[LINK] FYI - Politician caught reading restricted data of opp onent

Chirgwin, Richard Richard.Chirgwin@informa.com.au
Mon, 6 Aug 2001 13:50:36 +1000 

Glen,

>the most likely scenario: MP's PC poorly maintained by central IT area,
>gets scanned and hacked through well-known hole, then
>goes on the scan the parliamentary network from the
>soft side of the firewall

I'd probably suggest your scenario is the second-most likely. What we do
know:
1) Everyone used the same network - not even segmented by party affiliation,
it seems.
2) Probably everybody has the same username policy.
3) Oh look, here's a post-it note with Richard Chirgwin's password on it.
Wonder what he's doing...

While everybody said "files copied from the MP's PC", it's more likely that
the files were copied from the user's personal folder on a network drive
(IMNSHO). I'd bet, after all, that the average MP thinks the G: drive is on
his/her machine, because the C: drive is. So my "most likely" is that
someone got the password for another user, and read through their files and
e-mails.

RC

-----Original Message-----
From: Glen Turner [mailto:glen.turner@aarnet.edu.au]
Sent: Monday, 6 August 2001 11:19
To: Link Institute
Subject: Re: [LINK] FYI - Politician caught reading restricted data of
opponent



> http://www.smh.com.au/news/0108/05/national/national1.html

Which varies in significant detail from the account on ABC's AM,
especially regarding the MP's computing skills.  And come to
think of it, what MP would have the time?

None of the coverage so far has excluded the most likely
scenario: MP's PC poorly maintained by central IT area,
gets scanned and hacked through well-known hole, then
goes on the scan the parliamentary network from the
soft side of the firewall.  Somewhere between 40-50%
of the PCs would be have Liberal Party users.

The only fact that contradicts this common scenario
is the claim that documents were copied.  This claim
has been accepted without question by the coverage
to date, but is at the core of the issue in determining
if the incident is simply poor maintenance by IT staff
or hacking with intent.

The coverage also hasn't asked how the breach was
discovered.  Again, this is a significant point, as
a user noticing unusual activity on their PC is a
world different to someone noticing a ALP figure with
copies of inter-Liberal e-mails.

In short, the SMH and ABC have let themselves be used for
distributing press releases on a topic where they should be
treading carefully.

Regards,
Glen

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised