Australian Spy Chief Fears Sabotage Of Critical Infrastructure

February 29, 2024 TH Author headline,hacker,government,australia,cyberwar,backdoor,scada

The director general of security at Australia’s Security Intelligence Organisation (ASIO) has delivered his annual threat assessment, revealing ongoing attempts by adversaries to map digital infrastructure with a view to disrupting important services at delicate moments.

In a speech delivered yesterday, Mike Burgess noted that countering Soviet sabotage plots was a significant reason ASIO was created.

“The sabotage threat has receded in recent decades, but I worry it could re-emerge – particularly in relation to critical infrastructure,” he warned, before noting “the most immediate, low cost and potentially high-impact vector for sabotage is cyber.”

He pointed out that “Our critical infrastructure networks are interconnected and interdependent, which increases the vulnerabilities and potential access points.”

Terrorists, foreign spies, and nationalist and racist violent extremists have all in recent months shown signs of increased interest in sabotage, Burgess revealed.

Nationalists and racists are probably just mouthing off. But the spy chief indicated that ASIO “is aware of one nation-state conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks.

“The reconnaissance is highly sophisticated, using top-notch tradecraft to map networks, test for vulnerabilities, knock on digital doors and check the digital locks,” Burgess added.

Burgess asked his audience to consider the November 2023 outage at Australian telco Optus, and the disruption that caused.

“That’s one phone network not working for one day,” he recalled. “Imagine the implications if a nation-state took down all the networks? Or turned off the power during a heatwave?”

Such incidents, he warned, “are not hypotheticals. Foreign governments have crack cyber teams investigating these possibilities right now – although they are only likely to materialize during a conflict or near conflict.”

Security clearances in social media profiles

Burgess also revealed that Australia is the priority target of a group run by a foreign intelligence service – and that the group has subverted a former Australian politician.

ASIO has named the group “The A-Team” and Burgess told the audience its members “trawl professional networking sites looking for Australians with access to privileged information, and then use false, anglicized personas to approach their targets.”

Which tells us this is not an English-speaking nation – narrowing the list of suspects to about 150 countries, or perhaps to the three known to be both non-English speaking and known to run very active offensive cyber programs: Russia, China, and North Korea.

The A-Team’s work is made easy, Burgess lamented, by over 14,000 Australians mentioning the security clearances they hold in their social media profiles.

“This form of espionage is low-cost, low-risk, low-effort – and can be conducted at scale. Hundreds of friend requests can be sent each day,” Burgess explained.

One of the A-Team’s actions saw it successfully cultivate and recruit a former Australian politician.

“This politician sold out their country, party and former colleagues to advance the interests of the foreign regime,” Burgess reported. “At one point, the former politician even proposed bringing a prime minister’s family member into the spies’ orbit. Fortunately that plot did not go ahead – but other schemes did.”

Those other schemes saw academics invited to all-expenses-paid conferences outside Australia, and greeted by people posing as bureaucrats who were actually A-Team operatives.

“They used the conference to build relationships with the Australians and aggressively target them for recruitment, openly asking who had access to government documents,” Burgess recounted. That effort worked. “A few weeks after the conference wrapped up, one of the academics started giving the A-team information about Australia’s national security and defence priorities.”

Another incident ASIO detected saw an aspiring Australia politician share info with A-Team operatives – including descriptions of internal party machinations and the names of rising starts within the organization, plus analysis of a recent election.

“ASIO disrupted this scheme and confronted the Australians involved,” Burgess explained. “Several individuals should be grateful the espionage and foreign interference laws are not retrospective,” he added, revealing that the intelligence agency was able to sever links between the targeted individuals and the A-Team.

Burgess reported that ASIO also managed to confront the A-Team directly.

Another aspiring Australian politician alsoprovided insights into the factional dynamics of his party, analysis of a recent election and the names of up-and-comers – presumably so the A-team could target them too.

“Late last year, the team leader thought he was grooming another Australian online,” Burgess recalled. “Little did he know he was actually speaking with an ASIO officer. The spy was being spied on – the player was being played. You can imagine his horror when my officer revealed himself and declared: ‘we know who you are. We know what you are doing. Stop it or there will be further consequences’.”

Burgess wound up his talk by urging Australian organizations to get more serious about security. He revealed ASIO will soon publish “a framework to help organizations build and maintain a robust security culture.”

Australia’s signals intelligence agency, the Signals Directorate, developed the Essential Eight infosec mitigation strategies – an approach that is well regarded around the world. Maybe ASIO’s security culture document will achieve similar status. The Register will look out for it once it lands. ®