Publicity:
   

In the cyber age it seems spying knows no bounds. This is a story not often told in detail because the details are invariably hard to pin down and to prove, partly because national security is involved, and partly to avoid embarrassment. But if you were told that in Australia the departments of Prime Minister and Cabinet, Foreign Affairs, and Defence had all been breached by cyber spies, with China the chief suspect, you might understand why there is a cone of silence. But that's not all. It is believed a serious breach has also occurred at Australia's chief spy agency charged with national security, ASIO. This is an agency that occasionally goes public to warn every other potential target of cyber spying from Government departments to big corporations, and other sensitive businesses to keep their security tight. Now we know it speaks from experience.

In February this year, an American cyber security firm called Mandiant, released a report directly implicating China in cyber espionage, hacking into American government and corporate websites. In May this year a US pentagon report for the first time accused the Chinese government and military of cyber spying. Some might say that's the pot calling the kettle black.

In Australia hundreds of cyber incidents against Government systems are recorded each year, but when reporter Andrew Fowler began to investigate he met a wall of secrecy and subterfuge.
   

Montage ASIO images
   

Music
   

00:13

Re-enactment - ASIO officers into car/driving
   

ANDREW FOWLER, REPORTER: Two ASIO officers leaving Canberra on a secret mission to break some bad news.
   

00:24

   

Music
   

00:30

   

ANDREW FOWLER: What ASIO's discovered will have far reaching consequences for both Australia and its allies.
   

00:35

   

Music
   

00:41

   

ANDREW FOWLER: Such is the sensitivity of the information it can only be delivered by a face to face meeting. It seems that Chinese hackers, notorious for waging a virtual cyber war stealing secrets and spying have hit the bulls-eye. And even that is secret.
   

00:44

MacGibbon
   

ALASTAIR MACGIBBON, DIRECTOR, CENTRE FOR INTERNET SAFETY: The question is how many successful events there’ve been? Most people who work in this space know of many, but they won't tell you what they are because they can't divulge their sources.
   

01:04

Reeanactment – driving sequence
   

ANDREW FOWLER: It's a secret war where the body count is climbing daily.
   

01:16

Johnstone-Burt
   

ANDREW JOHNSTONE-BURT, PUBLIC SECTOR LEADER, DELOITTE AUSTRALIA: There's been some 50 to 60 per cent increase in intrusions or cyber attacks in the last twelve months.
   

01:23

Blackburn
   

JOHN BLACKBURN, NATIONAL SECURITY CONSULTANT: Our big threat is that we're at cyber war or conflict now and it's continuous.
   

01:31

Hands on computer keyboard
   

ANDREW FOWLER: There are those who want to fight back.
   

01:37

Alperovitch at computer
   

   

01:39

Alperovitch
   

DMITRI ALPEROVITCH, CHIEF TECHNOLOGY OFFICER, CROWDSTRIKE: We need to send a clear signal to them that this is unacceptable behaviour. This is theft. This is piracy in cyberspace if you will and we as in the Western world will not stand for it.
   

01:43

Adelaide general views
   

Music
   

01:53

   

ANDREW FOWLER: Adelaide is best known for its wine, food and churches, but it's also a thriving hub of defence industries, and that's where
   

01:58

ASIO officers in car
   

the ASIO officers are heading.
   

02:07

Codan building
   

It's here one of Australia's great business success stories has been having trouble. Looks can be deceptive. Codan is a multinational electronics company with offices in the US and the UK. But two years ago business took a dive. Chief Executive Officer Donald McGurk and his team were baffled.
   

02:12

Inside Codan. McGurk walks with Fowler
   

What McGurk couldn't work out was why sales of one of the company's biggest sellers their Minelab metal detectors had gone off the boil. He's understandably proud of the product.
   

02:37

McGurk shows metal detector
   

DONALD MCGURK: The metal detectors are made to order again, they're made to specific project requirements. And so you can see here again it's a pretty complex product, it's developed and designed by engineers here in Australia.
   

02:49

Fake/Genuine metal detector components
. Super left: Fake
Super right: Genuine
   

ANDREW FOWLER: But it seems others overseas liked the Australian design so much they copied it, using reverse engineering to make inferior versions that sold at a fraction of the price. To add insult to financial injury the control boxes of the copies were marked 'Made in Australia' and labelled with a fake Minelab logo. But in fact they'd been made in China. Codan was a victim of industrial espionage.
   

03:04

McGurk. Super:
Donald McGurk
CEO, Codan Ltd
   

DONALD MCGURK: It's not it's not until these products came back to the service centres because they weren't operating correctly and some of our dealers opened them up and said something's not right here. These circuits are not the circuits that we've come to expect.
   

03:31

ASIO officers driving sequence
   

Music
   

03:45

   

ANDREW FOWLER: There was something else he didn't expect. ASIO arrived on his doorstep to tell him something he was completely unaware of. The company's computer system had been hacked.
   

03:48

McGurk
   

ANDREW FOWLER: We've been told that your company has had problems of hackers possibly from China, can you tell me about it?
   

