A security expert has cast doubt on the New Zealand Treasury's claim that it was hacked.

Bruce Armstrong from security firm Darkscope said claims from the head of Treasury, Gabriel Makhlouf, that 2000 attempts in 48 hours as proof shows their lack of cyber security awareness.

"There are nearly one billion website breach attempts blocked every day across the world – it is far more common than most people expect," Armstrong said.

"The 1000 attempts per day is simply 'white noise' on the Treasury site."


These comments come after information related to the Wellbeing Budget was leaked yesterday.

The tech team at Darkscope believes a more likely scenario was that someone used a so-called "spider crawler" to find hidden content on the Treasury website - which would obviously be distinct accessing a secure database of information.

A second security expert confirmed to the Herald that it isn't unusual for an organisation to be hit with thousands of attempted hacks in a given day.

"Organisations are often under automated attacks, which can register thousands of attacks a day," said Aura Information Security general manager Peter Bailey.

Bailey said cybersecurity experts monitor these attacks to determine whether there has been a spike, which would be indicative of an increased effort to get in.

He said the severity of an attack would have to be measured against the usual amount of activity for an organisation and also whether there had been a concerted effort to access something in particular.

Bailey said the methods of hacking range from rudimentary efforts to the highly sophisticated use of technology.

"Hacking can be as simple as guessing someone's password to gain unauthorised access to their account," he says.


"Or it can be as complicated as hacks that require hacking tools and custom code to gain access to databases of information. Most of the attacks we see in the press these days are database attacks where hackers steal large amounts of customer data, such as the recent attack on Mariott Hotel group where over 500 million guests' data was exposed. We also see attacks for political gain, such as the email attacks during the 2016 presidential elections in the US."

Gabriel Makhlouf is the Secretary to the Treasury. Photo / File
Gabriel Makhlouf is the Secretary to the Treasury. Photo / File

In this case, Treasury general secretary Gabriel Makhlouf said there were "multiple and persistent attempts" to get unauthorised access to the Budget information on Treasury's website.

Makhlouf went on to say that Treasury thought its website was secure until the Budget information was leaked.