The Reserve Bank of Australia’s computer systems have been hacked in at least two highly sophisticated online raids.
The central bank says it was the victim of a “highly targeted” email attack in November 2011.
It is understood the RBA was also targeted in the lead up to the G20 meeting in the French seaside resort of Cannes earlier that year, though it is not known what, if any, information was stolen.
An RBA spokeswoman could not confirm claims that “Chinese-developed malicious software” had been used in the G20 incident.
Chinese cyber hacking is increasingly being acknowledged as a significant threat by western governments and major companies.
The RBA insists that while it has occasionally fallen victim to cyber attacks, its security systems are robust enough to isolate the invasions and stop viruses spreading across its network.
“At no point have these attacks caused the bank’s data or information to be lost or its systems to be corrupted,” the RBA said in a statement on Monday.
“The bank’s IT systems operate safely, securely and with a high degree of resilience.”
According to documents published on the RBA’s website in December 2012, up to six RBA computers were infiltrated through email attacks on November 16 and 17, 2011.
A report of the incident states that bank staff received an email which contained malicious software in the form of an embedded hyperlink.
It said the email, which was purportedly from a senior staff member, had appeared credible to recipients.
“The email managed to bypass the existing security controls in place for malicious emails by being well written, targeted to specific bank staff and utilised an embedded hyperlink to the virus payload,” the report said.
It said that, because the email contained no attachments, it bypassed existing security controls.
While the report said the actual impact of the attack was minor, the incident did create concerns about the central bank’s cyber security.
“Of note was that the anti-virus which is used on the bank workstations and servers did not detect the virus,” it said.
While the RBA has not revealed what changes it made to its cyber protections as a result of the attacks, the 2011 report said its anti-virus software had been updated.
Computer security expert Tony Kirkham said such cyber attacks were becoming more common, leaving central banks like the RBA at risk of losing sensitive material.
Often the attacks involved hackers sending credible-looking emails which trigger malicious software on the recipient’s computer, allowing the sender to access secret information.
“The problem these days is that the security controls which are being used to protect these organisations in a lot of cases have just not kept pace with the level of the threats that are occurring,” Mr Kirkham, a senior consultant with Palo Alto, told ABC Radio.”