04:00

   

DONALD MCGURK: That's an area that's difficult for me to talk to you about on camera. It's fair to say that in recent times, we've taken steps to secure our computer systems by putting in multiple firewalls, and you can draw whatever conclusion you would like from that but we've certainly had to take a much more serious approach to the approach that we had taken some time ago.
   

04:07

Codan factory line
   

ANDREW FOWLER: Codan had a lot to protect, much more than its metal detectors.
   

04:28

Field radio
   

One of its best sellers is a portable field radio that can transmit encrypted messages great distances. They've sold thousands of them to the Australian, British and US military.
   

04:38

Fowler and McGurk with field radio
   

ANDREW FOWLER: So how secure are they, these radios?

DONALD MCGURK: These radios usually have frequency hopping and encryption. So again our government supply export permits for these radios to be exported. So they're done in full consultation, consultation with our Government and...
   

04:51

   

ANDREW FOWLER: It's a sensitive subject.
   

05:06

   

ANDREW FOWLER: So these are in fact, radios that are used by military and intelligence organisations as well?

DONALD MCGURK: Not as much intelligence organisation. These radios are classed as what you would call a tier two type product. So they're used mainly for non tactical operations like border protection and counter narcotics control.

ANDREW FOWLER: Right, but you do actually sell a version of that, that does do that kind of work.

DONALD MCGURK: We do. Absolutely.
   

05:09

Codan video. Super:
Promotional video
   

   

05:34

   

ANDREW FOWLER: The high tech radios, and Codan's other military products, have made the company a target.
   

05:45

Dramatisation. Codan executive in hotel on computer/Malware sequence
   

Music
   

05:56

   

ANDREW FOWLER: The ASIO investigation revealed that when a Codan executive visiting China logged in to the Wi-Fi at his hotel, the Chinese struck.
   

05:58

   

Music
   

06:08

   

ANDREW FOWLER: They inserted malware onto the work laptop. From there it infected Codan's Australian computer system. Intelligence sources believe it was this malware which contained a piece of computer code designed to target files on the Codan system.
   

06:11

Blackburn. Super:
John Blackburn
National security consultant
   

JOHN BLACKBURN: This comes back to where the problem is in cyber security in Australia. You can protect the crown jewels but if the case that's surrounding the crown jewels is made of glass it's a little bit fragile, then you've got a little bit of a problem here.
   

06:36

MacGibbon. Super:
Alastair MacGibbon
Director, Centre for Internet Safety
   

ALASTAIR MACGIBBON: There but for the grace of God goes every other defence contractor, or more than likely, there goes every other defence contractor. So if anyone who's looking at what happened to Codan saying it shouldn't have happened to them, the reality is it probably has or it will.
   

06:50

McGurk
   

ANDREW FOWLER: Do you believe now that the company is secure?
   

07:12

Super: Donald McGurk
CEO, Codan Ltd
   

DONALD MCGURK: Look I think it's hard to ever believe you're secure, I think people that have the will to come and do these kind of attacks on security systems are going to find ways to try and outwit you and find ways to try and get round some of the measures you've put in place.

ANDREW FOWLER: Why is it difficult to explain what's happened to your company?

DONALD MCGURK: It's difficult because it's probably a matter of national security and it's something that I'm probably not at liberty to discuss on camera.
   

07:15

Montage from various news reports
   

   

07:41

   

REPORTER 1 It's estimated that computer hackers number in the tens of thousands...
   

07:44

   

REPORTER 2: Computer giant Apple was under attack from hackers on Tuesday...
   

07:48

   

REPORTER 3: The hackers say they have the personal financial details...
   

07:50

   

REPORTER 4: People who use Internet Explorer have been warned of a major cyber attack...
   

07:53

   

ANDREW FOWLER: While there's been no shortage of media coverage of increasing cyber attacks, few from government or industry are prepared to speak out.
   

07:58

Waters
   

Gary Waters is a former RAAF Air Commodore now advising government and industry on cyber security.
   

08:08

Super:
Dr Gary Waters
Strategic consultant
   

DR GARY WATERS, STRATEGIC CONSULTANT: It's a loathing to actually stand there in public and talk about some of the vulnerabilities we have. Now, it's sensitive because if you to identify vulnerabilities, then that sophisticated ah hackers could get to, then all of a sudden less sophisticated ones can start to find those vulnerabilities and weaknesses if you like.

ANDREW FOWLER: But if you don't talk about the vulnerabilities then...

DR GARY WATERS, STRATEGIC CONSULTANT: Then you can't talk about the solutions.
   

08:16

Aerial. Australian parliamentary buildings
   

Music
   

08:40

Fowler to camera. Super:
Andrew Fowler
   

ANDREW FOWLER: The Australian Government and its intelligence agencies are facing off against a new, unseen enemy. It's a battle which has largely being fought out behind a veil of secrecy, a secret war which has already cost Australia billions of dollars.
   

08:47

Canberra general view
   

Music
   

09:03

Fowler walks with MacGibbon
   

ANDREW FOWLER: So this is Canberra, what makes it so unusual in the cyber world?

