the definitions were updated and overnight [sic] virus scans were scheduled. Of note, all of the affected PCs did not have local administrator rights. This prevented the virus from spreading.

"Malicious email was highly targeted, utilising a possibly legitimate external account [REDACTED]. It included a legitimate email signature and plausible subject title and content."

Sounds familiar, it should because targeted spear-phishing attacks like the one launched at the RBA in 2011 are pretty par for the course.

Thanks to a recent report by US-based security vendor Mandiant, China’s cyber ambitions have been brought into focus, but let’s not kid ourselves into believing that they are the only ones indulging in this practice.

It’s also useful to recognise that while we tend to approach cybercrime as one homogenous industry, it is actually a multi-layered business, with multiple layers of activity.

According to security vendor AVG’s advisor Michael McKinnon, lumping everything under the term ‘cyber’ isn’t helpful.

“You have organised crime groups, individuals doing odd thing, state sponsored actors carrying out espionage and you might have corporate-sponsored espionage attacks,” McKinnon says.

“So we have a whole raft of stuff going on here and when people talk about China they are looking at that state-sponsored threat angle.”

McKinnon is right about the complexity and the fact that the current focus on China points to a much bigger story about the dynamics of global power and the definition of national security. The American NSA and our very own Defence Signals Directorate (DSD) routinely engage measures, which are ostensibly designed to secure our national interest. I would like to believe that industrial espionage doesn’t fall within those measures. As for the Chinese, they obviously have fewer qualms about espionage despite the protestations of Chinese diplomats.

The RBA’s revelations have given way today to the latest round of sabre-rattling between the White House and China, with Obama’s national security adviser Tom Donilon saying that Beijing needs to rein in its legion or risk severe consequences.

Donilon’s robust words are unlikely to send the Chinese into a tizz and it’s equally unlikely that they appreciate the US taking the moral high ground on this. However, it is getting harder for them to altogether ignore the concerns.

Ideally, one hopes that a more mature approach could evolve out of the current climate of mistrust. At some point the Chinese government will have to distance itself from high-profile attacks, and at least make some display of cracking down on hackers. It will have to do so simply because it will be in its best interest. Meanwhile, security vendors can continue to make the most of the paranoia.