"HACKED!" - Monday 27 May 2013

While debate rages over Australia's border security, there's growing evidence that the greatest threat to Australia's national security potentially comes from foreign computer hackers. Few in government or business will admit the full extent of the break-ins, with one expert calling it a "dirty little secret".

Next on Four Corners reporter Andrew Fowler reveals that hackers, working from locations overseas, have targeted key Federal Government departments and major corporations in Australia. Their intention is to steal national security secrets and vital business information.

In one case, an Australian company that supplies secret communications equipment used by military across the globe had its computer network hacked. It appears the hackers accessed the system holding vital design information involving a military radio system. The break-in meant secure communications used by Australia's allies could be compromised.

Speaking with security specialists and insiders, Four Corners also details a number of specific high level break-ins involving Government departments. In each case it explains how the security system might have been breached.

A deafening silence surrounds this issue. Companies won't speak about the break-ins because they fear it will alarm clients and shareholders. Governments refuse to speak up because inevitably they will be asked, who is doing this? The answer is uncomfortable.

A number of people, including former government advisors in cyber security, claim the digital trail leads to China. Although it's unclear if the hackers are working for the Chinese Government, those same experts believe that any company doing significant business in China must assume it will be the target of corporate espionage.

HACKED!, reported by Andrew Fowler and presented by Kerry O'Brien, goes to air on Monday 27th May at 8.30pm on ABC1. The program is repeated on Tuesday 28th May at 11.35pm. It can also be seen on ABC News 24 on Saturday at 8.00pm, ABC iview or at abc.net.au/4corners.

Transcript

'HACKED' Monday 27 May 2013

KERRY O'BRIEN, PRESENTER: Cyber thieves have infiltrated Australia's most sensitive government departments.

MARK DREYFUS, ATTORNEY-GENERAL: There's a great deal of intelligence material that we don't comment on.

KERRY O'BRIEN: Industry too, has been hit.

DONALD MCGURK, CEO, CODAN LTD: It's difficult because it's probably a matter of national security.

KERRY O'BRIEN: And the likely culprit isn't hard to find.

RICHARD BEJTLICH, CHIEF SECURITY OFFICER, MANDIANT: It is standard operating practice for them to break into the network of the counter party, learn everything that they can, and then use that to improve their own competitive stance.

KERRY O'BRIEN: In the cyber age it seems spying knows no bounds, welcome to Four Corners. This is a story not often told in detail because the details are invariably hard to pin down and to prove, partly because national security is involved, and partly to avoid embarrassment. But if I said to you that the departments of Prime Minister and Cabinet, Foreign Affairs, and Defence had all been breached by cyber spies, with China the chief suspect, you might understand why there is a cone of silence. But that's not all. We believe a serious breach has also occurred at Australia's chief spy agency charged with national security, ASIO. This is an agency that occasionally goes public to warn every other potential target of cyber spying from Government departments to big corporations, and other sensitive businesses to keep their security tight. Now we know it speaks from experience.

In February this year, an American cyber security firm called Mandiant, released a report directly implicating China in cyber espionage, hacking into American government and corporate websites. Earlier this month a US pentagon report for the first time accused the Chinese government and military of cyber spying. Some might say that's the pot calling the kettle black. Here in Australia hundreds of cyber incidents against Government systems are recorded each year, but when reporter Andrew Fowler began to investigate he met a wall of secrecy and subterfuge. Here's his report.

ANDREW FOWLER, REPORTER: Two ASIO officers leaving Canberra on a secret mission to break some bad news. What ASIO's discovered will have far reaching consequences for both Australia and its allies. Such is the sensitivity of the information it can only be delivered by a face to face meeting. It seems that Chinese hackers, notorious for waging a virtual cyber war stealing secrets and spying have hit the bulls-eye. And even that's secret.

ALASTAIR MACGIBBON, DIRECTOR, CENTRE FOR INTERNET SAFETY: The question is how many successful events they've been? Most people who work in this space know of many ah but they won't tell you what they are because they can't divulge their sources.

ANDREW FOWLER: It's a secret war where the body count is climbing daily.

ANDREW JOHNSTONE-BURT, PUBLIC SECTOR LEADER, DELOITTE AUSTRALIA: There's been some 50 to 60 per cent increase in intrusions or cyber attacks in the last twelve months.

JOHN BLACKBURN, NATIONAL SECURITY CONSULTANT: Our big threat is that we're at cyber war or conflict now and it's continuous.

ANDREW FOWLER: There are those who want to fight back.

DMITRI ALPEROVITCH, CHIEF TECHNOLOGY OFFICER, CROWDSTRIKE: We need to send a clear signal to them that this is unacceptable behaviour. This is theft. Ah, this is, ah, piracy in cyberspace if you will and we as in the Western world will not stand for it.