ALASTAIR MACGIBBON: Well I think it's fair to say that some of our allies are more open in talking
   

09:07

Parliament House
   

about cyber matters than Australia is.
   

09:18

MacGibbon with Fowler
   

ANDREW FOWLER: Alastair MacGibbon is a government cyber security advisor. He's a rare breed, arguing for more transparency, but it's an uphill battle. MacGibbon was a senior officer in the Australian Federal Police and established its high tech crime centre.
   

09:21

MacGibbon
   

ALASTAIR MACGIBBON: It would be churlish to deny that there have been probably many other breaches of government agencies but we don't have a culture in this country of talking about it.

ANDREW FOWLER: Which are? What are the government agencies that have been hit?

ALASTAIR MACGIBBON: Well, again this is the dilemma. I'm not going to be the first to tell you who they are.
   

09:39

Re-enactment of meeting with informant. Super: Re-enactment
   

Music
   

09:57

   

ANDREW FOWLER: But there was someone who was prepared to tell us the targets of these attacks. Our search led us to meetings involving very much the techniques of old world espionage.
   

10:03

   

An intermediary promised we would meet a highly placed insider who had intimate knowledge of sustained major hacks on Australian Government agencies. We were given his name and a location where to meet.
   

10:14

   

We gave undertakings to conceal his identity.
   

10:30

   

Music
   

10:34

   

ANDREW FOWLER: The journey we were taken on around Canberra was nothing short of extraordinary. Our guide pointed out the government agencies and departments that had been hit. Top of the list: Defence. The Department's classified email, the Defence Restricted Network, connects the entire Australian military.
   

10:39

Informant 1 in silhouette. Super:
Informant 1
   

INFORMANT 1: A factor of ten times the entire database, or the entire amount of information stored within the Defence Restricted Network, has been leached out over a number of years.
   

11:03

Canberra building. Night.
   

ANDREW FOWLER: While not 'Top Secret', the data network is classified 'Restricted.' The amount of data being siphoned out by the hackers was huge.
   

11:14

Informant 1 in silhouette
   

INFORMANT 1: It was emails, basic reports, administrative information. It's once you get together a whole large amount of data you can start putting together pieces of information.
   

11:27

Prof Ball at computer
   

ANDREW FOWLER: Professor Des Ball is one of the world's leading experts on electronic eavesdropping and cyber security.
   

11:39

Prof Ball interview. Super:
Professor Des Ball
Strategic & Defence Studies Centre, ANU
   

PROFESSOR DES BALL, STRATEGIC AND DEFENCE STUDIES CENTRE, ANU: That sort of activity is basically routine. That's what you have to expect. That's no different than in the old days everyone sucking up every radio message that was transmitted or monitored every satellite , email or long distance telephone call that's going through satellite communication systems. You then have in all of those areas enormous processing and analysis problems to separate the real gems out of the garbage.

ANDREW FOWLER: So why bother?

DES BALL: Why bother? Because occasionally it does contain gems.
   

11:47

Informant 1 in silhouette
   

ANDREW FOWLER: Where was the data going?

INFORMANT 1: Multiple locations, other countries.

ANDREW FOWLER: Who do you suspect?

INFORMANT 1: Oh I'd suspect China.
   

12:28

Canberra nightfall
   

Music
   

12:37

   

ANDREW FOWLER: He is not alone in suspecting China. Over the next few weeks we made contact with a second source, a highly credible person with detailed knowledge of cyber intrusions of government agencies. He explained that the weak link in any security system is always the human factor.
   

12:39

Informant 2 in silhouette. Super:
Informant 2
   

INFORMANT 2: Defence has been victim of its own bad practices as much as the efforts of the hacking fraternity to get into their networks.
   

12:59

ASIO/Dept of Defence exteriors/Document montage
   

Music
   

13:05

   

ANDREW FOWLER: According to the source, an officer working in the Defence complex in Canberra's Russell Hill sent a highly classified document from his desk computer to his home email account. Hackers had earlier targeted the officer's home computer with what's known as a spear phishing email in the guise of a interesting link. Once clicked, a virus loaded onto the computer. When the Defence Department document was opened, the virus fired a copy back to China.
   

13:09

   

Music
   

13:49

Informant 2 in silhouette
   

INFORMANT 2: I think the real problem that a nation state like China has is what to do with all the data, not how to get the data. Their attacks, their systems are so well developed and refined that I think the problem that presents to the people like the Chinese is what to do with all the data they've stolen.
   

13:53

Defence Department exterior
   

ANDREW FOWLER: Four Corners has leaned that breach of the Defence Department only came to light by chance.
   

14:10

Defence Department exterior. Night.
   

During an intelligence operation against China, a friendly nation, possibly the United States, discovered information from the classified Australian document in an assessment produced by the Chinese military.
   

14:16

Fowler in car. Night.
   

According to our source, Defence wasn't the only department targeted.
   

14:29

Computer screen
   

A flaw in the security system of the Department of Prime Minister and Cabinet, the coordinator of cyber security policy, allowed hackers to get in the backdoor.
   

