[LINK] Australia's worst hacking attack for 'fun' (on ADFA)

Tue Dec 11 22:40:49 AEDT 2012

<brd>
Not a god day for the credibility of government IT security.
</brd>

Australia's worst hacking attack for 'fun'
Markus Mannheim
December 11, 2012
Canberra Times
http://www.canberratimes.com.au/it-pro/security-it/australias-worst-hacking--attack-for-fun-20121211-2b6yp.html

A lone hacker stole the personal details of thousands of Australian 
military staff during an audacious attack he conducted "for fun".

The raid, which breached a university database at the Australian Defence 
Force Academy last month, is one of the worst known cyber attacks on a 
government organisation in this country.

Several websites linked to the online movement Anonymous now host the 
stolen information, which includes a mix of names, identification 
numbers, passwords, email addresses and dates of birth of about 10,000 
students and 1900 staff at the university. Among the victims are 
hundreds of senior officers in the army, navy and air force, as well as 
military personnel from other nations who are enrolled at the academy.
Advertisement

The hacker, known only as Darwinare, said he completed his raid within 
minutes. He told Fairfax Media he was shocked at the lack of security. 
"I know right, very surprised I didn't get kicked out. So simple, took 
like three minutes," he said in an online message.

The University of NSW, which runs the academic courses at ADFA, told 
students of the attack the day after it was carried out, saying it took 
"immediate action to mitigate the impact of this event. We have also 
removed any possibility of further hacking." The university said almost 
all of the stolen passwords were historical and could not have been used 
to access emails or other personal information. However, it warned 
students to be wary of opening "suspicious emails" and said their names 
and dates of birth "may be used for attempts at identity theft. Again, 
this requires additional vigilance."

Darwinare, who describes himself as "the first black hacker", has 
previously breached the networks of online bookstore Amazon and at least 
two American universities. He contributes to Anonymous and joined its 
raids on Israeli government websites last month in response to that 
nation's airstrikes in the Gaza Strip.

When asked why he targeted the university at ADFA, he said: "Oh, that 
old thing: I was bored." He said his cyber attacks were mostly "hacks 
for fun. Occasionally, I dedicate a [data] dump to a particular 
operation of interest."

The Defence Force Welfare Association said on Tuesday that military 
personnel would be worried by the breach, even though most of the stolen 
information was not confidential. Its national president, Colonel David 
Jamison, said: "The real issue is the ease with which someone can hack 
into the university and get those records. "If they can get those, what 
other records are accessible to them? I'm very concerned the university 
security was so lax."

Anonymous launched a wave of raids against Australian government 
websites in September to protest against Labor's plan to record how 
citizens use the internet. However, most of those attacks involved 
shutting websites down rather than stealing confidential data.

Earlier this year, the head of the Australia Secret Intelligence 
Service, Nick Warner, said spy agencies were directing "considerable 
resources" against internet warfare. "The field of cyber-operations is 
one of the most rapidly evolving and potentially serious threats to our 
national security in the coming decade," he said. "Government 
departments and agencies, together with corporate Australia, have been 
subject to concerted efforts by external actors seeking to infiltrate 
sensitive computer networks."

-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web:   www.drbrd.com
web:   www.problemsfirst.com