Forgot your password?
typodupeerror
Australia China Security

Australian Intelligence HQ Blueprints Hacked 180

Posted by Unknown Lamer
from the found-the-exhaust-port dept.
SandmanWAIX writes "In an embarrassing revelation today it appears as though the blueprints to the new Australian federal intelligence agency ASIO headquarters have been stolen, reportedly by a cyber attack originating from China. Several other governmental departments have been reported as being breached also. The blueprints which have been compromised include the security system, comms network, floor plan and server locations of the new ASIO headquarters located in the Australian capital city, Canberra."
This discussion has been archived. No new comments can be posted.

Australian Intelligence HQ Blueprints Hacked

Comments Filter:
  • by Covalent (1001277) on Monday May 27, 2013 @09:17PM (#43836855)
    Until China starts to face real responses?
    • by Anonymous Coward on Monday May 27, 2013 @09:23PM (#43836877)

      When every other country stops doing the same?

    • by Etherwalk (681268)

      Until China starts to face real responses?

      Why do you think they are not facing them now?

    • Re: (Score:3, Insightful)

      by pokoteng (2729771)
      It may not come easy to hear this for Americans, but fact is, China's owned the world for quite some time; the far far vast majority of everything you own and will use and own etc, comes from China. Everything depends on them. They're the ones with the power, not the US with their supposed big guns. Attacking China will just destroy everything about US, or just about any other first world nation.

      They won't face any response at all. It just gets filtered out, like their firewall.
      • by WWJohnBrowningDo (2792397) on Monday May 27, 2013 @09:56PM (#43837015)

        How doe the fact that only 2.7% of US consumer spending [frbsf.org] is spent on Chinese goods fit into your little narrative?

        The average US consumer can't buy a "Made in China" home, nor a "Made in China" car, nor "Made in China" food, nor "Made in China" gas. As it turns out, housing, transportation, and food makes up the majority of a consumer's spending.

        • Actually there are 2 'Made in China' car dealerships near me here in Australia. They are called Great Wall and Chery.

          They looks quite good and cheap too.

          • Chinese manufacturers made up for less than 1% [fleetcare.com.au] of auto sales in Australia last year.

            I'm not denying you can buy Chinese cars overseas; my point was that the "average" consumer won't be driving a Made in China car in the West.

          • They're cheap for a reason.

            Have you seen those Russian car crash safety tests? The car is just one huge crumple zone.

            http://www.youtube.com/watch?v=g5SRyG6UR2A [youtube.com]

            By all means buy a Chinese car. Just don't expect to survive if you crash it at more than 30 km/h.

            • by Dr. Zim (21278)

              It's been my observation of chinese made scooters and small gasoline engine products is that their basic metallurgy is lacking. Just on the exterior, the chrome flakes and peels, leaving the base metal to rust inside a few months of ownership. Any parts that wear tend to go quickly due to soft/impure alloys. Good luck finding replacements on any of this stuff, short of buying a whole unit to use as a parts source.

        • It may not come easy to hear this for Americans, but fact is, China's owned the world for quite some time; the far far vast majority of everything you own and will use and own etc, comes from China. Everything depends on them. They're the ones with the power, not the US with their supposed big guns. Attacking China will just destroy everything about US, or just about any other first world nation.-

          How doe the fact that only 2.7% [frbsf.org]

          Because Glenn Beck said so in one of his monologues on Fox New?

        • by Nadaka (224565)

          Can't buy made in china "assault rifles" anymore either. Thanks George Bush(41) for 922R! Asshole.

      • It may not come easy to hear this for Americans . . .

        TFA is about alleged spying on Australia by China. OP to whom you were replying didn't mention his/her nationality.

    • by demachina (71715) on Monday May 27, 2013 @09:27PM (#43836893)

      U.S. and Britain have been doing it wholesale since at least World War II so that would set the bar to at least 70 years.

    • by c0lo (1497653) on Monday May 27, 2013 @09:33PM (#43836913)

      Until China starts to face real responses?

      Pray tell: what exactly real responses would you suggest?

      • by jonwil (467024)

        Maybe the answer is to say "stop carrying out cyber attacks on western nations, stop stealing western intellectual property etc or we will enforce sanctions against Chinese products"
        Plenty of other countries with low cost base for manufacturers to move to (countries that aren't stealing western IP and government/military secrets)

        • by c0lo (1497653) on Monday May 27, 2013 @11:22PM (#43837405)

          Maybe the answer is to say "stop carrying out cyber attacks on western nations, stop stealing western intellectual property etc or we will enforce sanctions against Chinese products" Plenty of other countries with low cost base for manufacturers to move to (countries that aren't stealing western IP and government/military secrets)

          Maybe the correct answer would be "Let's secure our shit". Highly likely to be a lot cheaper.