14::37

Informant 1 in silhouette. Super:
Informant 1
   

INFORMANT 1: The Department of Tourism portal was not as secure as it should've been. It was being hosted in an area that was linked to Prime Minister and Cabinet. The hackers removed information was removed from PM&C through the insecure Department of Tourism portal.
   

14:50

Fowler in car. Night.
   

ANDREW FOWLER: Yet this kind of vulnerability was nothing compared to what happened at the Department of Foreign Affairs and Trade, the home of Australia's overseas intelligence agency ASIS. A highly sensitive document was hacked by a foreign power.
   

15:05

Informant 2 in silhouette
   

ANDREW FOWLER: Do you know specifically that that has happened?
   

15:25

Super: Informant 2
   

INFORMANT 2: Yes I do.

ANDREW FOWLER: What was the particular document that you're referring to?

INFORMANT 2: It was a schedule for a specific sensitive project.

ANDREW FOWLER: What was that project?

INFORMANT 2: I can't tell you.

ANDREW FOWLER: Yet it was something that was specifically a very sensitive project that had a classification which was above confidential?

INFORMANT 2: Yes. It's a project that would give an adversary a significant advantage when dealing with Australia.
   

15:27

[shot continuous]
   

ANDREW FOWLER: And this came from the Department of Foreign Affairs?

INFORMANT 2: The documents I've seen that I witnessed were initiated by that department.

ANDREW FOWLER: Do you know who it was that hacked that particular document?

INFORMANT 2: It was a foreign intelligence service.

ANDREW FOWLER: From which country?

INFORMANT 2: China.
   

16:00

Fowler meets with Dreyfus
   

MARK DREYFUS, ATTORNEY-GENERAL: Hello Andrew.

ANDREW FOWLER: Hi Mike, how you doing?

ANDREW FOWLER: The Government has never admitted to the attacks. We asked the Attorney-General who's responsible for ASIO, Australia's domestic security agency, to explain why.
   

16:20

Dreyfus interview
   

ANDREW FOWLER: We have specifically been told that DFAT, defence and PM&C have been hacked almost certainly by Chinese hackers. Shouldn't that be made public in the public domain?
   

16:33

Super: Mark Dreyfus
Attorney-General
   

MARK DREYFUS: There's a great deal of intelligence material, espionage related material that we don't comment on. That's been the long standing practice of Australian governments for many decades…

ANDREW FOWLER: But why is that?

MARK DREYFUS: Well, I'm proposing to continue that practice.
   

16:45

Shanghai general views
   

Music
   

16:5

   

ANDREW FOWLER: China is increasingly identified as a major source of cyber hacking. Downtown Shanghai, the country's biggest city, and its booming. But away from the business and bustle, a nondescript building, home to a secret cyber espionage unit.

RICHARD BEJTLICH: That unit
   

17:04

Bejtlich. Super:
Richard Bejtlich
Chief Security Officer, Mandiant
   

is part of a larger operation whose goal is to extract trade secrets, intellectual property, other sensitive data from Western companies and organisations and to use that for the benefit of Chinese companies and Chinese organisations.
   

17:29

Bejtlich walks
   

ANDREW FOWLER: Richard Bejtlich is a former US intelligence officer. Earlier this year his company
   

17:46

Mandiant report
   

Mandiant, published a revealing report which for the first time identified the building as one of some 20 centres for cyber attacks against the West.
   

17:55

Bejtlich
   

RICHARD BEJTLICH: We estimate that there's, as far as the numbers of people who work there somewhere in the hundreds, potentially a thousand.
   

18:05

   

The building that we identified is part of a compound, and we know that their expertise is English language speaking companies.
   

18:11

Cyber espionage building
   

ANDREW FOWLER: His team traced the cyber attacks back to their source.
   

18:18

Mandiant report
   

The Mandiant report cited hits on more than 100 mainly US companies and for the first time named the attacker. The attacks come from the second bureau of the People's Liberation Army's General Staff Department Three, commonly known by its Military Unit Cover Designator as Unit 61398.
   

18:26

Prof Ball interview. Super:
Professor Des Ball
Strategic & Defence Studies Centre, ANU
   

DES BALL: It's an entirely secretive organisation. What you can find out about it only comes about because of what mistakes they make. They do all sorts of things. They do the industrial espionage, because there's a link there to the private sector, if you can call it the private sector in China. But they are also well into a whole range of intelligence collection.
   

18:50

Chinese Ambassador at press conference
   

ANDREW FOWLER: The Chinese Government has repeatedly denied the claims made in the Mandiant Report.
   

19:21

File footage. Yuming in ABC interview
   

In a recent interview with the ABC, the Chinese Ambassador to Australia said China had also been hit.
   

19:27

[shot continuous]
Super:
Chen Yuming
Chinese Ambassador to Australia
   

CHEN YUMING, CHINESE AMBASSADOR TO AUSTRALIA (translation): China is also a big victim of cyber attacks in the world. There are hundreds of thousands of computers in Chinese Government agencies which have been attacked by cyber attackers from overseas sources.
   

19:35

Chinese building exteriors
   

ANDREW FOWLER: The Mandiant team discovered that the Chinese also had Australian companies in their sights.
   

