Australia has been gripped by a series of cyber-attacks. As the accusations fly in light of the most recent breach, there is one blindingly obvious thing missing from the blame game - evidence.
First Published 25th February 2019
Australia's new National Centre for Cyber Security.
4 min read | Reflare Research Team
This week saw reports that Australian political parties had been hacked by a state actor hit the news. While state-sponsored hacks on political parties have at this point become common enough to lead to relative fatigue among our readership, this case nonetheless acts as a case study for an important component of cyber-warfare: The exploitation of unclear situations for political positioning.
What are the hard facts?
According to Prime Minister Scott Morrison, “Australia's main political parties and parliament were hit by a malicious intrusion on their computer networks”. This isn’t much to go on since little hard information has been made available.
Police and forensic teams doubtlessly have access to more solid details such as logs, disk images and traffic captures. But still, as we have repeatedly pointed out, the anonymous nature of the internet makes it exceedingly hard to find reliable evidence to prove the identity of an attacker.
What is made of it?
This lack of hard proof leads to several interesting outcomes. For one, it encourages more and more state actors to develop cyber capabilities. For another, the affected party (and occasionally others) will allocate blame to best fit the current political climate.
As such, Australian sources stand firm in their statements that the attacks were likely conducted by China. This is not an unreasonable assumption, but also not a proven fact. At the same time, US media is giving significant coverage to claims by Resecurity president Charles Yoo that Iran is behind the attacks. China in the meantime has thus far remained silent on the matter altogether.
The anonymous and virtually unprovable nature of cyber attacks allows each participant to frame the incident in a way that allows them to minimise or deflect damage done.
Summary
Very few attackers behind cyberattacks are ever identified with the certainty that would be required for legal proceedings. This is especially true for state-sponsored attacks which are by and large very sophisticated. Therefore, it can be beneficial to be careful when reading news coverage about such incidents and clearly separate what has been proven and what is assumed.