ANDREW FOWLER: Adelaide is best known for its wine, food and churches but it's also a thriving hub of defence industries, and that's where the ASIO officers are heading. It's here one of Australia's great business success stories has been having trouble. Looks can be deceptive. Codan is a multinational electronics company with offices in the US and the UK. But two years ago business took a dive. Chief Executive Officer Donald McGurk and his team were baffled. What McGurk couldn't work out was why sales of one of the company's biggest sellers their Minelab metal detectors had gone off the boil. He's understandably proud of the product.

DONALD MCGURK: The metal detectors are made to order again, they're made to specific project requirements. And so you can see here again it's a pretty complex product, it's developed and designed by engineers here in Australia.

ANDREW FOWLER: But it seems others overseas liked the Australian design so much they copied it, using reverse engineering to make inferior versions that sold at a fraction of the price. To add insult to financial injury the control boxes of the copies were marked 'Made in Australia' and labelled with a fake Minelab logo. But in fact they'd been made in China. Codan was a victim of industrial espionage.

DONALD MCGURK: It's not it's not until these products ah came back to the service centres because they weren't operating correctly and ah and some of our dealers ah opened them up and said something's not right here. These circuits are not the circuits that we've come to expect.

ANDREW FOWLER: There was something else he didn't expect. ASIO arrived on his doorstep to tell him something he was completely unaware of. The company's computer system had been hacked.

ANDREW FOWLER: We've been told that your company has had problems of hackers possibly from China, can you tell me about it?

DONALD MCGURK: That's an area that's difficult for me to ah talk to you about on camera, it's fair to say that in recent times, we've taken steps to secure our ah computer systems, we're putting in multiple firewalls and you can draw whatever conclusion you would like from that but we've certainly had to take a much more serious approach to the approach that we had taken some time ago.

ANDREW FOWLER: Codan had a lot to protect, much more than its metal detectors. One of its best sellers is a portable field radio that can transmit encrypted messages great distances. They've sold thousands of them to the Australian, British and US military.

ANDREW FOWLER: So how secure are they, these radios?

DONALD MCGURK: These radios usually have frequency hopping and encryption. So again our government supply export permits for these radios to be exported. So they're done in full consultation, consultation with our Government and ah...

ANDREW FOWLER: It's a sensitive subject.

ANDREW FOWLER: So these are in fact, radios that are used by military and intelligence organisations as well?

DONALD MCGURK: Not as much intelligence organisation. These radios are classed as what you would call a tier two type product. So they're used mainly for non tactical operations like border protection and counter narcotics control.

ANDREW FOWLER: Right, but you do actually sell a version of that, that does that kind of work.

DONALD MCGURK: We do. Absolutely.

ANDREW FOWLER: The high tech radios, and Codan's other military products, have made the company a target. The ASIO investigation revealed that when a Codan executive visiting China logged in to the Wi-Fi at his hotel, the Chinese struck. They inserted malware onto the work laptop. From there it infected Codan's Australian computer system. Intelligence sources believe it was this malware which contained a piece of computer code designed to target files on the Codan system.

JOHN BLACKBURN: This comes back to where the problem is in cyber security in Australia. You can protect the crown jewels but if the case that's surrounding the crown jewels is made of glass it's a little bit fragile, then you've got a bit of a problem here.

ALASTAIR MACGIBBON: There but for the grace of God goes every other defence contractor or more than likely, there goes every other defence contractor so if anyone who's looking at what happened to Codan saying it shouldn't have happened to them um the reality is it probably has or it will.

ANDREW FOWLER: Do you believe now that the Company is secure?

DONALD MCGURK: Look I think it's hard to ever believe you're secure, I think um people that have the will to come and do these kind of attacks on security systems are ah gonna find ways to try and outwit you and find ways to try and get round some of the measures you've put in place.

ANDREW FOWLER: Why is it difficult to explain what's happened to your company?

DONALD MCGURK: It's difficult because it's probably a matter of national security and it's something that I'm probably not at liberty to discuss on camera.

(Montage from various news reports)

REPORTER I: It's estimated that computer hackers number in the tens of thousands...

REPORTER II: Computer giant Apple was under attack from hackers on Tuesday...

REPORTER III: The hackers say they have the personal financial details...

REPORTER IV: People who use Internet Explorer have been warned of a major cyber attack...

ANDREW FOWLER: While there's been no shortage of media coverage of increasing cyber attacks, few from government or industry are prepared to speak out. Gary Waters is a former RAAF Air Commodore now advising government and industry on cyber security.

DR GARY WATERS, STRATEGIC CONSULTANT: It's a loathing to actually stand there in public and talk about some of the vulnerabilities we have, now, it's sensitive because if you start to identify vulnerabilities, then ah that sophisticated ah hackers could get to, then all of a sudden less sophisticated ones can start to find those vulnerabilities and weaknesses if you like...

ANDREW FOWLER: But if you don't talk about the vulnerabilities then...

DR GARY WATERS, STRATEGIC CONSULTANT: Then you can't talk about the solutions.

ANDREW FOWLER: The Australian Government and its intelligence agencies are facing off against a new, unseen enemy. It's a battle largely being fought out behind a veil of secrecy, a secret war which has already cost Australia billions of dollars.