19:55

Bejtlich. Super:
Richard Bejtlich
Chief Security Officer, Mandiant
   

RICHARD BEJTLICH: I believe that there are at least two companies in Australia but in aggregate so I'm, I'm thinking more in terms of Mandiant's overall picture of the Chinese espionage problem, yeah Australia definitely has a problem.
   

20:05

Australian mining
   

ANDREW FOWLER: It is Australian companies supplying mineral resources and building materials for China's boom, which are among the chief targets.
   

20:17

   

Three years ago Four Corners revealed cyber attacks on BHP Billiton, Rio Tinto and the Fortescue Metals Group. Tonight we can disclose the target of a new hit by China's cyber spies, a leader of Australia's domestic and export construction industry, BlueScope Steel.
   

20:30

BlueScope Steel China. Super: Promotional video
   

Music
   

20:50

   

ANDREW FOWLER: BlueScope Steel sells millions of dollars of its products every year in China. It has an office in Beijing and a Colorbond factory at Suzhou, just 80 kilometres west of Shanghai and Unit 61398.
   

20:52

   

Four Corners has been told that three years ago, one of BlueScope's facilities in China took a direct cyber hit. The hackers were believed to be seeking commercial information and plans, possibly including the key to BlueScope's unique Colorbond process.
   

21:08

BlueScope flag and signage
   

BlueScope disputed this account, but declined to make a public statement to Four Corners on the matter.
   

21:26

MacGibbon. Super:
Alastair MacGibbon
Director, Centre for Internet Safety
   

ALASTAIR MACGIBBON: I deal with companies all the time who often I don't think understand how important it is to be protecting, really, the crown jewels of the way that company operates. And that's obviously everything from your pricing, through to your marketing, your mergers and acquisitions, and in the case you are talking about, possibly the very processes that are used to manufacture a good or service.
   

21:35

AFP office
   

ANDREW FOWLER: Four Corners understands from a source connected to BlueScope that information about the hack was relayed to the company by the Australian Federal Police.
   

22:00

Fowler with Morris
   

AFP's Deputy Commissioner Tim Morris, took over as head of cyber crime earlier this year. The AFP has a key role in cyber crime and security.
   

22:12

Morris. Super:
Asst Comm. Tim Morris
High Tech Crime Operations, AFP
   

ASSISTANT COMMISSIONER TIM MORRIS, HIGH TECH CRIME OPERATIONS, AFP: I think there's no doubt that we've seen a general increase in the amount of cyber activity including cyber attacks impacting on Australia, and that includes not just government agencies but industrial, commercial entities as well.
   

22:24

CSOC exterior. Night
   

ANDREW FOWLER: The AFP is part of the national Cyber Security Operations Centre, known as CSOC.
   

22:40

Fowler outside CSOC. Night
   

This is the home of Australia's new cyber security centre. It's underground, protected by a battery of cameras and sensors. But even here these kinds of protections are largely ineffective against the new cyber threat.
   

22:49

Aerial. ASIO headquarter
   

Music
   

23:03

   

ANDREW FOWLER: A few hundred metres west of the CSOC building is the site of the massive new ASIO headquarters. It's been designed to hold nearly 2,000 staff as ASIO has benefited from the post 9/11 spending boom that saw the tripling of its budget.
   

23:07

Driving past ASIO headquarters
   

Shrouded by tatty blue fencing, the new building was meant to be in operation in 2012. But there's been a delay and a cost blow out $630 million so far, and it's still not finished.
   

23:24

   

Four Corners has learned one reason for the delay in ASIO moving into the new building. And it's more than a mere inconvenience. Someone has stolen the blueprints, not just of the overall building but also of the
   

23:40

   

communications cabling and server locations, of the floor plans, and the security systems. It was more than theft. It reeked of a espionage operation, someone had mounted a cyber hit on a contractor involved in the site. The plans were traced to a server in China.
   

23:54

Prof Ball
   

We put our discovery to Professor Des Ball.
   

24:16

Prof Ball interview
   

DES BALL: That's of major significance. It's to me only one element of the sorts of activities which the Chinese are up to these days.

ANDREW FOWLER: But why is it particularly significant that they are building plans?

DES BALL: Once you get those building plans you can start constructing your own wiring diagrams, where the linkages are through telephone connections, through Wi-Fi connections, which rooms are likely to be the ones that are used for sensitive conversations, how to surreptitiously put devices into the walls of those rooms or into the roofings above those rooms.
   

24:19

   

ANDREW FOWLER: Given that those blueprints are now available and if they are in China, what could the security organisations do here to change the building to make it less vulnerable?

DES BALL: At this stage, with construction nearly completed, you have two options. One is to accept it, and practice utmost sensitivity even within your own headquarters. The other, which the Americans had to do with their new embassy in Washington, their new embassy in Moscow, back in the late ‘70s and early ‘80s, was to rip the whole insides out and to start again. The British had to do that with several buildings in London.
   

25:04

Dreyfus
   

ANDREW FOWLER: We asked the Attorney-General to explain how the plans for one of Australia's top intelligence agencies could be stolen.
   

