Cyber Incident Victim: Commonwealth Scientific and Industrial Research Organisation
Date:
Jan 2018
Location:
Australia
Summary
A contractor at a national scientific research agency illicitly used its supercomputers to mine cryptocurrency for personal gain, causing significant infrastructure impairment and diverting computational resources from critical projects including medical research, pulsar data analysis, and climate modeling. The unauthorized activity resulted in at least AU$76,000 in operational damages while generating approximately AU$9,400 in cryptocurrency. Following detection by the agency and an investigation by federal cybercrime authorities, the individual pleaded guilty to data modification charges and received a 15-month intensive community correction order with 300 hours of service. Authorities emphasized the breach exploited taxpayer-funded resources for private financial benefit.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In January 2018, a Sydney-based IT contractor employed by the Commonwealth Scientific and Industrial Research Organisation (CSIRO) began exploiting his authorized access to the agency's servers and supercomputers for unauthorized cryptocurrency mining. The individual, whose role involved data archiving and software support, modified systems intended for scientific research to mine digital currency for personal gain. CSIRO detected a serious impairment to its infrastructure and reported the incident to the Australian Federal Police (AFP), triggering an investigation by the Cybercrime Operations unit. In March 2018, AFP executed a search warrant at the contractor's North Shore residence, seizing electronic devices including a laptop and mobile phone. Forensic analysis confirmed the suspect had mined approximately AU$9,400 worth of cryptocurrency. The AFP formally charged the individual in May 2019 with unauthorized modification of data to cause impairment to a Commonwealth government agency's computers. On 28 February 2020, the contractor pleaded guilty to the charges. On 20 September 2020, he received a 15-month imprisonment sentence served through an intensive community corrections order requiring 300 hours of community service.
The unauthorized cryptocurrency mining operation caused a minimum AU$76,000 in monetary impairment to CSIRO's supercomputing infrastructure. These actions diverted computational resources from critical scientific projects including Pulsar Data Array Analysis, medical research programs, and climate modeling initiatives designed to measure environmental impacts of climate change. AFP Cybercrime Operations Commander Chris Goldsmid characterized the incident as a breach of public trust by a Commonwealth employee motivated by personal greed. The investigation revealed no evidence of broader data compromise beyond the cryptocurrency mining activities. CSIRO's prompt detection and reporting enabled law enforcement intervention within two months of the initial unauthorized activity. Forensic accounting determined the AU$76,000 impairment figure through calculating resource diversion costs rather than direct financial theft. The sentencing emphasized the seriousness of abusing privileged access to government research infrastructure for personal enrichment.