ANDREW FOWLER: So this is Canberra, what makes it so unusual in the cyber world?

ALASTAIR MACGIBBON: Well I think it's fair to say that some of our allies are more open in talking about cyber matters than Australia is.

ANDREW FOWLER: Alastair MacGibbon is a government cyber security advisor. He's a rare breed arguing for more transparency, but it's an uphill battle. MacGibbon was a senior officer in the Australian Federal Police and established its high tech crime centre.

ALASTAIR MACGIBBON: It would be churlish to deny that there have been probably many other breaches of government agencies but we don't have a culture in this country of talking about it, ah...

ANDREW FOWLER: Which are? What are the government agencies that have been hit?

ALASTAIR MACGIBBON: Well again this is the dilemma. Ah I'm not gonna be the first to tell you ah, who they are.

(Re-enactment of meeting with informant)

ANDREW FOWLER: But there was someone who was prepared to tell us the targets of these attacks. Our search led us to meetings involving very much the techniques of old world espionage. An intermediary promised we would meet a highly placed insider who had intimate knowledge of sustained major hacks on Australian government agencies. We were given his name and a location where to meet. We gave undertakings to conceal his identity. The journey we were taken on around Canberra was nothing short of extraordinary. Our guide pointed out the government agencies and departments that had been hit. Top of the list: Defence. The Department's classified email, the Defence Restricted Network, connects the entire Australian military.

INFORMANT I: A factor of ten times the entire database, or the entire amount of information stored within the Defence Restricted Network has been leached out over a number of years.

ANDREW FOWLER: While not 'Top Secret', the data network is classified 'Restricted.' The amount of data being siphoned out by the hackers was huge.

INFORMANT I: It was emails, basic reports, administrative information. It's once you get together a whole large amount of data you can start putting together pieces of information.

ANDREW FOWLER: Professor Des Ball is one of the world's leading experts on electronic eavesdropping and cyber security.

PROFESSOR DES BALL, STRATEGIC AND DEFENCE STUDIES CENTRE, ANU: That sort of activity is basically routine. That's what you have to expect. That's no different than in the old days everyone sucking up every radio message that was transmitted or monitored every satellite ah, email or long distance telephone call that's going through satellite communication systems. You then have in all of those areas enormous processing and analysis problems to separate the real gems out of the garbage.

ANDREW FOWLER: So why bother?

DES BALL: Why bother? Because occasionally it does contain gems.

ANDREW FOWLER: Where was the data going?

INFORMANT I: Multiple locations, other countries.

ANDREW FOWLER: Who do you suspect?

INFORMANT I: Oh I'd suspect China.

ANDREW FOWLER: He is not alone in suspecting China. Over the next few weeks we made contact with a second source, a highly credible person with detailed knowledge of cyber intrusions of government agencies. He explained that the weak link in any security system is always the human factor.

INFORMANT II: Defence has been victim of its own bad practices as much as the efforts of the hacking fraternity to get into their networks.

ANDREW FOWLER: According to the source, an officer working in the Defence complex in Canberra's Russell Hill sent a highly classified document from his desk computer to his home email account. Hackers had earlier targeted the officer's home computer with what's known as a spear phishing email in the guise of a interesting link. Once clicked, a virus loaded onto the computer. When the Defence dept document was opened, the virus fired a copy back to China.

INFORMANT II: I think the real problem that a nation state like China has is what to do with all the data, not how to get the data. Their attacks, their systems are so well developed and refined that I think the problem that presents to the people like the Chinese is what to do with all the data they've stolen.

ANDREW FOWLER: Four Corners has leaned that breach of the Defence Department only came to light by chance. During an intelligence operation against China, a friendly nation, possibly the US, discovered information from the classified Australian document in an assessment produced by the Chinese military. According to our source, Defence wasn't the only department targeted. A flaw in the security system of the Department of Prime Minister and Cabinet, the coordinator of cyber security policy, allowed hackers to get in the backdoor.

INFORMANT I: The Department of Tourism portal was not as secure as it should've been. It was being hosted in an area that was linked to Prime Minister and Cabinet. The hackers removed information was removed from PM&C through the insecure department of tourism portal.

ANDREW FOWLER: Yet this kind of vulnerability was nothing compared to what happened at the Department of Foreign Affairs and Trade, the home of Australia's overseas intelligence agency ASIS. A highly sensitive document was hacked by a foreign power.

ANDREW FOWLER: Do you know specifically that that has happened?

INFORMANT II: Yes I do.

ANDREW FOWLER: What was the particular document that you're referring to?

INFORMANT II: Ah it was a schedule for a specific sensitive project.

ANDREW FOWLER: What was that project?

INFORMANT II: I can't tell you.

ANDREW FOWLER: It was something that was specifically a very sensitive project that had a classification which was above confidential?

INFORMANT II: Yes. It's a project that would give an adversary a significant advantage when dealing with Australia.

ANDREW FOWLER: And it came from the Department of Foreign Affairs?