25:54

   

ANDREW FOWLER: A prime contractor involved in the building plans for the new ASIO building has been hacked and those plans taken. What can you tell me about that?
   

26:03

[shot continuous]. Super:
Mark Dreyfus
Attorney-General
   

MARK DREYFUS: Nothing. I'm not going to comment on operational or intelligence matters and I've told you that already in relation to…

ANDREW FOWLER: But this is a, this is a building. This is not an ongoing operation. This is a simple building to house ASIO and the plans we understand...

MARK DREYFUS: I'm not going to -- Andrew, I'm not going to comment on individual cases.
   

26:15

   

ANDREW FOWLER: But why?

MARK DREYFUS: I this, this would be a bit of "How long have you got?" Andrew, to for me to explain to you why it is that governments and intelligence agencies don't comment on intelligence and operational matters. But perhaps most obviously the more that is disclosed about what's known about espionage activity in Australia or operational aspects in counter intelligence, the more that our opponents, people who are engaging in espionage will know about our capability and know about the methods that we have for detecting espionage or -- that's at the general level -- or detecting cyber threats.
   

26:36

MacGibbon. Super:
Alastair MacGibbon
Director, Centre for Internet Safety
   

ALASTAIR MACGIBBON: In fact I would strongly advocate that legislation be enacted that forces governments to tell what has been happening in the networks, and forces businesses to also be saying, not just the concept of loss of data, because whenever you start talking about personally identifiable information you fudge around at the edges and it gives you an out. What we need is rock solid legislation that says "We've had someone who's unauthorised in our system," don't always need to know what they've done, but they've been in there and that alone would allow us to have a discussion about this.
   

27:16

Government intelligence agency buildings
   

ANDREW FOWLER: In the geo strategic world ASIO's problems may seem minor. But any compromise there could impact Australia's relationship with powerful overseas intelligence agencies, the giant UK spy base in Cheltenham, known as GCHQ and the US National Security Agency, the NSA near Washington. Together they run the biggest electronic intelligence gathering operation in the world.
   

27:51

Montage. Cyber hacking
   

It's here in the murky world of electronic eavesdropping that the tools of cyber attack used to gather intelligence and steal business secrets are crossing over to a new level, the potential for cyber war.
   

28:24

Blackburn walking on street
   

Former Deputy Chief of the RAAF, John Blackburn, is a national security consultant with research institute the Kokoda Foundation.
   

28:41

Blackburn interview. Super:
John Blackburn
Deputy Chair, Kokoda Foundation
   

JOHN BLACKBURN, DEPUTY CHAIR, KOKODA FOUNDATION: It has started and we have already lost certain phases of that cyber war. It's pretty clear that with the amount of intellectual property theft and data that's been taken out of company systems globally that we've been a sort of a bit asleep whilst the war was already started.
   

28:53

   

ANDREW FOWLER: What kind of impacts could the worst case scenario have on Australia?

JOHN BLACKBURN: In that sort of segment there, if you have large scale IP theft, the value of your company the value of your industries will get significantly reduced. If you can't actually get a return on investment from what you've actually put into a company or its R&D development, if that disappears out the side door then you've basically lost your value. You start losing that sort of value the economic impact could be horrendous.
   

29:12

Montage. Cyber hacking
   

Music
   

29:40

   

ANDREW FOWLER: Industry has already taken up the weapons of cyber war.
   

29:42

Alperovitch. Super:
Dmitri Alperovitch
Chief Technology Officer, CrowdStrike
   

DMITRI ALPEROVITCH: We really focus on the targeted attacks, particular nation sponsored attacks, identifying them, attributing them and figuring out what we can do to raise the pain and the cost to the adversaries. We need to send a message that what they're doing today is unacceptable and I believe today the situation is highly escalatory by us not being able to respond to them.
   

29:48

Alperovitch walks on phone
   

ANDREW FOWLER: Last year Dmitri Alperovitch, Chief Technology Officer of a US based cyber Security Company, flew to Australia. He'd been invited by the Defence Signals Directorate to address a closed conference of government intelligence officers. And his message, if you get bitten, bite back.
   

30:05

Alperovitch
   

DMITRI ALPEROVITCH: Well we absolutely need to move beyond passive defence and start implementing offensive strategies to raise the cost and the pain to the adversary. So far we've been playing, pure defence. We've been fielding these attacks. We've been swatting them away, and that ultimately doesn't work. It doesn't work in the physical world and it certainly doesn't work in cyberspace.
   

30:27

Fowler walks with Johnstone-Burt
   

ANDREW FOWLER: Andrew Johnstone-Burt has worked extensively for the British Government on intelligence and security. He's been employed by Deloitte, one of the world's biggest business consultants, to bolster client cyber security. He's careful with his words about what Australia's security agencies are doing to build a cyber attack capability.
   

30:47

Johnstone-Burt. Super:
Andrew Johnstone-Burt
Public Sector Leader, Deloitte Australia
   

ANDREW JOHNSTONE-BURT: We actually know that the agencies are trying to do that. Typically it's lack of resources and so on. But...

