More explanation needed on Australias naming and shaming of cyber attackers

The average Australian would be rightly confused about Australia’s policy in calling out countries behind malicious cyber attacks.

Australia on Monday night joined with allies all around the world - including the United States, United Kingdom, European Union, Canada, Japan and New Zealand - in publicly naming China’s Ministry of State Security as being behind a wave of hackings on Microsoft Exchange software.

The Australian government has joined other countries in naming China’s Ministry of State as the agent behind a wave of cyber attacks.Credit:Bloomberg

It was an unprecedented public showing in response to an unprecedented level of aggression in the cyber world. Not only did China carry out attacks itself, but it also recruited contract hackers who then allegedly engaged in criminal activity including ransomware attacks.

In less than a decade, China has gone from using low-level “phishing” attacks to possessing highly sophisticated offensive cyber capabilities.

The Australian government has not explicitly said why it named China in this instance but not on previous occasions.

When asked about this at a press conference on Tuesday morning Home Affairs Minister Karen Andrews said the government’s level of confidence has to be “very high” for it to name a state actor.

But our confidence has been very high in the past.

The head of the Australian Security and Intelligence Organisation, Mike Burgess, earlier this year said he knew which country was behind a major hack of the Australian National University in 2019, “but I would not say so publicly”.

Multiple senior sources within the government, who are not authorised to speak publicly, have confirmed that the government has a high degree of confidence that China was behind the hack on ANU. But it was never said so publicly.

So a high level of confidence is clearly not the only test.

Andrews on Tuesday suggested there was another threshold when she said it had to be in “our national interest to do so”. But, again, she did not elaborate.

Australians should know when it is in our national interest to attribute cyber attacks and when it is not.

It is a fair bet that one of the reasons it was in our national interest to call out China this time was because we are less likely to feel the wrath of any Chinese response given the sheer number of countries which joined in the attribution. Beijing cannot single out Canberra in any retaliation.

There is also an argument that China crossed a new line by engaging contractors who then apparently engaged in serious criminal conduct. Beijing has long used its cyber capabilities for means that go beyond traditional espionage by stealing commercial intellectual property to further its technology goals. But in this case, as US Secretary of State Antony Blinken said, China “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”.

For such a big announcement, Andrews took surprisingly few questions. Australian Cyber Security Centre head Abigail Bradshaw and Australian Signals Directorate boss Rachel Noble, who could have provided additional insight, did not address the public on Tuesday.

Without a public explanation, the obvious conclusion is this: the government determined it was in our national interest to call China out on this occasion because we were backed up by some of the world’s most powerful countries.

None of this is to suggest that it will change China’s behaviour. But it’s worth a try.

Anthony is foreign affairs and national security correspondent for The Sydney Morning Herald and The Age.

Share this post