SYDNEY (Reuters) - Cyber-attackers spent months targeting personal information of students and employees at one of Australia’s most prestigious universities, a report into a 2018 breach released on Wednesday said, although the identities of the culprits remain unknown.
The Australian National University (ANU) said in June that attackers had managed to breach its cyber defenses in late 2018, potentially gaining access to sensitive data that included students’ bank account numbers and passport details going back 19 years.
The ANU is one of Australia’s highest ranked universities, with alumni including former and current members of the country’s government - stoking fears that the attackers had been looking for potential leverage against high-ranking individuals.
Heightening those concerns, an assessment conducted by U.S. defense contractor Northrop Grumman concluded the attackers ignored typical targets such as academic research to go after the personal information of students, current and former, and former employees.
“In addition to their efficiency and precision, the (attackers) ... demonstrated an exceptional degree of operational security that left few traces of their activities,” the report said.
ANU Vice-Chancellor Professor Brian Schmidt told Reuters there was no evidence on who the attackers were.
While investigators now believe the attackers obtained less than 1% of the 200,000 records kept on the server, and the data has not yet been released on the dark web - they do know which records were compromised.
“This wasn’t a smash and grab. It was a diamond heist,” said Schmidt.
“It was an extremely sophisticated operation, most likely carried out by a team of between five to 15 people working around the clock.”
The ANU breach came amid a spate cyber-attacks, including one against Australia’s parliament and three largest political parties that Reuters reported was attributed to China by local intelligence.
China has denied responsibility for the attacks.
But Canberra is worried about cyber-attacks, particularly attempts on Australian universities.
Many Australian universities remain financial dependent on foreign students - they are worth about A$35 billion ($23.45 billion) a year to the Australian economy, with Chinese students accounting for about a third of that figure.
The ANU generated A$249 million ($167 million) from overseas students in 2017, about 20% of its revenue, the university’s annual report shows.
Australia said in August it will now require local universities to work with security agencies to ensure they are adequately protected against undue attempts of interference.
The Northrop report said the attack on ANU begun with a spear phishing email on Nov. 9, 2018 to a senior staff member.
The attackers had intermittent access to university records for about three weeks, the report says, before being cut off in December.
Reporting by Colin Packham; Editing by Raju Gopalakrishnan