          Let's put the things in perspective:
          - the cost of ASIO's new building between 2007-2012: $631 mils [smh.com.au] (after 37% budget blow-out - and it's not completed yet).
          - the Australia-China bilateral trade value for a single FY (2011-2012): $121.1 billion [wikipedia.org], Australia's exports to China of over $60 billion.

          • by tlhIngan (30335)

            Maybe the correct answer would be "Let's secure our shit". Highly likely to be a lot cheaper.

            Or is it a great test of disinformation? Draw up a set of plans for new building that's not the set of plans you plan to use. Just put it on some non-classified network. Then go and design the real plans on the classified side. Then just pretend it's an awful event when the fake plans get leaked.

            Of course, the building plan is different. There'll be walls where there's supposed to be doors, dead ends where there's s

            • by c0lo (1497653) on Tuesday May 28, 2013 @12:11AM (#43837667)

              Maybe the correct answer would be "Let's secure our shit". Highly likely to be a lot cheaper.

              Or is it a great test of disinformation?

              It may well be so. However, the target of disinformation may be the Australian tax payer... it really strikes me as unusual that this comes a short time after the Ozzie spooks cried for more money [abc.net.au] and in the conditions of serious budget blowouts for the ASIO's new building.
              Maybe that's about another project budget overblow and this is an arranged cover-up? Nah, that's paranoia... the Ozzie spies are fairdinkum blokes and highly professional [abc.net.au].

    • by symbolset (646467) *

      It's likely China has operatives working for the architect firm that designed the thing, and the construction sub and materials suppliers as well. It's certain that the American CIA did, and Israeli Mossad and whatever the KGB are calling themselves now as well. Other countries have spies too: South Korea and Argentina might give it a go, not with direct agents but secondary contacts that gather info from workers using the pillowtalk method. Hacking in remotely is just providing a plausible excuse for kn

      • Fair point, however in this particular case it's unlikely to be US interests (eg, CIA) performing the intrusion. Given the Australian "relationship" with US security agencies, I wouldn't be surprised if we'd already volunteered all the conceivable data on the new ASIO HQ to the US, sent in triplicate. They probably use ASIO sensitive documents as scrap paper at CIA headquarters. There's little information AU doesn't willingly and happily hand over to the US (sadly)
        • by symbolset (646467) *

          "the intrusion" - as if this found one were the only one. That's funny. It's likely this leak of plans is a false flag. That's what I would do if the knowledge about the plans was known to be general of the major powers: everybody we know has the plans, so leak them publicly and paint the blame of the leak on somebody even though we've all drunk from that well.

          Yes, AU does share. The CIA and others still put their assets in to ensure what they're told is true. That's their job. They're quite seriou

        • by AmiMoJo (196126) *

          European nations and companies have been complaining for years that the US is spying on them for political and commercial. The EU even investigated it. The US spies on everyone all the time, friendly or otherwise.

    • by Swampash (1131503)

      Microsoft: 9 out of 10 Windows PCs in China are running pirated copies of Windows
      http://www.neowin.net/news/ballmer-9-out-of-10-copies-of-windows-in-china-is-pirated [neowin.net]

      Microsoft: 91% of the pirated versions of Windows in China are infected with malware
      http://www.computerworld.com/s/article/9234657/Microsoft_Most_PCs_running_pirated_Windows_in_China_have_security_issues [computerworld.com]

      Thus China is botnet heaven. Anyone out there running a zombie network is going to have a metric fuckton of Chinese clients. Thus, when the botn

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Real Responses?

      Fuck man, everyone bounced through China back in the day, they were like the default launching pad for most cyber attacks in my era.

      Why? Because *everyone* owned them.....

        From an old fart in Australia!

    • by X.25 (255792)

      Until China starts to face real responses?

      And what makes you think it's really China, in the first place?

      Because someone said so? :)

    • How long will idiotic governments and corporations put ultra-sensitive information on computers connected to a public network (Internet)? The only reason they do this is so lazy-ass and OCD PHBs can access this information with the least effort as possible. THIS is the problem, not a third party exploiting the blatant stupidity.
  • Is it the same agency that wants [abc.net.au] more money?
  • Which is the bigger threat:

    China spying on Austrailia now that it knows the floor plan of the intelligence agency?

    Or them using the blue prints to rebuild it in China [nbcnews.com]
  • by Anonymous Coward

    Anyone who says a "cyber attack" originates from China should be smacked in the head with an Ethernet cable. How would you know exactly where an attack originates?

