Government phones hacked in hotel-room break-in

The incident occurred when two trade negotiators attended an overseas conference. Photo / 123RF

Agents accessed deleted files and installed spy software on trade officials’ devices after breaking into hotel room.

New Zealand government officials travelling abroad had their mobile phones and laptops containing classified information hacked by foreign agents after their hotel room safe was broken into, government cybersecurity officials have revealed.

According to an account of the incident prepared by government that does not name either the department involved nor the foreign power believed responsible, the incident occurred when two trade negotiators attended an overseas conference.

Precautionary efforts by the pair to delete sensitive materials from their devices prior to departure proved ineffective in protecting classified information.

A cloned copy of hard drives allowed foreign agents to "recover not only deleted protectively marked documents, but also intellectual property and sensitive information pertaining to trade negotiations," according to the account.

Following return to New Zealand, malware designed to log all electronic activity was also found to have been installed on the devices.

Paul Ash, director of the national cyber policy office at the Department of Prime Minister and Cabinet, said the incident showed New Zealand's geographic isolation was no firewall.

"Cyber security's a really complex area, and it's just become more complex ... We are seeing an upward trend in cybersecurity incidents," Ash said.

The National Cyber Security Centre - logging attacks against sensitive commercial and government organisations - logged 316 "incidents" in the year to April 2016, up 66 per cent from the year prior.

Details of the hotel-room break-in are contained in a case study prepared for a New Zealand Security Intelligence Service-run initiative to improve government information security.

A spokesman for the New Zealand Intelligence Community described the account as "factually accurate" but stripped of information that could identify actors involved.

Digital security specialist Adam Boileau said the hotel-room incident as described wasn't surprising - he had colleagues working in Australia who said such government security breaches happened "pretty often" - but such subterfuge was only rarely made public.

"When you talk to people who work in government, this is pretty common. It happens all the time, especially with trade-related stuff. Especially trade-related stuff in South-East Asia," he said.

The revelations follow this weeks' claims by the White House that Russia was behind the hacking and disseminating of emails belonging to presidential nominee Hillary Clinton.

British minister were also this week banned from wearing Apple Watches to cabinet meetings following concerns the devices - capable of recording audio - posed a security risk as they were vulnerable to hacking by foreign powers.

Ash said events were moving swiftly and his office was still grappling with implications of the DNC hack where information gathered is claimed have been used for propaganda - rather than intelligence or financial - ends.

"This is reasonably new for cyber policy ... It's the application of older techniques to something new: It's taken people by surprise because of its audacity," he said.

Boileau said, aside from the loss of sensitive information, there were also increasing indications that hacking attacks could have serious financial and physical effects.

He cited a little-reported attack on Saudi Arabian company Aramco - responsible for a tenth of the worlds' oil production - that saw 35,000 desktop computers junked, and a sustained Christmas 2015 cyberattack on Ukraine's power grid left 230,000 people in the dark.

Ash said the imminent formation of the public-private National Computer Emergency Response Team would likely lead to more reporting of incidents, but would also enable better visibility of threats and how to best contain them.

"We can anticipate and try to model threats, and we will get as far as our imagination will take us. But there are those with more imagination on the other side," he said.

It is worth nothing New Zealand is hardly a pacifist in this cyberwar, and our own elections and politicians haven't proved immune to turbulence caused by hacking.

A spokesperson for the New Zealand Defence Force flagged the rise of cyber threats as "one of the most significant changes in the strategic environment" in its recent White Paper requesting $20b in additional spending over the next decade.

And while New Zealand has not publicly acknowledge any of its own offensive capability in this arena - the only member of the Five Eyes alliance not to do so - the Herald last year reported how the Government Communications and Security Bureau had hacked the mobile phones of a foreign government.

Relying on the documents leaked by National Security Agency whistleblower Edward Snowden, the GCSB was said to in 2013 to have used "Warriorpride" malware capable of targeting Android or Apple mobile phones to transfer data from an "Asean target" to a NSA server.

The 2014 general election campaign was dominated by the Dirty Politics saga following the hacking of blogger Cameron Slater's emails which captured communications with then-Justice Minister Judith Collins and other political figures.

And in 2012 foreign minister Murray McCully had his personal email address - used for some MFAT business - hacked in by a group claiming to be Russian.

More recently, the personal medical records of New Zealand Olympic gold-medallist Mahe Drysdale and Peter Burling were publicised after they were caught up in the hacking of the World Anti-Doping Agency.