Chinese cyber attacks on miners: report

The Australian Broadcasting Corporation (ABC) last night revealed that Rio Tinto, BHP Billiton and Fortescue Metals had been hit by Chinese "cyber attacks", one being in the lead up to the sentencing of former Rio Tinto mining executive Stern Hu.
Written by Ben Grubb, Contributor and  AAP , Contributor

The Australian Broadcasting Corporation (ABC) last night revealed that Rio Tinto, BHP Billiton and Fortescue Metals had been hit by Chinese "cyber attacks", one being in the lead up to the sentencing of former Rio Tinto mining executive Stern Hu.


Mining apparatus (Mining Headframe image by
Tamsin Slater, CC BY-SA 2.0)

"Hackers have worked to penetrate the companies' computers systems to steal confidential data," ABC1's Four Corner's program host Marian Wilkinson said last night on an episode entitled Chinese Whispers.

The attack on Rio Tinto was confirmed to Four Corners by former employees of the company and a senior government source. The program said the attacks were "sufficiently serious" for Rio to take its Singapore office offline for "almost three days immediately following Stern Hu's arrest, as it upgraded its network security".

Hu was sentenced in March to 10 years in jail for bribery and stealing commercial secrets by a Chinese court.

The attack also apparently affected Rio's Perth office, as crisis managers confronted China's claims of spying and bribery.

A Rio spokesperson said the issues involved were "sensitive" and refused to talk about them; however, former employees and senior government sources confirmed the attack did happen.

Major Nicholas Chantler, a former army counter-intelligence officer and now cybersecurity lecturer, heard of the attack.

"I would have to say that it shook a lot of cages, because we'd already been aware of these sorts of situations, albeit at a much lower level," he told the ABC.

"This has taken things to somewhat of an extreme."

Sources have said the government knew of the attack, and officers from the Defence Signals Directorate were brought in to investigate.

A former senior BHP executive was also said to have told Four Corners about "several" attacks during the company's Rio Tinto takeover bid, where hackers tried to penetrate the company's computer system. The former executive said BHP regularly upgraded its network security to counter the attacks. The perpetrator of the attacks on BHP was not known, according to the program.

Meanwhile, senior mining executives at Fortescue Metals Group have said the company's systems in the Pilbara and Perth had also been subject to cyber attack.

Fortescue chief executive Andrew Forrest said the company hadn't taken any precautions when it came to doing business with China.

"We have a very, very strong play-straight-down-the-line view with China," he said.

"That doesn't mean we will always agree with China."

In one case, which chief information security officer at IT company Logica, Ajoy Ghosh, confirmed he had been called to investigate, an Australian businessman found a USB key in his hotel room during a stop-over in Hong Kong and inserted it into his laptop. In doing so, he infected his computer with malware, leaving it open for hackers to gain access to confidential information.

"So this has happened many, many times before," Ghosh said. The attacks were "very clinically targeted", he said, and the attacker knew the information that they were after.

Director of international security studies at Sydney University, Alan Dupont, said the government was concerned about the perceived level of cyber attacks coming from China.

"It's moving quickly to make it more difficult to penetrate national systems, as well as commercial systems, and also briefing Australian business organisations on an ad hoc basis ... about some of the risks," he said.

"It's doing it quietly because it doesn't want this to emerge publicly because of the sensitivities in the relationship with China."

Dupont said China had seen an opportunity to gain competitive advantages by accessing commercial secrets and called on the Australian Government to speak out about it.

"The Australian Government has been quite silent on this and I think the time has really come for Australia to actually start upping the ante and having some serious discussion with China about this," he said.

A spokesperson for the Chinese embassy in Australia denied the country was involved in cyber attacks.

"China is firmly opposed to any kind of cyber attacks ... China is the victim of cyber attack and hopes to co-operate with other nations to prevent this attack," he said.

"It is groundless to accuse China of making so-called cyber attack on others."

The attacks followed a CRN report in September which said that the chief technology officer at security firm Symantec, Mark Bregman, had been advised by "people in three-letter agencies in the US Government" to weigh electronic equipment he carried when travelling to China.

"They also don't want me to take my phone. They said to buy a mobile phone in the US and throw it away when you come back," he reportedly said at the time.

News Limited has also had numerous distributed denial-of-service (DDoS) attacks aimed at its infrastructure, according to its Australian IT security manager, Bob Hinch.

Editorial standards