ANDREW FOWLER: Sorry, so they're trying to build an offensive capability?

ANDREW JOHNSTONE-BURT: No they're trying to help key private sector organisations that are looking after national assets, improve their resilience. Now, you know, inevitably with...(laughs). They, they have to find their choice of words to explain that. It's really-- I can't I can't describe that.

ANDREW FOWLER: Why can't you?
   

31:11

[shot continuous]
   

ANDREW JOHNSTONE-BURT: I can't describe offensive cyber capabilities.

ANDREW FOWLER: But it wouldn't be wrong to believe that a country like Australia would have that capability?

ANDREW JOHNSTONE-BURT: It would not be wrong.
   

31:54

Waters. Super:
Dr Gary Waters
Strategic consultant
   

GARY WATERS: If we've got the capability, then perhaps we should be suggesting that we do have a capability to essentially bring networks that are attacking us down. And therefore, should you decide to attack our networks, then we would do something to stop that attack.
   

32:08

Satellite map. Iran. Super:
Astrium/SPOT 5
   

ANDREW FOWLER: It's too late to stop the first shots in the cyber war, they've already been fired. And in 2009 an attack on Iran's Natanz nuclear enrichment facility lifted cyber threat to a new level. These exclusive images from Astrium, using the French Spot satellite, show the plant when a virus called Stuxnet hit the nuclear facility's control systems.

DES BALL: The Stuxnet virus
   

32:27

Prof Ball. Super:
Professor Des Ball
Strategic & Defence Studies Centre, ANU
   

in its first incarnation was developed to get into Siemens electronic systems which are used in large numbers of applications, but just so happened to be used in the Iranian enrichment program.
   

32:58

Waters
   

GARY WATERS: Not only were those control systems attacked in such a way to render them useless, they were attacked in such a way that the information they were giving off, was that they were operating under normal tolerance, within normal tolerances. So it was a very, very sophisticated capability.
   

33:19

Stuxnet sequence
   

Music
   

33:33

   

ANDREW FOWLER: The Stuxnet attack slowed the Iranian's uranium enrichment operation temporarily. The finger of suspicion pointed to the United States and Israel, who claim Iran is enriching uranium at the plant for nuclear weapons, something Iran denies. Exactly who created the virus may never be known, but there's no doubt about the threat its unleashed.
   

33:28

MacGibbon. Super:
Alastair MacGibbon
Director, Centre for Internet Safety
   

ALASTAIR MACGIBBON: It's a bit like releasing some type of, you know, something into the environment or, or some type of toxic biological weapon. They don't just stop where you want them to stop. You don't draw a line around them and cyber is one of those classic examples.
   

34:05

Montage. Computer hacking sequence
   

ANDREW FOWLER: It didn't take long for Stuxnet to rebound on other countries. China reportedly modified the virus and used it to disable an Indian telecommunications satellite.
   

34:21

MacGibbon
   

ALASTAIR MACGIBBON: Stuxnet went into the wild as in it got accessible by a whole range of other people and that means any idiot on the internet can now use Stuxnet or a Stuxnet derivative to carry out their own nefarious activities.
   

34:37

Montage. Computer hacking sequence/infrastructure shots
   

ANDREW FOWLER: The shutting down of the satellite and the attack on the Iranian facility served as a warning, that infrastructure is in the front line. Dams and electricity generating plants, anything using computerised systems are vulnerable to cyber attack.
   

34:54

Blackburn interview. Super:
John Blackburn
Deputy Chair, Kokoda Foundation
   

JOHN BLACKBURN: What's happened over time is we're becoming more and more reliant on this cyber domain. It's a, it's a nice buzz word but it's basically the way everything functions and operates today and more so in the future. For example, the use of smart grids in the electricity networks and wireless connectivity for those. It makes a lot of sense financially or economically and it's far more efficient, but have we designed those systems to address the potential threats to them and in my view that hasn't been done well.
   

35:13

Super:
Dr Gary Waters
Strategic consultant
   

GARY WATERS: At what point does it become crime, cyber crime or what point does it become cyber warfare is the biggest issue and therefore when you see a cyber incident occurring the challenge is, is that an espionage activity, is it a criminal activity, is it a military warfare type activity? And each of those decisions you come to will drive a different sort of response. And my concern really is that it may simply be a traditional spying activity that gets misperceived, misconstrued and that pushes the potential for some sort of reaction much, much quicker, much, much higher.
   

35:41

Military men on computers
   

ANDREW FOWLER: Governments may not have more than a matter of minutes to decide how to respond to a cyber attack.
   

36:18

Alperovitch. Super:
Dmitri Alperovitch
Chief Technology Officer, CrowdStrike
   

DMITRI ALPEROVITCH: Cyber today is a fifth domain of warfare, , in addition to land, air, sea and, and space, but at the same time we should not expect that a conflict will be contained to cyberspace.
   

36:30

MacGibbon
   

ALASTAIR MACGIBBON: If you go beyond a Stuxnet and start talking about large denial of service or shutting down of electricity or water grids in nations, then I don't think many nations would really draw too much differentiation between that and a physical, or what they call in military terms, a kinetic attack, actually you know, attacking you with fighter planes or ships or something else.
   

