Last week’s announcement of the Australian National University breach – “China ‘behind’ huge ANU hack amid fears government employees could be compromised” – was significant in that it named China as the key suspect and that they had access to the ANU data for at least five months.
Typical of the reporting of such breaches was the focus on the potential use of personal details – such as contact information, tax file numbers, bank account numbers, passport details and academic records.
The more significant aspect was what was not stated.
As one intelligence official said: “China probably knows more about the ANU’s computer system than the ANU does.”
In this context, it would be naïve to the think that the attackers had not gained access to sensitive research papers as well as commercial relationship matters and government interaction material.
As with many of the nation-state attacks we have seen, any such announcements and the following media coverage are focused on the personal privacy breaches – because there are penalties for such breaches.
But we rarely see references to the widespread theft of corporate information such as business strategy, board papers, patent applications and a host of other sensitive material that such sustained attacks also target.
I referenced the impact for corporate, and government, in my earlier posting “The New China Syndrome: The CEO’s Nightmare” and why industrial scale espionage is deadly serious.
Wake up Australia!