ANU has released a comprehensive, but careful history of the security breach which led unknown interlopers to roam around its system
The report is fascinating reading, setting out how they got in, where they went and how they covered their tracks. But it is silent on what they wanted and what they planned to do with it. Understandably so, ANU does not know and wisely leaves speculation to others.
VC Brian Schmidt says the data breach was less smash and grab and more “diamond heist”. So, what gems where the villains after?
When first announced mid-year there was speculation it was all about access to research files – ANU academics certainly work closely with the defence and intel deep state. But now the university reports the attacks breached human resources, financial management and student administration systems and that “there is no forensic evidence” the villain accessed, or was interested in, research.
Yesterday there were suggestions that the student system would include records of graduates who have gone on to work for the security services, which is true. Then again, it also includes information on grads who went on to be apiarists. And if the jewel thieves wanted information on now important people their student records may not be the most recent data in the diadem.
And reports last night that 19 years of data was grabbed are wrong – ANU states, “the amount of data taken is much less than 19 years’ worth”. Although it also admits it, “is not possible to determine how many, or precisely which, records were taken.”
As to what happens next ANU states, “the university continues to scan online sources for evidence of stolen data being traded or used illegally. At the time of this report, there is no evidence of such activity.” Thousands of staff, students and graduates will surely let ANU know if they are targeted via information in university records.