I want to draw the House’s attention to is the Pegasus malware campaign recently revealed by the Guardian. Pegasus is a type of malware software developed by Israeli technology firm NSO Group. Once the system is infected, the malware allows the person operating it to extract messages, photos and emails; to record calls; and to secretly activate the microphones of a target’s mobile phone. This software is sold by NSO Group to governments around the world, some of whom, it’s been revealed in the past, are authoritarian regimes.
Mr WATTS (Gellibrand) (11:41): I thank the member for Berowra for moving this important motion regarding the Australian Security Intelligence Organisation, and I’m pleased to rise to support it, because the men and women of ASIO—indeed, across all our intelligence and security services—do incredibly important work to keep us safe and to secure the things we value as a nation. As ASIO’s 2020-21 annual report, recently tabled in parliament, highlights, the threat environment we’re dealing with is quite complex, challenging and changing. It’s one of those threats in particular that I want to highlight today: the threat of cyber-enabled foreign interference.
Foreign interference is a real and significant threat to Australia’s national sovereignty. ASIO Director-General Mike Burgess has been warning for some time about the increased scale and sophistication of espionage and foreign interference in our society. He’s described them, appropriately I think, as threats to our way of life. Indeed, ASIO’s annual report warns:
Based on current trends, we anticipate that espionage and foreign interference will supplant terrorism as Australia’s principal security concern over the next five years.
It went on to say:
… espionage and foreign interference attempts by multiple countries remain unacceptably high.
These attempts occur on a daily basis. They are sophisticated and wide-ranging. They are enabled and accelerated by technology.
Labor shares the concerns of ASIO about the risk of cyber-enabled foreign interference. That’s why we successfully moved to establish a select committee looking into it, chaired by my colleague Senator McAllister in the other place. With the threat of cyber-enabled foreign interference growing at such a rapid clip, we cannot be complacent and reactive in our approach to countering it. Effectively countering this threat requires that the government and our agencies be proactive, particularly when it comes to groups that are frequent targets of foreign interference but lack the institutional protections afforded to government and other critical infrastructure.
Given the continued public warnings from the highest levels of ASIO and the multiple instances of cyber-enabled foreign interference, this shouldn’t still need to be said. In the past we’ve seen multiple cyberattacks on the university sector for the purposes of espionage and foreign interference. We’ve seen cyber-enabled campaigns of targeted harassment against journalists, human rights actors and members of diaspora communities in our society. One recent example that I want to draw the House’s attention to is the Pegasus malware campaign recently revealed by the Guardian. Pegasus is a type of malware software developed by Israeli technology firm NSO Group. Once the system is infected, the malware allows the person operating it to extract messages, photos and emails; to record calls; and to secretly activate the microphones of a target’s mobile phone. This software is sold by NSO Group to governments around the world, some of whom, it’s been revealed in the past, are authoritarian regimes.
It’s been reported that Pegasus was used to track down close associates of murdered journalist Jamal Khashoggi. The Guardian has claimed that a leaked data set of more than 50,000 phone numbers, obtained by Amnesty International, was a list of Pegasus targets and alleges that amongst the targets were politicians, journalists and activists. Unfortunately, Australians looking for information from the government or our intelligence services on how to find out whether they have been targeted by this malware have been left wanting. Some enterprising security researchers at Citizen Lab, out of the University of Toronto, developed a tool to enable individuals to check their devices for signs of compromise. Australians, particularly those most at risk, who have been targeted by cyber-enabled foreign interference, like members of our diaspora communities, journalists and think-tank members, could have benefited from a similar tool being made available by our security agencies for their use. It raises the question of why we aren’t doing more to proactively identify opportunities to help at-risk members of diaspora communities targeted by authoritarian countries to protect themselves through strategic and scalable interventions of this kind. This should be a real focus for government and our security and intelligence agencies. Unfortunately, it seems that the Morrison government loves to use ‘cyber-enabled foreign interference’ as a buzzword at media conferences but hasn’t yet shown the commitment to following through on protecting members of diaspora communities in the Australian general public from authoritarian countries. In the shadow of a federal election, this should become an even more urgent priority.
ASPI has identified dozens of elections that have been interfered with through cyber-enabled foreign interference in recent years. When asked by the Select Committee on Foreign Interference through Social Media who was responsible for responding to foreign interference during an election, the government’s answer was: half a dozen entities within government but no single entity with lead responsibility. This is something that must be addressed as a matter of priority. The Parliamentary Joint Committee on Intelligence and Security has recently recommended that the government put in place a process during the caretaker period for an apolitical disclosure of cyber-enabled foreign interference. It has also highlighted the need to update caretaker provisions to provide classified briefings to the opposition during the caretaker period. If the government is serious about tackling cyber-enabled foreign interference, then implementing these recommendations is the least it can do. More broadly, it needs to give priority to proactively tackling this treat. (Time expired)