Treasury claims hacking attempts preceded Budget leak

Treasury claims hacking attempts preceded Budget leak

Budget leak followed hacking attempts that reportedly started on Sunday night

Gabriel Makhlouf (Treasury)

Gabriel Makhlouf (Treasury)

New Zealand's Treasury is claiming it was the target of a hacking attack ahead of the leak of confidential budget details on Monday.

Gabreil Makhlouf, Treasury secretary and CEO, said the Treasury has "gathered sufficient evidence to indicate that its systems have been deliberately and systematically hacked."

The Treasury has referred the matter to the Police on the advice of the National Cyber Security Centre.

Media reports this morning indicate more than 2,000 attempts were made to hack Treasury's website starting on Sunday night.

"The Treasury takes the security of all the information it holds extremely seriously," Makhlouf said. 

"It has taken immediate steps today to increase the security of all Budget-related information and will be undertaking a full review of information security processes.

"There is no evidence that any personal information held by the Treasury has been subject to this hacking."

National leader Simon Bridges released details of the Budget that were supposed to remain confidential until Thursday, however, he says National has not done anything improper.

It is not known whether the alleged hacking attempt was successful or what it achieved or was trying to achieve.

Some online commentators are asking whether Treasury actually posted Budget details on its website at a guessable URL. Treasury, however, is reportedly denying they were ever uploaded to a publicly available website.

Comments from Makhlouf to Radio NZ also suggest there was no inadvertent posting.

"It wasn't an instance of someone stumbling into the room accidentally; it wasn't an instance of someone attacking the bolt and finding that it broke immediately," he said. 

"It wasn't someone who tried not once, not twice but in fact over 2000 times to attack that bolt."

Cyber security company Darkscope, however, is disputing the hacking claim.

Darkscope’s scan of cyber-attack activity in the New Zealand government sector showed that government agencies are always under attack by mainly foreign attackers, the company said. 

An attack rate of 1000 attempts in a day was at the very light end of the spectrum.

“A more likely scenario is that someone used a spider or crawler program to find ‘hidden’ content in the Treasury website, which is not considered a cyber-attack, and may have found the Budget 2019 files which were not protected properly at that stage.” said Joerg Buss, Darkscope’s technical director.

It was Darkscope's conclusion that Treasury was not hacked, but it that it was possible that the information "leaked" from the web page because of a human error.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackinghackTreasury

Brand Post

How to become the best IT MSP

This article provides guidance for managed service providers (MSPs) that want to grow their business. It is also useful for any IT service provider looking to move from the break-fix model to managed IT services.



Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
Show Comments