INFORMANT II: The documents I've seen that I witnessed were initiated by that department.

ANDREW FOWLER: Do you know who it was that hacked that particular document?

INFORMANT II: It was a foreign intelligence service.

ANDREW FOWLER: From which country?

INFORMANT II: China.

MARK DREYFUS, ATTORNEY-GENERAL: Hello Andrew.

ANDREW FOWLER: Hi Mike, how you doing?

ANDREW FOWLER: The Government has never admitted to the attacks. We asked the Attorney General who's responsible for ASIO, Australia's domestic security agency, to explain why.

ANDREW FOWLER: We have specifically been told that DFAT, defence and PM&C have been hacked almost certainly by Chinese hackers, shouldn't that be made public in the public domain?

MARK DREYFUS: There's a great deal of intelligence material, espionage related material that we don't comment on. Ah that's been the long standing practice of Australian governments for many decades…

ANDREW FOWLER: But why is that?

MARK DREYFUS: Well, I'm proposing to continue that practice.

ANDREW FOWLER: China is increasingly identified as a major source of cyber hacking. Downtown Shanghai, the country's biggest city, and its booming. But away from the business and bustle, a nondescript building, home to a secret cyber espionage unit.

RICHARD BEJTLICH: That unit is part of a larger operation whose goal is to extract trade secrets, intellectual property, other sensitive data from Western companies and organisations and to use that for the benefit of Chinese companies and Chinese organisations.

ANDREW FOWLER: Richard Bejtlich is a former US intelligence officer. Earlier this year his company Mandiant, published a revealing report which for the first time identified the building as one of some 20 centres for cyber attacks against the West.

RICHARD BEJTLICH: We estimate that there's ah, as far as the numbers of people who work there somewhere in the hundreds, potentially a thousand, the building that we identified is part of a compound, and we know that their expertise is English language speaking companies.

ANDREW FOWLER: His team traced the cyber attacks back to their source. The Mandiant report cited hits on more than 100 mainly US companies and for the first time named the attacker. The attacks come from the second bureau of the People's Liberation Army's General Staff Department Three, commonly known by its Military Unit Cover Designator as Unit 61398.

DES BALL: It's an entirely secretive organisation. Ah, what you can find out about it only comes about because of what mistakes they make. They do all sorts of things. They do the industrial espionage because there's a link there to the ah, private sector if you can call it the private sector in China. But they are also well into a whole range of intelligence collection.

ANDREW FOWLER: The Chinese Government has repeatedly denied the claims made in the Mandiant Report. In a recent interview with the ABC, the Chinese Ambassador to Australia said China had also been hit.

CHEN YUMING, CHINESE AMBASSADOR TO AUSTRALIA (translation): China is also a big victim of cyber attacks in the world. There are hundreds of thousands of computers in Chinese government agencies which have been attacked by cyber attackers from overseas sources.

ANDREW FOWLER: The Mandiant team discovered that the Chinese also had Australian companies in their sights.

RICHARD BEJTLICH: I believe that there are at least two companies in Australia um but in aggregate so I'm, I'm thinking more in terms of Mandiant's overall picture of the Chinese espionage problem, yeah Australia definitely has a problem.

ANDREW FOWLER: It is Australian companies supplying mineral resources and building materials for China's boom, which are among the chief targets. Three years ago Four Corners revealed cyber attacks on BHP Billiton, Rio Tinto and the Fortescue Metals Group. Tonight we can disclose the target of a new hit by China's cyber spies, a leader of Australia's domestic and export construction industry, BlueScope Steel. BlueScope Steel sells millions of dollars of its products every year in China. It has an office in Beijing and a Colorbond factory at Suzhou, just 80 kilometres west of Shanghai and Unit 61398. Four Corners has been told that three years ago, one of BlueScope's facilities in China took a direct cyber hit. The hackers were believed to be seeking commercial information and plans, possibly including the key to BlueScope's unique Colorbond process. BlueScope disputed this account but declined to make a public statement to Four Corners on the matter.

ALASTAIR MACGIBBON: I deal with companies all the time who often I don't think understand how important it is to be protecting really the crown jewels of the way that company operates. And that's obviously everything from your pricing, through to your marketing, your mergers and acquisitions, and in the case you are talking about possibly the very processes that are used to manufacture a good or service.

ANDREW FOWLER: Four Corners understands from a source connected to BlueScope that information about the hack was relayed to the company by the Australian Federal Police. AFP's Deputy Commissioner Tim Morris, took over as head of cyber crime earlier this year. The AFP has a key role in cyber crime and security.

ASSISTANT COMMISSIONER TIM MORRIS, HIGH TECH CRIME OPERATIONS, AFP: I think there's no doubt that we've seen a general increase in the amount of cyber activity including cyber attacks impacting on Australia and that includes not just government agencies but industrial, commercial entities as well.

