Nine requests assistance from government after major cyberattack
Media giant Nine Entertainment Co has requested the assistance of the Australian Signals Directorate after a major cyber attack hit its broadcast systems in the early hours of Sunday morning.
As Nine worked to resolve the issue, Australian Parliament was also investigating a potential cyber attack in Canberra on Sunday evening, which is affecting government-issued smartphones and tablets.
Assistant Minister for Defence Andrew Hastie said on Sunday night he was “not surprised” about the attack, which caused problems with Nine’s live broadcasting operations and print production systems. He said it was a warning to all businesses that they need to be aware of potential threats.
“This is a timely reminder that Australians cannot be complacent about their cyber security. Cyber security is a team effort and a shared responsibility,” Mr Hastie said. “It is vital that Australian businesses and organisations are alert to threats and take the necessary steps to ensure our digital sovereignty.”
A Department of Parliamentary Services spokesperson said the government was working to investigate the cause of disruption in Canberra, with the Australian Cyber Security Centre providing advice.
“DPS is working to resolve the issues and some services have been restored,” the spokesman said.
“Some services on DPS issued smartphones and tablets have been experiencing disruptions over the weekend.”
Mr Hastie said the issue related to an external provider, with their connection to government systems cut as soon as an issue was detected as a precaution.
“The government acted quickly, and we have the best minds in the world working to ensure Australia remains the most secure place to operate online,” Mr Hastie said.
Incoming Nine chief executive Mike Sneesby confirmed on Sunday night the incident was a cyber attack. Nine’s director of people and culture Vanessa Morley said the company may be unable to fully restore systems for some time and instructed staff to work from home indefinitely. The origin and motive of the attack is unclear, but no requests for ransom have been made.
Sources familiar with the discussions at Nine said the company had been in talks with a large number of external security experts on Sunday who said they had not seen this kind of attack before in Australia. The sources said the experts believe it is some kind of ransomware likely created by a state-based actor. The Australian Cyber Security Centre, part of the ASD, confirmed it had offered technical assistance to Nine after it made contact about the attack. The ASD is in charge of protecting Australia from global threats including cyber attacks from state-based actors.
“We wish to inform you there has been a cyber attack on our systems which has disrupted live broadcasts out of Nine Sydney (1 Denison). Our IT teams are working around the clock to fully restore our systems, which have primarily affected our Broadcast and Corporate business units,” Ms Morley said. “Publishing and Radio systems continue to be operational. While our IT teams work through this issue, we ask that all employees, in all markets, work from home until further notice.”
The decision to make all staff work from home followed a difficult Sunday for the media company, which was unable to broadcast Weekend Today from 7am until 10am. It managed to broadcast the NRL in the afternoon and ran a national news bulletin on Sunday evening from Melbourne.
There were some issues with the use of some publishing tools that the newspapers use, but the division was able to operate. Nine owns The Sydney Morning Herald and The Age.
Nine News has flown producers to Melbourne for the week and an NRL commentary panel was told to drive to Newcastle to broadcast the football as part of a series of contingencies, according to people familiar with the plans.
The reason for the attack is unclear. Australia’s relationship with China has deteriorated over the past year, with Beijing frustrated by the country’s commentary on its sovereignty, security and development interests. Australia has been slapped with large tariffs and bans on local seafood, wine coal and barley.
The relationship spiralled after the Turnbull government blocked telecommunications provider Huawei from the 5G network over national security concerns. Australian correspondents working in the region were forced to leave in September last year. The Herald and The Age have been critical of many of China’s political decisions and have conducted investigations into Chinese Communist Party influence, spy agencies and the country’s involvement in hacking.
Separately, Nine’s program Under Investigation has been working on a story that looks at Russian President Vladimir Putin’s campaign of chemical assassination and Russia’s development of banned poisons.
Cyber attacks have become increasingly common across a range of industries. Earlier this month the federal government was working with local businesses that were compromised by a Microsoft bug that allowed a suspected China-based state-sponsored hacking group to access corporate emails.
Major Australian law firm Allens, the Reserve Bank of New Zealand and the Australian Securities and Investment Commission are among other companies to be hit by attacks.
Zoe Samios is a media and telecommunications reporter at The Sydney Morning Herald and The Age.
Katina Curtis is a political reporter for The Sydney Morning Herald and The Age, based at Parliament House in Canberra.
Tom Rabe is Transport Reporter with The Sydney Morning Herald.