Breach Notification , Governance & Risk Management , Incident & Breach Response

Australia Took Military System Offline Over Hack Fears

Defense Department Says No Data Was Compromised
Australia Took Military System Offline Over Hack Fears
A Royal Australian Air Force F-18 fighter takes off from Anderson Air Force Base in Guam in February 2020. (Source: Australian Department of Defence)

Australia took a sensitive military recruiting database offline for 10 days in February following concerns it may have been compromised, according to the ABC local news report.

See Also: From Epidemic to Opportunity: Defend Against Authorized Transfer Scams

The database contains medical exam data, psychological records and summaries of interview with recruits, the ABC reports. The database is maintained under contract by a private company, ManpowerGroup.

The Defense Department says in a statement that some elements of the database, called the Defense Force Recruiting Network, were “proactively” taken offline on Feb. 2. Normal operations resumed on Feb. 12, it says.

“An investigation did not identify any evidence to suggest a compromise of information had occurred,” according to a Defense Department spokesperson. The department says “the security of information systems and personnel data is of paramount importance.” No further information was released.

Call for Investigation

An anonymous source tells the ABC that the first suspicions were raised before Christmas. Meetings were held twice a day over the Christmas holidays to address the situation, according to the news report.

As a result, email systems between DFRN computers and the department’s protected network were suspended, the ABC reports.

"An investigation did not identify any evidence to suggest a compromise of information had occurred."
—Australian Department of Defense

ManpowerGroup, a large U.S. based company, tells Information Security Media Group it had been aware of a potential issue and that the DFRN had been restored to full operations.

Two Australian lawmakers in the House of Representatives, Andrew Hastie and Luke Gosling, expressed concern over the development.

Hastie, who served in Afghanistan, says that no breach can be considered too small and that the length of time the database was offline suggests a sophisticated actor was involved. Gosling, who served in the Australian Army for 11 years, called for a “thorough investigation,” according to the ABC.

Under Attack Before

Australia has had several major cybersecurity incidents over the last several years that have raised concerns.

In February 2019, it was revealed attackers had breached the email system of the Australian Parliament. An investigation concluded no information had been taken (see: Hack Attack Breaches Australian Parliament Network).

It was revealed later in the year that a watering-hole attack led to the compromise. A legitimate external website was compromised, Sen. Scott Ryan said at the time, which “caused malware to be injected into the Parliamentary Computing Network” (see: Compromised Website Led to Australia Parliament Hack).

Reuters reported in September 2019 that Australia’s intelligence agencies believed China’s Ministry of State Security was involved in the attack against Parliament as well attacks against three political parties before a general election in May 2019. China disputed the allegation.

Also last year, Australian National University reported a data breach affecting staff and student data stretching back 19 years. The data included names, addresses, birth dates, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details and student academic records (see: Australian National University: 19 Years of Data Copied).

The university is an attractive target because it runs the National Security College, a graduate school focused on defense studies run in cooperation with the Australian government.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.