March 11, 2013
Reserve Bank Of Australia Announces It Was Hacked Twice In 2011
Michael Harper for redOrbit.com — Your Universe Online
The Australian news network is reporting today that the Reserve Bank of Australia (RBA) has twice now been hacked as a result of “highly sophisticated online raids.” The first of these attacks occurred in 2011 leading up to the G20 summit being held that year in Cannes, France.
The RBA was then the victim of a targeted email attack in November of the same year. The RBA has released a statement confirming that they had been attacked, but claimed that their systems are now clean and no information had been compromised.
“As reported in today's media, the Bank has on occasion been the target of cyber attacks,” reads the statement by the RBA. “The Bank has comprehensive security arrangements in place which have isolated these attacks and ensured that viruses have not been spread across the Bank's network or systems. At no point have these attacks caused the Bank's data or information to be lost or its systems to be corrupted. The Bank's IT systems operate safely, securely and with a high degree of resilience.”
Last month, American security firm Mandiant released a report which found that a large number of cyber attacks originate in China. Though many have been looking to finger China as the source of these 2011 attacks, the RBA could not confirm that Chinese malware had been used during the G20 incident.
China has repeatedly denied any claims of cyberattacks and has even returned fire, saying a majority of the attacks they suffer come from the US.
The Australian points to documents posted on the RBA Website last year which claimed that as many as six computers had fallen prey to the email attacks in November 2011. These emails looked as if they had been sent from a senior member on the RBA´s staff and contained a link to a Website which was contaminated by malware.
"The email managed to bypass the existing security controls in place for malicious emails by being well written, targeted to specific bank staff and utilized an embedded hyperlink to the virus payload," read the December report, according to the Australian. The malware in the emails was able to circumvent the RBA´s security systems, but according to the bank, it was not able to review their policies and beef up their protection against further attacks.
“The Bank takes cyber security and its potential consequences extremely seriously,” concluded today´s statement from the RBA. “As part of its extensive efforts to ensure that security arrangements are best practice, the Bank routinely consults with the Defence Signals Directorate and draws on the expertise of specialist private firms. There is ongoing rigorous testing of the Bank's IT systems and regular training of staff.”