    Oh, and anyone who says "cyber attack" should be shot.

  • Could be a decoy (Score:5, Insightful)

    by readingaccount (2909349) on Monday May 27, 2013 @10:04PM (#43837045)

    There's always the possibility the attackers found a "fake" blueprint under a lighter level of security, put there to make them think they found something worthwhile and back out to avoid further detection. Then you make it public (like it now has) and make the enemy believe something that's actually a complete ruse.

    Sure, it looks embarrassing for you, but one of the major elements of intelligence is counter-intelligence and misdirection. Let the enemy believe they now know something juicy, and they'll further base actions on incorrect intel.

    Just a thought. Of could be as simple as the Aussie Government completely fucking up by running a poorly patched Windows XP infected with a compromised USB. Some idiot on the article's comments section (tonyy) did suggest Linux would have been more secure. As if the Chinese wouldn't know how to write Linux malware and infect via social engineering if it were the predominant OS used on Government machines (which it will never be - Windows is just too well designed for corporate use on the desktop).

    • ... and to think i commented in this thread instead of moderating, only to find this. Mod parent up!
    • by Cimexus (1355033)

      The hacked system belonged to contractors/a construction company involved with the building, not a government system. Still highly embarrassing, but it wasn't an ASIO screw-up (this time, at least).

    • There's always the possibility the attackers found a "fake" blueprint under a lighter level of security, put there to make them think they found something worthwhile and back out to avoid further detection. Then you make it public (like it now has) and make the enemy believe something that's actually a complete ruse.

      It's equally as possible that China's blatant attack to ge the fake blueprints was a ruse for the real attack which acquired the actual blueprints.

    • Sure, it looks embarrassing for you, but one of the major elements of intelligence is counter-intelligence and misdirection. Let the enemy believe they now know something juicy, and they'll further base actions on incorrect intel.

      Only in bad spy novels or if the real life 'enemy' is stupid or incompetent. In real life, it's much harder as even moderately competent intelligence agencies are on the look out for being spoofed and seek to confirm intelligence from multiple sources.

  • At the risk of spilling top-secret intelligence procedures, I've heard about this thing called an "air gap" where, if you don't want anyone to be able to hack into a particular system, you don't plug it into the Internet. Seems like something they might want to consider.

    (Yes, I know Stuxnet was designed to penetrate air gaps. But it wasn't designed to send packages home, either.)

    • by AHuxley (892839)
      ASIO is like the security and counter-surveillance ~FBI wrt embassy staff in Australia, bad people/spies in the community.
      Australian Secret Intelligence Service (ASIS) is ~CIA
      Defence Signals Directorate is ~NSA
      The Defence Signals Directorate would know all about air gaps given its close working relationship with the NSA file structures.
      Australian Secret Intelligence Service would at least have some institutional knowledge of what the CIA can do with any network.
      ASIO is growing and in very public ways,
      • by sjwt (161428)

        FIB, CIA, NSA don't they all work for the MPAA and RIAA?

      • by countach (534280)

        Don't think you can compare ASIO to the FBI since ASIO never seem to investigate crimes. At least not publically.

  • by EmperorOfCanada (1332175) on Monday May 27, 2013 @10:30PM (#43837173)
    Networked computers are great. I work with them all day every day. But if I had something even a 1/1000th as secret (say an embarrassing video) I would keep it offline, encrypted, and in a physically secure location. My assumption from a security standpoint is that networked cyber security is 99.9% to keep the script kiddies out. Keeping out the determined evildoer take some serious and continuous effort; or you just make it a physical effort for the bad guys.

    Even the guys with the Rob Ford Crack video wouldn't let the reporter hold their phone.
    • Yeah, enjoy your sniper party. If you've got it encrypted heavily then just upload it via bittorrent for all the world to not see. That's the point of encryption. Once you've done that the offline copy in a physical safe is moot -- Only a risk to you if it's the only copy. Only you have the key to decode the video, right? Combine that with a deadman switch that releases the code unless you check in. Even better: Just delete the video and keep a small non-incriminating bit of it, to prove you still h

      • by lennier (44736)

        Combine that with a deadman switch that releases the code unless you check in.

        So, um. This deadman switch will presumably not be in your house, otherwise it will get turned off when the snipers turn up. So it's up in the Cloud somewhere?

