Australia's central bank admits it was hacked

The Reserve Bank of Australia (RBA) said in a statement that it had "on occasion been the target of cyber attacks,” after the Australian Financial Review reported on hacking incidents stretching back to 2011. They originated, the paper said, in China, but the RBA has not commented on this aspect of the issue.

So far, the security defenses have held, RBA assured Australians. “The bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread cross the Bank's network or systems,” the RBA said in the statement. “At no point have these attacks caused the Bank's data or information to be lost or its systems to be corrupted."

Specifically, AFR’s investigation found that that some of the attacks involved emails relating to the 2011 G20 meetings. The AFR said RBA officials told the paper that the central bank had been infiltrated by a Chinese-developed cyber-espionage program that was “seeking intelligence on sensitive G20 negotiations.”

A defense department official said "the targeting of high-profile events, such as the G20, by state-sponsored adversaries ... is a real and persistent threat."

He added: "Cyber intruders are looking for information on ... the government's intentions."

In another attack, a “Strategic Planning FY2012" subject line was employed, leading to several members of staff opening emails and downloading an attachment which, of course, contained a malware application.

The bank's risk management unit told the South China Morning Post that the malicious email was highly targeted, utilizing a “possibly legitimate external account purporting to be a senior bank staff member.”

Richard Byfield, a former senior Australian defense official, told AFR that central banks and listed companies were cyber targets “because they hold so much confidential information that has the potential to move markets.”

Australia isn’t alone: in February the Federal Reserve of the United States confirmed that an internal site was briefly hacked on Super Bowl Sunday. A group claiming to be affiliated with hacker group Anonymous targeted a database belonging to The St. Louis Fed Emergency Communications System, containing information for 4,000+ US bank executive accounts. However, like the RBA, the US central bank was quick to assure the public that no information was compromised.

What’s hot on Infosecurity Magazine?