ITP Techblog

Brought to you by IT Professionals NZ
« Back to Security & Privacy

Deliberately and systematically hacked

Paul Brislen, Editor. 28 May 2019, 9:52 pm

Deliberately and systematically hacked

That's the phrase Treasury officials have used to describe the attack that lead to key Budget documents being released to the National Party ahead of Thursday's Budget announcement.

Budget announcements are traditionally a very high-security affair, with press gallery journalists only being given advanced copy if they agree to being placed in a locked-down area. While recently governments have taken a fairly liberal approach to pre-Budget announcements, the key materials are still reserved under lock and key until the day of the announcement.

Why? Because in the old days Government set the price for many basic household goods and to avoid a panic buying spree, information would be restricted. More recently it's to avoid releasing information that might impact the stock market or for political gain (especially in election year when governments like to promise the earth, if only they'll be re-elected).

This year, the National party was able to release information based on materials that Treasury now says were hacked.

But what does "hacking" mean in this context?

It can be as light handed as someone trying last year's budget URL with a date change (Last year's Budget page was found at: so perhaps changing the date to 2019 would be enough?) through to a disgruntled former employee copying files onto a stick, all the way through to the Hollywood spy movie spectacular, an external black-hat hacker fuelled on Red Bull and indignation working through the night to exploit a zero day flaw from his mother's basement.

Treasury's statement makes it clear it's not a simple attack.

"Treasury has gathered sufficient evidence to indicate that its systems have been deliberately and systematically hacked."

This would suggest more than even a one-off disgruntled employee copying files (if such a thing is even possible at Treasury) and certainly more than a casual browser tweaking by a member of the public.

Treasury didn't muck about. After National announced it had the documents and made them public, Treasury contacted the National Cyber Security Centre (part of the Government Communications Security Bureau) to review what had happened. As the Treasury statement says, "The Treasury referred the matter to the police on the advice of the National Cyber Security Centre".

The next few days will no doubt be filled with speculation and conjecture. At best, someone within Treasury will find themselves without a job having left a door open. But at worst we may have seen the first public confirmation of the types of attacks on our government functions that the GCSB has been warning us about - government-level actors deliberately trying to break into our public infrastructure.

That, and the choice to meddle in the Budget process by favouring one political party over another, would suggest something much more sinister at work.


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio