5 Jan 2018

    Here's How The Australian Government Treated Foreign Hacking Threats In The '90s

    Bored hackers, rather than foreign intelligence agencies, were seen as the bigger threat.


    Then prime minster Paul Keating and former US president George Bush with Annita Keating and Barbara Bush in Sydney in 1994.

    In 1995, as the internet was slowly becoming a thing in Australia, the government was more concerned about hackers hacking for hacking's sake rather than foreign governments trying to pry into our most secure systems.

    The detail is contained in a cabinet memorandum from 1995 from the then Keating Labor government. It was released on New Year's Day as part of the annual release of 20-year-old cabinet documents. (We are still catching up from when it used to be a longer wait, and so 1994 and 1995 were released together.)

    As the Turnbull government looks to overhaul Australia's foreign influence law, and the threat of hacking by foreign intelligence agencies looms large, by comparison, the Keating government in 1995 was far less concerned about foreign governments hacking our secrets.

    The Australian Government Electronic Security Memorandum compiled for the cabinet by Australia's peak information intelligence organisation, Defence Signals Directorate (now known as Australian Signals Directorate) revealed concerns about government increasingly relying on computers and networks.


    "Computers and networks are inherently vulnerable because of their dependence on commercial-quality software not built to offer strong security ... it is also very easy to compromise security by small changes to hardware, software, and procedures."

    The major threat? Not foreign intelligence agencies.


    The Defence Signals Directorate (DSD) at the time said that the "proximate threat" comes from hackers "determined to demonstrate their cleverness and the laxity of government".

    "Given the inherent vulnerabilities, the proliferation of system interconnects (including to the internet), and the government moves to electronic commerce and other electronic services, they may well succeed."

    Hackers were more likely concerned about embarrassing the government, the DSD said.

    "Government embarrassment about the infringement of privacy is the most likely result, but compromise of sensitive material and fraud are also possible."

    Although the idea of releasing cabinet documents 20 years later is to provide transparency about that time in Australian history, many of the documents have been redacted by the National Archives on the grounds that they might damage security, defence, or international relations of Australia.

    This means that the countries Australia did see as a threat (however minor a threat that may have been) 22 years ago remain a mystery.


    But at the time, the DSD said that there was "no concrete evidence of hacking being used as a weapon or as a means of gathering intelligence against Australian information systems."


    The DSD said that "traditional threats to government information from foreign intelligence remain," but the focus had changed since the end of the Cold War.

    "At the same time, a strong new threat has arisen which is very unpredictable due to the inchoate nature of its source, the hackers. The vulnerability of government information to this threat is high because the pressure to connect networks causes the dangers to be overlooked or ignored and because methods for protection are still being developed."

    Today, the government is going as far as to exclude certain vendors from supplying network gear to government agencies in case those vendors have links to the Chinese government. The government is also seeking veto power over changes companies can make to government networks, citing similar concerns.

    In a separate document about how government could use the "Information Superhighway", as they liked to call the internet back then, the Department of Defence warned that there were "significant and widely recognised security problems" with the internet, while the Department of Health warned that privacy and security needed to be taken fully into account.

    "This department holds a large body of sensitive information on individuals, the security of which is a paramount consideration."

    Josh Taylor is a Senior Reporter for BuzzFeed News and is based in Sydney.

    Contact Josh Taylor at josh.taylor@buzzfeed.com.

    Got a confidential tip? Submit it here