These so called “watering hole” attacks are often a first step in a campaign to insert malicious software into the systems of government officials or business leaders visiting the website, according to security sources. Loading A source with direct knowledge of the incidents said the most recent attempt to breach Lowy occurred earlier this year, while the initial attack happened in 2012 and was detected by what is now known as the Australian Signals Directorate. It is unclear the extent of any access gained by the hackers and it understood the think tank's security controls have increased markedly since the first incident. Lowy declined to comment, citing a policy of not doing so on security matters.

Former and serving national security officials told The Age and Herald that the cyber attacks were likely directed by the Chinese military or intelligence services and were an effort to target the “soft underbelly” of government. One of the sources said Lowy routinely meets and works with Australian officials and visiting leaders, creating email traffic and other correspondence which could be of interest to Beijing. Bill Shorten speaking at the Lowy Institute. Credit:AAP The second source described the attacks as a clumsy effort to anticipate changes in Australia's foreign policy debate, a largely unnecessary act given most of the Institute’s work is made public. Others have suggested valuable “human intelligence” could be gleaned from the likes of Lowy, as they would often be privy to the travel and accommodation schedules of government officials and visiting dignitaries. “They would be interested in Lowy as an organisation with the potential to influence government,” said one national security source.

“You could see what they are about to release, what they are talking about with government. That’s a great way to operate … to build operational awareness.” Loading The source said such information could “help to understand the thinking of government and even help to recruit someone”. Peter Mattis, a former counterintelligence analyst at the CIA, said every major think tank in the US had come under attack from state-sponsored hackers out of China. “They want to know who is coming to their events, who they are talking to,” he said.

Mr Mattis said while Chinese hackers often sought to steal intellectual property, they were equally interested in building up human intelligence in countries like Australia or the US. This was one possible motive advanced for the hack on ANU which was revealed in July. While the university has extensive science and technology research, national security sources said keeping an eye on Chinese students at the ANU was another possible motivation. What the hackers were seeking may never be known however, as sources said the ANU failed to have even basic IT security measures in place, including a logging system that would have allowed it to gauge the extent of any information theft. Security officials said ANU’s public comments about the breach were misleading as the university lacked the ability to accurately assess what information had been accessed. One source said the hackers may have been inside the ANU IT systems for several months. “They didn't hack the university just to see if they could. They were after information," said a security source.

In a statement the ANU said it had been advised by “Australian government security agencies” that no data had been taken and that “no research, intellectual property or personally sensitive information was compromised.” The University said it was working with the Australian Cyber Security Centre (ACSC) to implement the appropriate technical measures and had recently appointed a Chief Information Security Officer. Other sources have indicated the hackers could have been seeking access to research with military, science or technological applications. Another possibility is that the ANU is viewed as a "soft" means of accessing the communications of serving or future government officials. The university's National Security College is among several departments which host and train government officials and students with aspirations to work inside government.