Australia's security agencies were concerned that state and territory electoral commissions may also have been targeted as part of a cyber attack on federal political parties, according to previously confidential documents obtained by 7.30.

Key points: The cyber attack was revealed in February, with suspicion falling on China

The cyber attack was revealed in February, with suspicion falling on China The electoral commissions say there is no evidence they were compromised

The electoral commissions say there is no evidence they were compromised It was publicly announced that the major federal politcal parties were targeted in the cyber attack

On February 18, Prime Minister Scott Morrison made a statement outlining that Australia's major political parties had been the target of a major cyber attack by what was described as a "sophisticated state actor".

There was speculation at the time that China was responsible for the attack, and a report this week by Reuters claims that nation was responsible for the breach.



Shortly before Mr Morrison's public announcement of the attack on political parties, a whole-of-government teleconference led by the Australian Cyber Security Centre — which included representatives from the Australian Signals Directorate, ASIO, the Australian Electoral Commission, state electoral commissions and other federal government agencies — was held to brief agencies on the breach.



Meeting minutes obtained by 7.30 under freedom of information laws from the Office of the Australian Information Commissioner (OAIC) reveal a rare glimpse of the deliberations in the aftermath of the attack, and provides some insight into the extent to which personal information may have been obtained from the political parties.

An OAIC case officer who attended the teleconference set out a summary of the meeting, and wrote that the attack "directly targeted political parties". The case officer's notes also state that "personal information has been compromised" in the breach.

Got a confidential news tip? Contact Paul Farrell using the Signal secure messaging app on +61457262172 or at paulfarrell1@protonmail.com

"The [Australian Cyber Security Centre] could say that as a result of the DPS [Department of Parliamentary Services] incident, they had seen broader connectivity between various networks and an adversaries (sic) infrastructure, with targets across the major political parties," the officer wrote.

The notes also state there was "evidence that the 'adversary' was communicating with infrastructure".

They also show that there were fears the attack may also have penetrated state and territory electoral commissions. The meeting minutes by the officer note that the ACSC was "concerned that it is an issue across States and Territories, hence the involvement of the relevant electoral commissions".

7.30 asked each state and territory electoral agency whether there was any evidence they had been targeted in the attack.

Each responded that there was no evidence that they had been compromised in the breach.

Government talking points about hacking revealed

Other documents released by the OAIC also indicate that Australia's security agencies may have shifted their view on whether any data had been removed from the parties' networks.

The meeting minutes note that on the day the breach was announced there was no evidence that personal information had been "exfiltrated", meaning there was no indication data had been harvested by the hackers.

A version of the whole-of-government talking points released on February 21 says that if asked whether it was possible embarrassing material could be released, to respond: "At this stage there is no evidence of anything being stolen, and our focus is on securing the networks."

This line was later removed from the talking points. On February 22, a subsequent version was amended to say: "At this stage it would be premature to comment on an ongoing operational matter."



The incident stoked fears of a foreign influence attempt similar to what occurred in the United States' 2016 election with the publication of Democratic Party emails linked to a cyber attack by Russia.



Australia's security agencies have been adamant there is no evidence of an electoral influence attempt of this nature, and no indication that any of the materials held by political parties on their servers have emerged publicly.

The Prime Minister stressed in his statement in February that there was "no evidence of any electoral interference".



The material obtained by the hackers could be used in a range of more subtle ways for intelligence-gathering purposes.

The OAIC's case officer wrote in an email to information commissioner Angeleke Falk and deputy commissioner Elizabeth Hampton: "I would note in particular that the information at times seemed slightly ambiguous about what might have been accessed/vulnerable vs what was removed from the various systems."



Political parties have an exemption under the Privacy Act and are not subject to laws around the handling of personal information.



As a consequence, the OAIC had limited oversight of the data breach, which has been largely left to the security agencies to monitor.

The Australian Signals Directorate declined to comment on the details of the cyber incident, or the claim that China was responsible for the attack. It referred to a response provided by the former directorate general of ASD, Mike Burgess, in April 2019 in Senate Estimates, which said: "A small amount of data taken; none of that was deemed sensitive, but the assessment of that is a matter for the Parliament themselves."

