May 22, 2008
Spy chief Paul O'Sullivan has urged business to assess its cyber
security, saying individuals and nations are targeting the private
sector in a bid to steal sensitive information.
"The widespread use of the internet in government and business presents
opportunities for state agencies to gain covert access to information,"
Mr O'Sullivan told the Australia-Israel Chamber of Commerce in Sydney
"And a range of non-state actors - hackers, criminals and other foreign
entities, acting independently or on behalf of groups, networks, or
states - are engaged in nefarious cyber-activities, whether for profit,
to cause damage, test for vulnerabilities or acquire sensitive
"Such actors are targeting business and government alike."
Mr O'Sullivan, the director-general of the Australian Security
Intelligence Organisation (ASIO), warned the attacks were not always
He made particular mention of so-called trojan horse attacks where a
seemingly innocuous piece of software is attached to an email and then
makes its way into a computer network.
"The various IT-related devices - software, mobile phones, disks,
thumb-drives, personal organisers, and so forth - all of which are now
in common use - are also potential vectors for trojans.
"So it is important that you consider whether you have appropriate
security policies covering their use, particularly as they can be easily
inserted into your systems, sometimes quite innocuously - as gifts to
staff, for example."
Mr O'Sullivan warned a trojan attack could potentially see large amounts
of private information stolen from "virtually anywhere on the planet".
"A successful attack could see the loss of commercially-sensitive
information (including) business strategies, intellectual property,
sensitive client details, even company employee information."
ASIO runs a business liaison service and Mr O'Sullivan encouraged
businesses to use it.
"Given the international profile of many of our major companies, we are
also working closely with key overseas partners to pool and compare
experiences and further refine judgments so that businesses are provided
with consistent advice."
Mr O'Sullivan's warning comes a day after the business-government
advisory group on national security met.
At that meeting Mr O'Sullivan provided a detailed national security
update to leading business figures from high profile companies including
Rio Tinto and Westfield.
Attorney-General Robert McClelland admitted earlier this year that
classified government computer networks had been subjected to cyber
Copyright 2008. The Age Company Ltd
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com