Australian officials regard the latest hack as a major national event following breaches of federal Parliament’s computer network and the Liberal, Labor and National parties last year.
One source said that Chinese intelligence had likely learnt from other sophisticated international players such as Russia. During the Cold War, the then Soviet Union used long-term tactics such as contacting or recruiting western students at prominent universities. Among the most famous were the “Cambridge five”, the ring of British diplomats and spies who had been secretly recruited by the KGB while they were at Cambridge University.
Authorities have described the ANU attack – the second on the university in a year – as “sophisticated”, indicating it is almost certainly a foreign government rather than a criminal group or politically motivated hackers.
While it is understood there is no clear evidence yet that Beijing is behind the attack, sources said China was one of only a handful of countries able to carry out such a breach while remaining undetected.
The university’s vice-chancellor, Brian Schmidt, has admitted the breach was detected only a fortnight ago even though it began late last year, meaning the hackers had access to data for at least five months.
About 200,000 current and former students and staff have had their data accessed – including personal details, contact information, tax file numbers, bank account numbers, passport details and academic records.
The breach happened right across the university, including the prestigious National Security College, which mid-career government officials attend for short courses. It is understood that the college keeps no classified data.
The university is also home to the influential School of Strategic and Defence Studies and the Crawford School of Public Policy – both of which have deep links with government departments and agencies.
Intelligence officials are understood to hold a range of concerns about how the data could be exploited, including using it to build profiles of existing government officials based on their backgrounds.
The more immediate prospect is that the Chinese agencies could target promising young students who might also have personal vulnerabilities that are revealed through data stolen from the university’s computers.
The success of the hack the length of time it took to be detected has concerned Australian authorities because the university upgraded its cyber defences after a previous attack that was revealed a year ago.
One intelligence official said: “China probably knows more about the ANU’s computer system than the ANU does.”
A spokesman for the Australian Signals Directorate, the nation’s electronic spy and chief cyber defence agency, said the latest hack was “a salient reminder that the cyber threat is real and the methods used by malicious actors are constantly evolving”.
David Wroe is defence and national security correspondent for The Sydney Morning Herald and The Age.