THE number of serious cyber attacks investigated by Canberra’s defence spy agency doubled last year, new figures show, as security experts warn of dangerous complacency in the Australian community about data protection.
Cyber specialists say many people and businesses take a lax approach to security because they do not think their secrets are worthy of the interest of hackers. But they ignore the danger of ”big data” mining, in which criminals and foreign intelligence agencies vacuum up massive amounts of seemingly innocent, disparate data and weave it together into information that can be exploited, they say.
Former minister for Defence, John Faulkner at the opening of Defence’s new Cyber Security Operations Centre in Canberra.
The number of ”cyber incidents” against government and big business networks reported to the federal government’s Cyber Security Operations Centre rose from 1260 in 2011 to 1790 last year – a jump of 42 per cent.
Those deemed serious enough for the CSOC – part of the top-secret Defence Signals Directorate – to carry out investigations more than doubled, from 310 in 2011 to 685 last year.
A spokesman for the Defence Department declined to go into detail about the attacks as it could ”jeopardise ongoing investigations … and the ability to protect information and networks”.
A separate government agency, the Computer Emergency Response Team, or CERT, logged 7300 attacks against the private sector last year. Many were routine, a spokesman said, but many were ”more serious incidents … such as sophisticated and targeted attacks”.
Common types of hacking were ”denial of service” attacks in which a company’s system is crashed, or ”ransomware” in which attackers encrypt a company’s data and demand money to release it. Eastern European gangs have recently carried out a spate of such attacks on businesses ranging from banks to panel beaters.
The new figures follow the announcement 10 days ago by Prime Minister Julia Gillard that cybersecurity would be among the government’s top national security priorities. It will set up a new Australian Cyber Security Centre, bringing together the major intelligence and law enforcement agencies.
This week, The New York Times said its systems had been infiltrated by Chinese hackers – with possible ties to the Chinese military – after the paper revealed that Premier Wen Jiabao’s family had a personal fortune of $2.7 billion.
Brett Biddington, a cyber security expert from Edith Cowan University and a former RAAF officer, said growing reliance on the internet meant vulnerability was increasing, yet most people weren’t taking the danger seriously.
”We haven’t figured out yet that we sit in front of a computer terminal, we are not in a private domain,” he said. ”The minute you touch the keyboard you are in a public space and that penny hasn’t dropped across our society as it needs to.”
In particular, information aggregation was giving cyber criminals and foreign agencies potent new weapons. ASIO boss David Irvine warned in a speech last year that people should not ”take comfort” thinking their personal data was harmless.
Alastair MacGibbon, a former Australian Federal Police officer now with Canberra University’s Centre for Internet Safety, said so much personal data had been stolen in recent years that its value on black markets had fallen. Now criminals were crunching it into more valuable packages, so instead of just stealing money from one person, they could use all of their personal information to create a false bank account which could then be used for bigger crimes.
”Take as much as you can because you never know when it’s going to be useful – you can aggregate it and start building up a profile. Crooks do it. Governments do it,” he said.