ANDREW FOWLER: The AFP is part of the national Cyber Security Operations Centre, known as CSOC. This is the home of Australia's new cyber security centre. It's underground, protected by a battery of cameras and sensors. But even here these kinds of protections are largely ineffective against the new cyber threat. A few hundred metres west of the CSOC building is the site of the massive new ASIO headquarters. It's been designed to hold nearly 2,000 staff as ASIO has benefitted from the post 9/11 spending boom that saw the tripling of its budget. Shrouded by tatty blue fencing, the new building was meant to be in operation in 2012. But there's been delay and a cost blow out $630 million so far, and it's still not finished. Four Corners has learned one reason for the delay in ASIO moving into the new building. And it's more than a mere inconvenience. Someone has stolen the blueprints, not just of the overall building but also of the communications cabling and server locations, of the floor plans, and the security systems. It was more than theft. It reeked of a espionage operation, someone had mounted a cyber hit on a contractor involved in the site. The plans were traced to a server in China. We put our discovery to Professor Des Ball.

DES BALL: That's of major significance. Ah, it's to me only one element of the sorts of activities which the Chinese are up to these days.

ANDREW FOWLER: But why is it particularly significant that they are building plans?

DES BALL: Once you get those building plans you can start constructing your own wiring diagrams, where the linkages are through telephone connections, through Wi-Fi connections, which rooms are likely to be the ones that are used for sensitive conversations, how to surreptitiously put devices into the walls of those rooms or into the roofings above those rooms.

ANDREW FOWLER: Given that those blueprints are now available and if they are in China, what could the security organisations do here to change the building to make it less vulnerable?

DES BALL: At this stage with construction nearly completed you have two options. One is to accept it ah, and practice utmost sensitivity even within your own headquarters. The other which the Americans had to do with their new embassy in Washington ah, their new embassy in Moscow back in the ah late 70s and early 80s was to rip the whole insides out and to ah start again. The British had to do that with several buildings in London.

MARK DREYFUS: We asked the attorney general to explain how the plans for one of Australia's top intelligence agencies could be stolen.

ANDREW FOWLER: A prime contractor involved in the building plans for the new ASIO building has been hacked and those plans taken. What can you tell me about that?

MARK DREYFUS: Nothing. I'm not going to comment on operational or intelligence matters and I've told you that already in relation to um …

ANDREW FOWLER: But this is a, this is a building. This is not an ongoing operation. This is a simple building to house ASIO and the plans we understand...

MARK DREYFUS: I'm not going to - Andrew, I'm not going to comment on individual cases.

ANDREW FOWLER: But why?

MARK DREYFUS: Ah I this, this would be a bit of "how long have you got," Andrew, to uh for me to explain to you why it is that governments and intelligence agencies don't comment on intelligence and operational matters. But perhaps most obviously the more that is disclosed about what's known about espionage activity in Australia or operational aspects eh in counter intelligence ah, the more that our opponents, people who are engaging in espionage will know about our capability and know about the methods that we have for detecting espionage or that's at the general level or detecting uh cyber threats.

ALASTAIR MACGIBBON: In fact I would strongly advocate that legislation be enacted that forces governments to, to tell what has been happening in the networks and forces businesses to also be saying not just the concept of loss of data, because whenever you start talking about personally identifiable information you fudge around at the edges and it gives you an out. What we need is rock solid legislation that says "we've had someone who's unauthorised in our system," don't always need to know what they've done but they've been in there and that alone would allow us to have a discussion about this.

ANDREW FOWLER: In the geo strategic world ASIO's problems may seem minor. But any compromise there could impact Australia's relationship with powerful overseas intelligence agencies, the giant UK spy base in Cheltenham, known as GCHQ and the US National Security Agency, the NSA near Washington. Together they run the biggest electronic intelligence gathering operation in the world. It's here in the murky world of electronic eaves dropping that the tools of cyber attack used to gather intelligence and steal business secrets are crossing over to a new level, the potential for cyber war. Former Deputy Chief of the RAAF, John Blackburn, is a national security consultant with research institute, the Kokoda Foundation.

JOHN BLACKBURN, DEPUTY CHAIR, KOKODA FOUNDATION: It has started and we have already lost ah certain phases of that cyber war. It's pretty clear that with the amount of intellectual property theft and data that's been taken out of ah company systems globally that um we've been a sort of a bit asleep whilst the war was already started.

ANDREW FOWLER: What kind of impacts could the worst case scenario have on Australia?

JOHN BLACKBURN: In that sort of segment there if you have large scale IP theft of value of your company the value of your industries will get significantly reduced. Ah, if you don't - if you can't actually get a return on investment from what you've actually put into a company or its R&D development if that disappears out the side door then you've basically lost your value. You start losing that sort of value the economic impact could be horrendous.

ANDREW FOWLER: Industry has already taken up the weapons of cyber war.

DMITRI ALPEROVITCH: We really focus on the targeted attacks, particular nation sponsored attacks, identifying them, attributing them and figuring out what we can do to raise the pain and the cost to the adversaries. We need to send a message that what they're doing today is unacceptable and I, I believe today the situation is highly escalatory by us not being able to respond to them.

