Hackers exploit email to access RBA computers

It is understood the RBA was also targeted in the lead-up to the G20 meeting in Cannes earlier in 2011. Photo / File
It is understood the RBA was also targeted in the lead-up to the G20 meeting in Cannes earlier in 2011. Photo / File

The Reserve Bank of Australia's computer systems have fallen victim to cyber hacking in at least two sophisticated online attacks.

Documents released by the RBA show the central bank was the victim of a "highly targeted" email attack in November 2011.

It is understood the RBA was also targeted in the lead-up to the G20 meeting in Cannes earlier that year, though it is not known what, if any, information was stolen.

An RBA spokeswoman could not confirm claims published in the Australian Financial Review that "Chinese-developed malicious software" had been used in the G20 incident.

Chinese cyber hacking is increasingly being acknowledged as a significant threat by Western governments and major companies.

US cyber security firm Mandiant in February issued a detailed report tracing attacks on more than 140 organisations to a Chinese military unit.

According to documents published on the Reserve Bank's website in December 2012, up to six RBA computers were infiltrated through an email attack on November 16 and 17, 2011.

A report of the incident states that bank staff received an email which contained malicious software in the form of an embedded hyperlink.

It said the email, which was purportedly from a senior staff member, had appeared credible to recipients.

"The email managed to bypass the existing security controls in place for malicious emails by being well written, targeted to specific bank staff and utilised an embedded hyperlink to the virus payload," the report said.

It said that, because the email contained no attachments, it bypassed security controls.

While the report said the actual impact of the attack was minor, it created concerns about the central bank's cyber security.

"Of note was that the anti-virus which is used on the bank workstations and servers did not detect the virus."

-AAP

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on red akl_n1 at 24 Sep 2014 05:46:02 Processing Time: 639ms