A US report details China’s involvement in cyber-attacks on US companies and institutions, but experts say little is known about US attacks on China and that Australia too is at risk of Chinese cyber espionage.
A report from a US cyber security firm has made direct accusations over systemic cyber-attacks on US government and corporate sites coming from a builidng used by the Chinese army in Shanghai, and experts tell SBS Australia should prepare for similar attacks.
“Australia is not next, Australia is now and that the Chinese have the resources to target whomever they want,” says Alastair MacGibbon, director for the Centre for Internet Safety at the University of Canberra.
“It would be logical to suggest [the US] are engaging on electronic surveillance on China, but not for economic intelligence, more strategic intelligence,” he said.
John Blaxland from the Australian National University's Strategic and Defence Studies Centre says that although Australia is a secondary target in economic espionage, it is a recipient of US intellectual property and could be seen as a “back-door” to the US.
“This is why cyber security is one of the top three priorities on the national security strategy,” he said.
“That is no accident.”
“[Chinese cyber-attacks are] industrial-scale cyber espionage. It's pretty unprecedented and it's raised the bar and put the wind up everybody else, especially the first world repositories of intellectual property.”
He says that Australia generates IP that could be desirable to others.
“We do a lot of clever stuff [in Australia]: CSIRO, DSTO, university research centres; there is a lot of really ingenious creativity taking place in Australia and people want to get their hands on that.”
Mr MacGibbon says that many small companies don't realise the potential strategic value of their products, like agricultural innovations.
“Many people ask why would they [cyber-spies] be interested in my company, I'm just making a new strain of wheat. Well, there a pretty logical answer to that and of course China is interested.”
The Mandiant report claims to expose “one of the most persistent of China's cyber threat actors” coming from a People's Liberation Army Unit 61398, a drab building in Datong Road, Shanghai.
“We believe that [Chinese hacking group] APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support,” the report said.
But little is said or known about the rate of US attacks on Chinese sites.
Dr Tobias Feakin, head of national security at Australian Strategic Policy Institute, says the Chinese need to release any detail they have on cyber-attacks they sustain, just like the report published in the New York Times.
“No one is in any doubt that the US is doing not too dissimilar [attacks] to Chinese systems, but the Chinese don't seem to reveal that on any real detail," Dr Feakin said.
“What the Chinese tend to do is general reporting on attacks, not like the specific attacks outlined in the New York Times.”
He also said that Australian corporations are slowly becoming aware of how exposed they might be.
“There's a waking up period going on in Australia. Australian companies are being educated in their exposure to back-door hacking,” Dr Feakin said.