        Which means you just uploaded the encryption key to your super-secret encrypted file to a server you don't control. And your ISP probably are mandated to keep packet logs of all your net traffic. So the government just talks to them, finds out the IP address of your remote server, talks to the hosting company, drops all the servers you host.. and the

    • That's great for you, and your embarrassing video that you want nobody but you to see. That's not the usual use-case for security though. It's usually the case that you want people to see it - often geographically separated people. Sometimes you want geographically separated people to be able to change it, and receive the changes others have made, in near real-time. The issue is, you want only certain, select people to have those privileges.

      So how would you adapt your under-the-mattress approach to such a u

  • just saying, if they were hacked then they would biuld a gigantic MEC using the same parts just reconfigured, breaking into a computer system and stealing files does not mean those files were hacked, the system was

  • I wonder if they are as idiotic as a lot of US intelligence agencies and still insist on using Windows everywhere. The PLA really should send Microsoft a nice fruit basket thanking them for all the easily-gathered intelligence that Microsoft's combination of shitty coding and massive lobbying efforts have enabled.
    • by AHuxley (892839)
      Shitty coding and massive lobbying efforts have enabled any US embassy to look at most countries state and federal police systems.
      The US goes to great efforts to train, fund and invite police officials from around the world with the gift of the latest tech and software.
      They go home with an aid deal, new insights and later enjoying the new US software.
      The real question is why was Australia, a country that has seen the USA/UK govs own the worlds communications systems is now so lax with its own internal n
  • by phantomfive (622387) on Monday May 27, 2013 @11:02PM (#43837321) Journal
    Back when most people on the internet were still computer literate, a report like this would explain how the attack happened, how it was discovered, and other interesting/important details.

    Now all we hear is a few buzzwords, a few propaganda works, and no more real information than what is in the headline. For all we know it never actually happened. Maybe they just found malware on a computer and overreacted.
    • by c0lo (1497653)

      Back when most people on the internet were still computer literate, a report like this would explain how the attack happened, how it was discovered, and other interesting/important details

      Ahh... those were the days when men were men and wrote their own drivers! :)

      • Ahh... those were the days when men were men and wrote their own drivers! :)

        Or when they at least gave a single interesting detail about a hack.....even in the late 90s they still did that.

  • You're not taking security seriously and you deserve to be embarrassed repeatedly until you do or fail so spectacularly that no one ever trusts you again with anything.

    Its a big issue in the US as well. Old government agencies and shotty IT.

    You're not paranoid enough. You're literally paid to be paranoid and you're not doing your job. Its disgusting. Wake up and realize if you don't assume worst case you'll always be playing catch up.

  • I think I've seen this episode of 24. Don't worry, the Australian Jack Bauer will keep everyone safe.

  • Any attack made by against ASIO headquarters would be a useless gesture, no matter what technical data they've obtained.

  • .. being as subtle as ever. An enormous building in the heart of the capital shaped like an A. There's probably a big sign on the front saying "Nothing to see here, move along".
  • since when did "hacked" mean "took a copy off" - come on if they had hacked the building plans they'd have added secret tunnels or something, at the very least installed the doors with the hinges on the outside

  • As a kid I used to wonder around the grounds and bildings of the Russell Offices [wikipedia.org] in Canberra and home of the Australian Department of Defence. Security in the 80's was a joke,I used to just wander in and out of buildings and around the grounds.. I was only quested once, and that was when I was about 13.. I sort of stopped going after that.

    Most of my floppy disks as a kid came from ones just thrown out the windows.. If i needed paper to scribble on, reams of old school data prints were just thrown out, half

  • I mean, really. If you got shit you don't want anyone to get into, you do NOT put the fucking stuff on a computer that has internet access. How many stupid ass people/corporations/governments are going to keep getting hacked? Lots. Mainly if your a government, you are 100% a target.

  • May 2013: blueprints to the new Australian federal intelligence agency ASIO headquarters have been stolen

    June 2013: a man in London plants a small tenant garden outside a flat in London. The peas and carrots are arranged in geometric shapes that depict the seating arrangement of the ASIO conference room. By the time this pattern is discovered in August, he will have disappeared.

    June 2013: Better Bathrooms magazine June issue contains an artist's rendition of "a functional yet stylish layout, corporate wash

  • The makings for a successful attack of this nature include the intrusion not being detected. If they know that the plans were stolen then measures can be taken to mitigate the situation. The most successful cyber espionage or any other kind of espionage operation is a clandestine one; if everyone knows that you know what they know there is significantly less advantage there.
    • by Cow007 (735705)
      The other thing that happens when an espionage operation is discovered is it gives the target of the operation information about the adversary's intelligence gathering capabilities and methodology, and leads to international backlash. So all to often it ends up a pyrrhic victory.

"Ahead warp factor 1" - Captain Kirk

Working...