Recent email phishing attacks on ANU staff and students have been traced to Russia, leaving open the possibility the hacks are originating from Russia, Woroni has learned.
But these attacks are fairly rudimentary, ruling out the possibility they are state- sponsored or linked to groups which targeted Hillary Clinton’s US presidential campaign last year.
The phishing emails sent to ANU staff and students work by directing students to log into a fake website, which then records the login credentials which hackers can use to gain access to the email system and distribute more fake emails.
Woroni understands that both students and staff have been compromised.
The group has also targeted the University of Miami, Yahoo email accounts and customers of an online banking portal for an American bank.
A spokesperson for the ANU said that no senior staff had been compromised, despite ‘an increased campaign of phishing and sent warning communications regarding these emails to all staff and students.’
‘We encourage all ANU staff and students to be alert for phishing emails, particularly for suspicious emails that claim to be from ANU, asking the person to re-enter their student or staff number and password,’ they said.
‘The ANU will never ask a student or staff member to reveal their username – student or staff ID number – password or any other personal information via email.’
Professor Roderic Broadhurst, a criminology and cybercrime expert in the Research School of Social Sciences, told Woroni that the Russian connection seemed likely in this case ‘although proxies and false flags are commonplace.’
Broadhurst said that universities were often ‘common targets’, but that ANU IT Services does a ‘good job of fending off various attempted intrusions, however, some phish intrusions are successful because they deceive a user to open a compromised email, social media account or visit a dodgy website.’
‘While students may be at risk as potential vectors for third party or insider intrusions, they are generally not a high priority – perhaps because they don’t have fat bank accounts, however many online scams do trick students into paying rental bonds, employment or work from home scams,’ Broadhurst said.
But Broadhurst played down the risk posed by such attacks on sensitive research areas.
‘Sensitive research areas are generally not connected to the internet and operate in an encrypted environment, however, once again social engineering can compromise a user who may unintentionally download spyware,’ he said.
Broadhurst said that some nations – including Russia, China, North Korea and the United States – have allegedly engaged in ‘patriotic hacking’.
‘Some state actors engage criminal actors or proxies to conduct these sorts of activities but turn a blind eye as long as these cybercriminals target outside the state,’ he said.