Australia’s Ambassador to the United States Arthur Sinodinos is one of a number of senior Australian diplomats who have been targeted by cyber attackers who have impersonated them on messaging services WhatsApp and Telegram to gain important information from their mobile phone contacts’ list.
According to a report in “The Age”, heads of mission reported suspicious activities on their mobile phones and the Australian Federal Police (AFP) has been brought in to investigate.
The breaches in security are such that some senior Department of Foreign Affairs and Trade (DFAT) officials have been working under the assumption that their phones have been compromised.
The method employed in the hacks appears to be similar to the one employed earlier against senior federal ministers, including Finance Minister Simon Birmingham and Health Minister Greg Hunt, where the hackers impersonated the ministers on WhatsApp and Telegram by using their names and personal phone numbers to access their telephones’ contact lists.
These latest phishing hacks follow on a number of unrelated cyber attacks against other diplomats, as well as more sophisticated infiltrations of the computer networks of Parliament House and Nine News.
As part of its current investigations, the AFP has found no evidence that the phones had been physically handled by the hackers to gain their contact information.
Members of Parliament have handed their phones over as part of the AFP investigation while cabinet ministers have replaced their phones as a precaution.
Mr Sinodinos said that a Telegram accounted had been created using his name and that the matter was under investigation.
According to the report, the targeted individuals were sent messages that asked them to authenticate new Whatsapp or Telegram accounts – once they clicked on the links or downloaded the app, the hacker was able to gain access to the target’s phone contacts list and to then impersonate the person on the new account.
A hacker used the contacts on Senator Birmingham’s phone to send messages on Telegram. In one case, a message recipient was asked: “Do you have a contact in Hong Kong. An Aussie preferably.”
The unsuspecting message recipient gave out the names of two pro-democracy activists.
Some were contacted and asked to transfer money to a Standard Chartered Hong Kong bank account under the name of “Yat Ting Ho Laundry Co”.
The AFP is yet to determine whether the attacks were the work of a foreign country or a criminal syndicate. Security services think the attacks were more likely the work of a criminal group. There is concern among some that the focus on Hong Kong activists could point to Chinese government involvement.