The internal communications of Australia’s major iron ore producers have been aggressively targeted by cyber attacks that many senior executives and members of the Rudd government suspect originate in China.
The potential breaches of security and the continuing threat of more are thought to be so widespread that some senior industry executives have their more sensitive phone and email communications – even when in Australia – encrypted, with the assistance of the federal government.
The issue is so politically and commercially explosive that neither the companies involved nor the Rudd government will talk about the issue publicly.
China has always emphatically denied any suggestions it was involved in cyber attacks on Western companies.
A report on the ABC’s Four Corners program last night outlined cases of cyber attacks against BHP Billiton, Rio Tinto and Fortescue Metals at times of extreme tension in the relationship with their main customer, China.
Although the program offered no proof that any of these attacks came from China, the companies and the Rudd government are believed to be operating unofficially on that assumption.
The Australian has also been told of a concerted cyber attack on a major iron ore company leading to radical changes, organised by Canberra, in the way its executives communicate to ensure confidentiality.
An unnamed senior BHP Billiton executive told Four Corners about several attacks during the company’s bid to take over Rio Tinto in 2008 and that its network security was regularly upgraded to counter these.
According to the program, Rio Tinto also discovered an intruder had launched a major hacking attack on its computer network around the time of the arrest of Stern Hu and three other Rio executives in China last June.
This was regarded as so serious that Rio took its Singapore office offline for almost three days immediately following Hu’s arrest on charges of bribery and commercial espionage.
Hu pleaded guilty to bribery last month but the charges of stealing trade secrets were vague and held in closed court.
Fortescue Metals Group has also been targeted, leading to a serious upgrading of its IT systems and the encryption of highly confidential communications.
According to Four Corners and information given to The Australian, Australia’s own electronic spying agency, the Defence Signals Directorate, and ASIO are helping some major companies to protect themselves from cyber attack.
Alan Dupont, director of the Centre for International Security Studies at the University of Sydney, said cyber penetration was a growing global problem.
“There’s a general attempt by the government to educate the business community about the level of threat to their communications systems,” Professor Dupont said.
“I am reasonably certain China is getting specific mention, as a lot of the attacks appear to have come through China, although no one can prove it categorically.
“Politically the government would have to be very careful about explicitly identifying any country, but the perception is that China has been the main perpetrator over the past two to three years. It is difficult to know whether, and at what level, it is co-ordinated and controlled by the state.”
Internet services to several Australian companies were dramatically slowed last week following an internet attack on Optus that was believed to have originated in China. Internet giant Google announced this year it had been hit by a cyber attack mounted from China and said at least 20 other major corporations had been similarly targeted.
But the outraged reaction of the Chinese to any suggestions they are responsible – and the commercial importance of doing business in China – make Australian companies reluctant to raise the issue in public.
Major iron ore producers are already facing antagonism in China over the rising price of iron ore and a proposed joint venture between BHP Billiton and Rio Tinto.
At the same time, the Rudd government is trying to improve relations with Beijing after a rocky period, exacerbated by tensions over the level of Chinese investment in Australian resources companies.
The federal government opened a new Cyber Security Operations Centre last January. -By Jennifer Hewett, National affairs correspondent, The Australian