[LINK] Australia's worst hacking attack for 'fun' (on ADFA)
Bernard Robertson-Dunn
brd at iimetro.com.au
Tue Dec 11 22:40:49 AEDT 2012
<brd>
Not a god day for the credibility of government IT security.
</brd>
Australia's worst hacking attack for 'fun'
Markus Mannheim
December 11, 2012
Canberra Times
http://www.canberratimes.com.au/it-pro/security-it/australias-worst-hacking--attack-for-fun-20121211-2b6yp.html
A lone hacker stole the personal details of thousands of Australian
military staff during an audacious attack he conducted "for fun".
The raid, which breached a university database at the Australian Defence
Force Academy last month, is one of the worst known cyber attacks on a
government organisation in this country.
Several websites linked to the online movement Anonymous now host the
stolen information, which includes a mix of names, identification
numbers, passwords, email addresses and dates of birth of about 10,000
students and 1900 staff at the university. Among the victims are
hundreds of senior officers in the army, navy and air force, as well as
military personnel from other nations who are enrolled at the academy.
Advertisement
The hacker, known only as Darwinare, said he completed his raid within
minutes. He told Fairfax Media he was shocked at the lack of security.
"I know right, very surprised I didn't get kicked out. So simple, took
like three minutes," he said in an online message.
The University of NSW, which runs the academic courses at ADFA, told
students of the attack the day after it was carried out, saying it took
"immediate action to mitigate the impact of this event. We have also
removed any possibility of further hacking." The university said almost
all of the stolen passwords were historical and could not have been used
to access emails or other personal information. However, it warned
students to be wary of opening "suspicious emails" and said their names
and dates of birth "may be used for attempts at identity theft. Again,
this requires additional vigilance."
Darwinare, who describes himself as "the first black hacker", has
previously breached the networks of online bookstore Amazon and at least
two American universities. He contributes to Anonymous and joined its
raids on Israeli government websites last month in response to that
nation's airstrikes in the Gaza Strip.
When asked why he targeted the university at ADFA, he said: "Oh, that
old thing: I was bored." He said his cyber attacks were mostly "hacks
for fun. Occasionally, I dedicate a [data] dump to a particular
operation of interest."
The Defence Force Welfare Association said on Tuesday that military
personnel would be worried by the breach, even though most of the stolen
information was not confidential. Its national president, Colonel David
Jamison, said: "The real issue is the ease with which someone can hack
into the university and get those records. "If they can get those, what
other records are accessible to them? I'm very concerned the university
security was so lax."
Anonymous launched a wave of raids against Australian government
websites in September to protest against Labor's plan to record how
citizens use the internet. However, most of those attacks involved
shutting websites down rather than stealing confidential data.
Earlier this year, the head of the Australia Secret Intelligence
Service, Nick Warner, said spy agencies were directing "considerable
resources" against internet warfare. "The field of cyber-operations is
one of the most rapidly evolving and potentially serious threats to our
national security in the coming decade," he said. "Government
departments and agencies, together with corporate Australia, have been
subject to concerted efforts by external actors seeking to infiltrate
sensitive computer networks."
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web: www.drbrd.com
web: www.problemsfirst.com
More information about the Link
mailing list