A professor at the Australian Centre for Cyber Security has warned journalists to be wary of how they use tip-offs, saying foreign powers could hack politicians and leak damaging information.

Professor Greg Austin from the University of New South Wales’ Australian Centre for Cyber Security in Canberra said in a lecture on the Russian hacking of the Democratic National Committee in the lead-up to the 2016 US presidential election that hacking could have led to some of the recent news stories about Australian politicians’ expenses.

“How would the journalist know that? I’m making no conclusion at all,” he said.

He said that society in general, journalists included, needed to think about how to use information obtained through illegal hacking, and what ulterior motive may be at play when reporting information obtained in such a way.

“If I was a journalist working in Australia now, I would be asking myself the question any time I got a nice juicy leak on an Australian politician, ‘is this a foreign government?’ because we are now in that territory, and we can’t go back.”

He said the vast majority of leaks to journalists would not be from foreign governments but said there would be intelligence agencies from more than one country in Australia who actively feed information to journalists.

Austin also cast doubt on whether Australian political parties are prepared to prevent damaging leaks about their politicians from foreign powers, especially in an age where the agile and innovative Prime Minister encourages using commercial communications applications like WhatsApp.

He said our own politicians needed to confront the reality that while government agencies often put in some protections in place to counteract any hacking attempts, he wasn’t sure whether the Australian Labor Party, the Liberals or the Greens were going to the same level to protect their systems.

“I wonder whether the Liberal Party of Australia or the Labor Party has good security, or a security officer. I wonder what their protocols for information security is. When you’ve got a situation where the Prime Minister says to his government ministers to use WhatsApp for communication,” he said.

Prime Minister Malcolm Turnbull has faced criticism for using his own email server for some email, and for encouraging his ministers to use encrypted communications apps such as Telegraph, Signal and WhatsApp not only for security reasons but also because of the lack of transparency and accountability provided by these apps.

Austin questioned Australia’s preparedness to prevent foreign powers attempting to influence our domestic politics with leaking damaging information. 

While Austin said he was 99.9% confident that Russia was behind the cyber attacks on the Democratic National Committee, he said any such attack in Australia would likely come from countries with strategic interests here. He said any foreign government with advanced cyber capability and important stakes in Australia could potentially seek compromising information on Australian politicians to bring them down.

“When I hear stories of this or that person being brought down… or this or that surprising election result, my first reaction is ‘who hacked?’.”

Coincidentally, Turnbull said on Tuesday he was going to get his cyber adviser Alastair MacGibbon to brief him on an ABC report about Yahoo accounts contained in the recent massive breach being linked to Australian government email accounts, and went on to explain in detail during his press conference in Redcliffe in Queensland how to use two-factor authentication on email to improve security:

It’s really important to focus — all of us to be aware — of the importance of cybersecurity. So much of our lives are lived in the digital domain that cyber vulnerability is a very real issue. Now, one of the important things that I encourage everyone to do is, where they have an account — whether it’s, say, an email account, Gmail, for example — to use two-factor authentication so that, even if somebody has your password, they can’t get into your account, they can’t get into your email, without having the code that is sent to the authentication application on your own phone. You know… You can only mitigate security risk. But that is a very important level of mitigation. Be cyber aware. Be secure. And that is one practical piece of advice: two-factor authentication.”

Peter Fray

Inoculate yourself against the spin

Get Crikey for just $1 a week and support our journalists’ important work of uncovering the hypocrisies that infest our corridors of power.

If you haven’t joined us yet, subscribe today to get your first 12 weeks for $12 and get the journalism you need to navigate the spin.

Peter Fray
Editor-in-chief of Crikey