ANDREW FOWLER: Last year Dmitri Alperovitch, Chief Technology Officer of a US based cyber Security Company, flew to Australia. He'd been invited by the Defence Signals Directorate to address a closed conference of government intelligence officers. And his message, if you get bitten, bite back.

DMITRI ALPEROVITCH: Well we absolutely need to move beyond passive defence and start implementing offensive strategies to raise the cost and the pain to the adversary. Ah, so far we've been playing, pure defence. We've been ah, fielding these attacks. We've been swatting them away and that ultimately doesn't work. It doesn't work in the physical world and it certainly doesn't work in cyberspace.

ANDREW FOWLER: Andrew Johnston-Burt has worked extensively for the British government on intelligence and security. He's been employed by Deloitte, one of the world's biggest business consultants, to bolster client cyber security. He's careful with his words about what Australia's security agencies are doing to build a cyber attack capability.

ANDREW JOHNSTONE-BURT: We actually know that the agencies are trying to do that. Ah typically it's lack of resources and so on. But um...

ANDREW FOWLER: Sorry so they're trying to build an offensive capability?

ANDREW JOHNSTONE-BURT: No they're trying to help um key private sector organisations that are looking after national assets improve their resilience. Now, you know, inevitably um with ah...(laughs). They, they have to find their choice of words to explain that um. It's really I can't I can't describe that um.

ANDREW FOWLER: Why can't you?

ANDREW JOHNSTONE-BURT: I can't describe offensive cyber ah capabilities.

ANDREW FOWLER: But it wouldn't be wrong to believe that a country like Australia would have that capability?

ANDREW JOHNSTONE-BURT: It would not be wrong.

GARY WATERS: If we've got the capability, then perhaps we should be suggesting that we do have a capability to essentially bring networks that are attacking us down. And therefore should you decide to attack our networks, then we would do something to stop that attack.

ANDREW FOWLER: It's too late to stop the first shots in the cyber war, they've already been fired. And in 2009 an attack on Iran's Natanz nuclear enrichment facility lifted cyber threat to a new level. These exclusive images from Astrium, using the French Spot satellite, show the plant when a virus called Stuxnet hit the nuclear facility's control systems.

DES BALL: The Stuxnet virus in its first incarnation was developed to get into Siemens ah electronic systems which are used in large numbers of applications but just so happened to be ah, used in the Iranian enrichment program.

GARY WATERS: Not only were those control systems attacked in such a way to render them useless, they were attacked in such a way that the information they were giving off, was that they were operating under normal tolerance, within normal tolerances. So it was a very, very sophisticated capability.

ANDREW FOWLER: The Stuxnet attack slowed the Iranian's uranium enrichment operation temporarily. The finger of suspicion pointed to the United States and Israel who claim Iran is enriching uranium at the plant for nuclear weapons, something Iran denies. Exactly who created the virus may never be known but there's no doubt about the threat its unleashed.

ALASTAIR MACGIBBON: It's a bit like releasing some type of you know something into the environment or, or some type of toxic um biological weapon. They don't just stop where you want them to stop. You don't draw a line around them and cyber is one of those classic examples.

ANDREW FOWLER: It didn't take long for Stuxnet to rebound on other countries. China reportedly modified the virus and disabled an Indian telecommunications satellite.

ALASTAIR MACGIBBON: Stuxnet went into the wild as in got accessible by a whole range of other people and that means any, any idiot on the internet can now use Stuxnet or a Stuxnet derivative to carry out their own nefarious activities.

ANDREW FOWLER: The shutting down of the satellite and the attack on the Iranian facility served as a warning, that infrastructure is in the front line. Dams and electricity generating plants, anything using computerised systems are vulnerable to cyber attack.

JOHN BLACKBURN: What's happened over time is we're becoming more and more reliant on this cyber domain. It's a, it's a nice buzz word but it's basically the way everything functions and operates today and more so in the future. For example, the use of smart grids in the electricity networks and wireless connectivity for those. It makes a lot of sense financially or economically and it's far more efficient but have we designed those systems to address the potential threats to them and in my view that hasn't been done well.

GARY WATERS: At what point does it become crime, cyber crime or what point does it become cyber warfare is the biggest issue and therefore when you see a cyber incident occurring the challenge is, is that an espionage activity, is it a criminal activity, is it a military warfare type activity? And each of those um decisions you come to will drive a different sort of response. And my concern really is that it may simply be a traditional spying activity that gets misperceived, misconstrued and that pushes the potential for some sort of reaction much, much quicker, much, much higher.

ANDREW FOWLER: Governments may not have more than a matter of minutes to decide how to respond to a cyber attack.

DMITRI ALPEROVITCH: cyber today is a fifth domain of warfare, ah, in addition to land, air, sea and, and um, space, ah, but at the same time we should not expect that a conflict will be contained to cyberspace.

ALASTAIR MACGIBBON: If you go beyond a Stuxnet and start talking about large denial of service or shutting down of electricity or water grids in nations, then I don't think many nations would really draw too much differentiation between that and a physical or what they call in military terms a kinetic attack, actually you know attacking you with fighter planes or ships or something else.