36:42

Chinese naval boat
   

ANDREW FOWLER: One possible reason China is so committed to cyber warfare is it has little alternative. Its military is no match for the West. For China, that is just the problem. And if tensions between Beijing and Washington spill over in the north-west Pacific, the fear is China has just one shot in its locker.

DES BALL: That's your very first step,
   

37:03

Prof Ball interview. Super:
Professor Des Ball
Strategic & Defence Studies Centre, ANU
   

to make those American platforms blind, deaf and dumb. It's the only way that those relative primitive Chinese capabilities would have any hope against American carrier battle groups.
   

37:36

Chinese naval vessel
   

If you're a country like China and you don't go first, then you end second. There's no doubt about that.
   

37:55

Prof Ball
   

There is no way that the Chinese can win that unless they take out commander control systems, unless they can degrade the surveillance capabilities that link the senses with the aircraft carriers, for example, put false data into those data links and to ensure that all the information and communication flows to the American Defence Force are so thoroughly degraded that the US cannot use its preponderance in those areas.

ANDREW FOWLER: And is that what you fear that the Chinese cyber activity is mainly focussed on achieving?
   

38:02

[shot continuous]
   

DES BALL: That's ah, that's their ultimate objective. There's no doubt about that.
   

38:39

Rockets/Computer hacking
   

ANDREW FOWLER: Placing constraints on the cyber road to war faces many difficulties.
   

38:45

   

DES BALL: There is no way at all that any international agreement restricting in the slightest cyber operations, is going to take effect, at least in our region. We have no arms control agreements of any sort of in East Asia. The idea that you're going to restrict your cyber operations in the event of conflict, no one is interested in taking that seriously. Building up your cyber warfare capabilities and practising them to the extent that you can do it covertly is what the game is about now. There is no consideration whatsoever any way in our region being given to limitations on cyber warfare practices.
   

38:54

Blackburn
   

JOHN BLACKBURN: The first step in addressing what appears, in my view, to be an escalating threat is to accept that the threat's actually there and don't just accept that the good work we're already doing is enough.

ANDREW FOWLER: Is it possible to ever have a non-aggression treaty?
   

39:42

[shot continuous]
   

JOHN BLACKBURN: Oh I doubt that. But there needs to be I think established norms, behaviours and legal frameworks which the majority of countries sign up to, as you do in some of, you know, the laws of armed conflict, to say there are accepted norms of behaviour that gives you a reference point. Without that it's just chaos.
   

39:57

Aerial. City
   

ANDREW FOWLER: If the chances of a cyber peace treaty designed to limit the affects of an attack seem remote, so too do the chances of persuading companies and the government to be more open when they are hit. Yet those who advise Australia's businesses believe it's the only way forward.
   

40:16

Johnstone-Burt
   

ANDREW JOHNSTONE-BURT: We don't have mandatory disclosure in this country. One thing the Government -- we at Deloitte would encourage -- is more disclosure. Going to mandatory disclosure is another question. But certainly more disclosure is needed. By more disclosure we can get more information as to what attacks are occurring and why, and with that we can build greater resilience and greater defence.
   

40:38

MacGibbon
   

ALASTAIR MACGIBBON: There are private companies, there's small businesses and then there's government departments themselves and if we're going to make a rule for the publicly listed companies, who I believe already have an obligation to disclose to the market those issues, we should apply that same logic across the entire spectrum of government and business.
   

40:59

Aerial. Parliament House
   

   

41:16

   

ANDREW FOWLER: As the drum beats of cyber war grow louder, time is running out.
   

41:20

   

Music
   

42:26

Credits:

 

Reporter: Andrew Fowler

 

Producer: Peter Cronau

 

Researcher: Mario Christodoulou

 

Camera: Simon Beardsell, Erik Havnen, Neale Maude

Additional camera: Dan Sweetapple

 

Sound: Richard McDermott

 

Editor: Michael Nettleship

Assistant editors: Amy Noble, Elva Darnell

 

Additional production: Mark Yates

 

Archive researcher: Michelle Baddiley

 

Library researchers: Keryn Kelleway, Kate Burnham

 

Graphic designers: Lodi Kramer, Seb Danta

 

Post production: Gary Hibbert

 

Additional footage: Smith&Nasht, Getty Images, Reuters, Codan Ltd

 

Satellite imagery: Astrium Services/Spot-CNES

 

ABC Legal: Michael Martin

 

Producer’s assistant: Wendy Purchase

 

Production manager: Susan Cardwell

 

Supervising producer: Mark Bannerman

 

Executive producer: Sue Spencer

 

Background Information

 

 

© 2013 ABC
© 2024 Journeyman Pictures
Journeyman Pictures Ltd. 4-6 High Street, Thames Ditton, Surrey, KT7 0RY, United Kingdom
Email: info@journeyman.tv

This site uses cookies. By continuing to use this site you are agreeing to our use of cookies. For more info see our Cookies Policy