China suspected of sophisticated uni hack
HACKERS responsible for cracking the Australian National University's network focused on student information and were so sophisticated that experienced security experts were shocked.
ANU vice-chancellor Brian Schmidt has described it as a "diamond heist".
"This wasn't a smash and grab," he said on Wednesday.
"They dismantled their operations as they went to cover their tracks. They brought their A-team.
"This was a state-of-the-art hack, carried out by an actor at the very top of their game and at the very cutting edge."
With the aim of providing full transparency to staff and students, the university has released a detailed report outlining how the cyber attack occurred in late 2018.
Cyber experts have previously pointed to China as being behind the attack, but the report was unable to pinpoint a culprit.
Hackers - thought to be a team of five to 15 people working around the clock for months - used emails to begin the process of stealing information. They spent about six weeks in the system undetected.
The attack began from an email infected with a virus, which was sent on November 9 to a university staff member.
The staff member only had to preview the email - not click a link or even open the message - for the hackers to get the information needed to access the ANU network.
"It's shocking in its sophistication," Prof Schmidt said.
"To date, we've found no evidence personal data has been misused and we are continually monitoring this situation."
The university's human resources, financial management and student administration systems were hit by the attack.
Although the report was unable to pinpoint exactly what was taken from each system, they contained information such as names, addresses, phone numbers and birth dates.
It also included tax file numbers, payroll information, bank account details and academic results.
The university confirmed the attack months after it occurred, and is now thought to have netted "considerably less" than 20 years worth of data as originally expected.
Networks housing medical records, counselling records, academic misconduct and financial hardship were not accessed in the breach.
The university has beefed up its cybersecurity in efforts to prevent future attacks, while also focusing on more training.