ANDREW FOWLER: One possible reason China is so committed to cyber warfare is it has little alternative. Its military is no match for the West. For China, that is just the problem. And if tensions between Beijing and Washington spill over in the north-west Pacific, the fear is China has just one shot in its locker.

DES BALL: That's your very ah first step to make those American platforms ah blind, deaf and dumb. It's the only way that those relatively primitive Chinese capabilities would have any hope against American carrier battle groups. If you're a country like China and you don't go first ah, then you end second. There's no doubt about that. There is no way that the Chinese can win that unless they take out command and er control systems, unless they can degrade the surveillance capabilities that link the sensors with the aircraft carriers for example, put false data into those data links and to ensure that all the information and communication flows to the American defence force are so thoroughly degraded that the US cannot use its preponderance in those areas.

ANDREW FOWLER: And is that what you fear that the Chinese cyber activity is mainly focussed on achieving?

DES BALL: That's ah, that's their ultimate objective. There's no doubt about that.

ANDREW FOWLER: Placing constraints on the cyber road to war faces many difficulties.

DES BALL: There is no way at all that any international agreement restricting in the slightest cyber operations is, is going to take effect, at least in our region. We have no arms control agreements of any sort of in East Asia. The idea that you're going to restrict your cyber operations in the event of ah conflict no one is interested in taking that seriously. Building up your cyber warfare capabilities and practising them to the extent that you can do it covertly is what the game is about now. There is no ah consideration whatsoever any way in our region being given to limitations on cyber warfare practices.

JOHN BLACKBURN: The first step in addressing what appears in my view to be an escalating threat is to accept that the threat's actually there and don't just accept that the good work we're already doing is enough.

ANDREW FOWLER: Is it possible to ever have a non-aggression treaty?

JOHN BLACKBURN: Oh I doubt that. But there needs to be I think established norms, behaviours and legal frameworks which the majority of countries sign up to, as you do in some of you know, the laws of armed conflict, to say there are accepted norms of behaviour that gives you a reference point. Without that it's just chaos.

ANDREW FOWLER: If the chances of a cyber peace treaty designed to limit the affects of an attack seem remote, so too do the chances of persuading companies and the government to be more open when they are hit. Yet those who advise Australia's businesses believe it's the only way forward.

ANDREW JOHNSTONE-BURT: We don't have mandatory disclosure in this country. One thing the Government we at Deloitte would encourage is more disclosure. Um, going to mandatory disclosure is another question. But certainly more disclosure is needed. By more disclosure we can get more information as to what attacks are occurring and why and with that we can build greater resilience and greater defence.

ALASTAIR MACGIBBON: There are private companies, there's small businesses and then there's government departments themselves and if we're going to make a rule for the publicly listed companies who I believe already have an obligation to disclose to the market those issues, we should apply that same logic across the entire spectrum of government and business.

ANDREW FOWLER: As the drum beats of cyber war grow louder, time is running out.

KERRY O'BRIEN: The US and Chinese presidents will be attending a summit next month and one item on the agenda will be cyber espionage. I wonder how much intelligence they'll bring to the table.

A post script to last week's program on TV sports betting, there's been a lot of political fallout over the course of the week, and in the end we may even see all advertising by betting agencies banned during kid's viewing hours. That's the program for tonight. Next week we'll take you inside a remarkable police investigation in Britain, targeting gangs of young South Asian men who'd been grooming young girls for sex and gang rape, a hunt that's taken many years.

Until then, goodnight.

END

Background Information

KEY REPORTS

APT1 Exposing China's Cyber Espionage Units | Mandiant Intelligence Center Report | 2013 - This report is focused on the most prolific cyber espionage group Mandiant tracks: APT1. For the first time a company has managed to trace cyber attacks back to a specific military unit, a specific city block and a specific people of people based in China. Download the report.

Military and Security Developments Involving the People's Republic of China 2013 | US Dept of Defense | 2012 - The annual report to Congress from the US Secretary of Defense. The report states; "In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military." [PDF 3.24Mb]

Cyber crime and security survey report 2012 | Centre for Internet Safety (CIS) | 26 Feb 2013 - The Cyber Crime and Security Survey: Systems of National Interest was designed and conducted to obtain a better understanding of how cyber incidents are affecting the Australian businesses that form part of Australia's systems of national interest, including critical infrastructure... The findings from this survey provide a picture of the current cyber security measures these businesses have in place; the recent cyber incidents they have experienced; and their reporting of them.

The 2013 Data Breach Investigations Report | Verizon | 2013 - The annual Verizon report offers stats on the percentage of espionage-related attacks and security breaches on organisations around the world.

Strong and Secure: A Strategy for Australia's National Security | Australian Government | 23 Jan 2013 - The Strategy provides the overarching framework to guide Australia's national security efforts over the next five years.

