Computer networks at the Reserve Bank of Australia (RBA) were compromised in 2011 by Chinese intelligence gathering malware.
According to documents obtained under the Freedom of Information Act, the email disseminated Trojan horse malware was planted on six computers at the RBA, bypassing anti-virus scanners.
Several RBA members of staff, including heads of department, were sent the malicious emails over two days, but it isn't known if the malware executed and succeeded in capturing information from the compromised computers. The email purported to come from RBA senior management in order to trick staff to download the malware.
The Australian Defence Signals Directorate was brought in to rectify the compromise, but no details were given as to the type of malware utilised in the attack, beyond it being ‘Chinese-developed' and that it was attempting to seek intelligence on sensitive G20 negotiations between Australia and 19 other countries.
The FOI report also reveals a series of data breaches resulting from lost and stolen laptops, phones and documents, along with email gaffes. From 2008 to 2012, six laptops and two BlackBerrys, and an iPad and a USB drive were lost or stolen.
The thumb drive contained sensitive information and was taken home by a staff member, as was ‘standard practice' in the several years to 2010. While the drive was password-protected, it was not encrypted in contravention to RBA security policies.
In 2009, 82 staff members were locked out of their accounts after an autorun virus was loaded onto a machine and began brute-forcing accounts. A further 20 system accounts were locked for about 30 minutes.
In another breach, the RBA was forced to retract part of a tender after it sent a document revealing how it would consider evaluating bids to a interested external third party.