KEY POINTS:
Security information supplied by other countries or briefing papers for trade negotiations may have been the target of foreign government hacking into New Zealand government computer systems, a former diplomat says.
Yesterday Security Intelligence Service director Warren Tucker revealed government department websites had been attacked and information stolen, and that there was evidence foreign governments were responsible.
Prime Minister Helen Clark would not name the suspect country, and said cyber attacks were not unique to New Zealand.
"The assurance I've been given by intelligence agencies is that no classified information has been at risk at all," she said.
"Now we have very smart people to provide protection every time an attack is tried. Obviously we learn from that. What I can stress is that absolutely no classified information has ever been penetrated by these attacks."
Lance Beath, now lecturing at Victoria University's Centre for Strategic Studies after 35 years with the Ministry of Foreign Affairs and Trade and the Ministry of Defence, suspected two possible grounds for a cyber attack on New Zealand - trade or security.
New Zealand is currently involved in negotiating several free trade deals, and there would be a great deal of interest in this country's position papers on contentious issues, Dr Beath said.
"There are other issues which arise from New Zealand's membership in a group of countries which share intelligence. It might be that a foreign government would think New Zealand could be a soft target, being a junior member of that circle it might have cyber systems more easy to penetrate than other countries."
Last week China was accused of hacking into German government systems and the Pentagon's computer systems in the United States. Russia and China have also been implicated in attacks on the British Parliament's computer system.
Speculation China might also be responsible for cyber attacks on New Zealand was "the price one pays for being the rising power," Dr Beath said.
New Zealand's sensitive computer networks are monitored by the Centre for Critical Infrastructure Protection (CCIP), part of the Government Communications Security Bureau.
No one from CCIP or the GCSB was available to comment yesterday.
Revelations New Zealand government computers had been hacked came as no surprise to local experts.
Herald technology writer Peter Griffin said the SIS claim of cyber attacks was not surprising.
"I don't think we're going to hear too much more from the SIS on the nature of the hacking attacks, but it would be good to hear some independent analysis on just how sophisticated they are. This is the new frontier in international espionage," he said.
Martin Cocker, executive director of Netsafe, said even the most secure computer networks in the world could theoretically be breached and some of them had been.
"Even with the best will in the world there is always some risk," he said.
"Any computer attached to the internet is under attack ... but there is a difference between that kind of level of threat, that you can protect yourself against with security tools, and dedicated hacking where you have some of the smartest minds in terms of computer security specifically targeting a network or a computer and trying to hack into it."
Chris Budge, an associate director at business consultancy firm PricewaterhouseCoopers, agreed every computer system was vulnerable to malicious attack.
Consultants regularly carried out "penetration testing", where they tried to break into an organisation's computer system. Such tests proved every system, including government systems, had an achilles heel, Mr Budge said.
" I can't think of any area of business that some of my peer group have worked within, where they haven't been able to get some form of penetration into an organisation. That is, of course, with permission but it's quite scary when you think about it."