The Cyber Crime and Security Survey Report | CERT | 2012 - The inaugural Survey was designed to obtain a better understanding of how cyber incidents are affecting the businesses that form part of Australia's systems of national interest... The findings provide a picture of the current cyber security measures these businesses have in place; the recent cyber incidents they have experienced; and their reporting of them. Download the report here.

Inquiry into allegations of inappropriate vetting practices in the Defence Security Authority | IGIS | Dec 2011 - On 16 May 2011 three former contractors who had been employed as data-entry operators in Defence Security Authority's Brisbane-based vetting operation made allegations on the ABC Lateline program of inappropriate vetting practices. The Prime Minister requested the Inspector-General of Intelligence and Security to inquire into the allegations. Read the report.

Optimising Australia's Response to the Cyber Challenge | Kokoda Papers | Feb 2011 - This paper focuses on the cyber security environment in the 2020 to 2030 timeframe, exploring the likely future cyber environment and the challenges, threats and vulnerabilities facing Australia and western societies in that timeframe. By John Blackburn and Dr Gary Waters. [PDF 3Mb]

NEWS AND BACKGROUND

WATCH: Cyber crime wipes out millions of dollars and a thriving internet business | The Business | 20 May 2013 - Distribute IT was a small web-hosting and domain registry business which had captured a sizeable chunk of the Australian market. But two years ago its systems were hacked for no apparent reason, causing millions of dollars in losses and years of anguish for the business's owners and staff. Watch this report.

US GOVERNMENT: Chinese Hackers Have Stolen Information From 'Almost Every Major US defence Contractor' | Business Insider | 7 May 2013 - For the first time the Obama administration has explicitly accused China's military of hacking into computer systems of the U.S. government and its defence contractors.

LISTEN: Hackers target Bureau of Statistics | The World Today | 26 Apr 2013 - The Australian Bureau of Statistics has confirmed that cyber hackers have recently attempted to break through its security systems to get hold of potentially market sensitive information. While the ABS says none of the attempted attacks were successful, there are growing concerns that intelligence about Australia's economy is being eyed by either governments or individuals abroad.

The Year in Hacking, by the Numbers | New York Times | 22 Apr 2013 - Security experts like to say that there are now only two types of companies left in the United States: those that have been hacked and those that don't know they've been hacked.

WATCH: Hackers attack RBA | Lateline | 11 Mar 2013 - The Reserve Bank has been targeted by cyber hackers trying to gain access to sensitive information. Watch this segment.

WATCH: Google building hackers say Australian offices at risk | ABC News | 8 May 2013 - US security researchers who hacked into one of Google's Australian offices say hundreds of other buildings around the country are vulnerable.

Chinese hackers using Australia | The Australian | 20 Feb 2013 - Australia is one of 13 countries being used by Chinese hackers linked to the People's Liberation Army to launch cyber attacks on commercial organisations around the world. A comprehensive report by US security firm Mandiant claims the hackers utilise a distributed network of servers across the globe to ensure their virtual footsteps cannot be traced.

Media Release: Cyber attacks on Australian business more targeted and coordinated | Attorney General's Office | 18 Feb 2013 - New national survey results from more than 250 major businesses shows cyber attacks are becoming increasingly targeted and coordinated, with one in five experiencing an electronic attack in the last year.

Chinese hackers suspected in attack on The Post's computers | The Washington Post | 2 Feb 2013 - A sophisticated cyberattack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, people familiar with the incident said.

WATCH: Gillard vows to fight 'malicious' cyber attacks | ABC news | 24 Jan 2013 - Prime Minister Julia Gillard has warned of a decades-long war against the growing risk of malicious cyber attacks and promised to set up a new national centre to combat the threat.

New York Times Hacked Again, This Time Allegedly by Chinese | Wired | 1 Jan 2013 - In a dramatic announcement late Wednesday, the New York Times reported that hackers from China had been routing through the paper's network for at least four months, stealing the passwords of reporters in an apparent attempt to identify sources and gather other intelligence about stories related to the family of China's prime minister.

USEFUL LINKS

CERT Australia: Australia's National Computer Emergency Response Team - CERT is the single point of contact for cyber security issues affecting Australian businesses. www.cert.gov.au/

Cybersmart | @CybersmartACMA - Cybersmart is the national cybersafety education program managed by the Australian Communications and Media Authority (ACMA). www.cybersmart.gov.au/

SCAMwatch | @SCAMwatch_gov - Run by the Australian Competition and Consumer Commission (ACCC). SCAMwatch provides information to consumers and small businesses about how to recognise, avoid and report scams. www.scamwatch.gov.au/

Stay Smart Online - The Australian Government providing cyber security information for Australian internet users on the simple steps they can take to protect their personal and financial information online. www.staysmartonline.gov.au/

WATCH RELATED FOUR CORNERS REPORTS

Fear in the Fast Lane | 17 Aug 2009 - Australia may be one of the most internet-connected countries on earth, with a super-fast broadband network on the way. But now the experts are warning there's danger with cyber crooks roaming the super highway. Flash Video Presentation