Australian InfoSec Incident Report 2012 Summary

Australian Information Security Incident Reported: 2012

Ransom racket hits Brisbane businesses
More than 100 Queensland businesses may have fallen victim to hackers holding their computer files to ransom, police say.
December 27, 2012. Marissa Calligeros, Brisbane Times
Pasted from <http://www.smh.com.au/it-pro/security-it/ransom-racket-hits-brisbane-businesses-20121227-2bxrz.html>

Military personnel data hacked for ‘fun’
A lone hacker stole the personal details of thousands of Australian military staff during an audacious attack he conducted “for fun”.
December 11, 2012. Markus Mannheim, SMH
From <http://www.smh.com.au/it-pro/security-it/military-personnel-data-hacked-for-fun-20121211-2b6yp.html>

Russian hackers hold Gold Coast doctors to ransom
Russian hackers are holding a Gold Coast medical centre to ransom after encrypting thousands of patient health records.
December 10, 2012. Sara Hicks, ABC
From <http://www.abc.net.au/news/2012-12-10/hackers-target-gold-coast-medical-centre/4418676>

Hackers claiming to be Anonymous strike Family First website
HACKERS have attacked the website of South Australia’s Family First party with a grim message vowing to ”irradicate (sic)” them.
December 03, 2012. Petra Starke, News Limited Network
From <http://www.adelaidenow.com.au/news/national/hackers-claiming-to-be-anonymous-strike-family-first-website/story-fndo1sx1-1226528848834>

Australia’s biggest ever data theft: gang busted over credit card crime
Police have smashed a Romanian organised crime gang that allegedly hacked into the computer systems of small businesses, with credit card details of 30,000 Australians used in $30 million worth of illegal transactions around the world.
November 29, 2012. Fairfax media
From <http://www.smh.com.au/it-pro/security-it/australias-biggest-ever-data-theft-gang-busted-over-credit-card-crime-20121129-2agzy.html>

Outrage over fake Jetstar Facebook page
JETSTAR has landed in the middle of a PR disaster after an internet hoaxer hijacked its Facebook page and started snapping at customers.
November 28, 2012. Petra Starke, News Limited Network
From <http://www.news.com.au/technology/outrage-over-fake-jetstar-facebook-page/story-e6frfro0-1226525997260>

NSW Information Commissioner sends email to wrong list
The Information Commissioner in the Australian state of New South Wales, an officer whose job it is to offer and enforce best information management practice for the State, has apologised after sending an email to the wrong list
20th November 2012. Simon Sharwood, The Register
From: http://www.theregister.co.uk/2012/11/20/nsw_information_comissioner_sends_wrong_email/

Hack attack: Pizza Hut loses customer information
Pizza Hut says hackers gained access to the personal information of its customers via its website.
November 7, 2012. Ben Grubb, Sydney Morning Herald
From <http://www.smh.com.au/it-pro/security-it/hack-attack-pizza-hut-loses-customer-information-20121107-28yzf.html>

Ministry of Social Development – a study in security architecture and governance failure
In case you haven’t heard, a high profile blogger acting on a tip off identified that pretty much complete access was available to all the internal file shares on the corporate network of New Zealand’s Ministry of Social Development (MSD) via their public access kiosk computers.
01 November, 2012. Matthew Hackling
Pasted from <http://www.cso.com.au/blog/cso-bloggers/2012/11/01/ministry-social-development-study-security-architecture-and-governance-failure/>

Hacker’s email raises minister’s hackles
A hacker had infiltrated the email account of the director-general, Michele Bruniges, and sent a message to all Education Department staff that the funding cuts to public education would put further stress on teaching staff and education standards, the Minister for Education, Adrian Piccoli, said.
October 26, 2012. Anna Patty, Sydney Morning Herald
From <http://www.smh.com.au/it-pro/security-it/hackers-email-raises-ministers-hackles-20121025-28881.html>

Australia Post in online privacy breach
ANOTHER Australia Post computer glitch has exposed the names and locations of thousands of Australians who have been sent parcels.
October 19, 2012, Natasha Bita, The Courier-Mail
From http://www.couriermail.com.au/news/queensland/australia-post-in-online-privacy-breach/story-e6freoof-1226498834454

Telstra escapes ACMA fine for privacy breach
THE communications watchdog has threatened Telstra with fines in its first use of new consumer protection powers which came into force September.
October 08, 2012. By Andrew Colley, News Limited
From <http://www.adelaidenow.com.au/telstra-escapes-fine-for-breach/story-e6frea6u-1226490739132>

‘Spyware’ installed on Australian rental laptops
An Australian business that rents out computers is installing software that a United States authority has labelled “spyware”.
October 3, 2012. By Ben Grubb, Fairfax Media
From <http://www.smh.com.au/it-pro/security-it/spyware-installed-on-australian-rental-laptops-20121003-26yfd.html>

Australia Post error risks user privacy
A SECURITY flaw on Australia Post’s website has been putting customers’ privacy at risk, but the company allegedly believes people were not smart enough to find the glitch.
October 03, 2012. By Claire Connelly, News Limited
From <http://www.couriermail.com.au/news/technology/australia-post-error-risks-user-privacy/story-fn5kfsdd-1226486862596>

Australia Post ‘ignores’ online service security flaw
A SECURITY flaw on Australia Post’s website is putting customers’ privacy at risk, with the company allegedly believing people were not smart enough to find the glitch.
October 02, 2012. By Claire Connelly, News Limited Network
From <http://www.heraldsun.com.au/technology/australia-post-ignores-online-service-security-flaw/story-fn7celvh-1226486564175>

Aussie cyber cops report thousands of incidents
The Defence agency responsible for dealing with “cyber events” threatening the Australian government and systems of national importance is experiencing its busiest year.
October 2, 2012. By Trevor Clarke, Fairfax Media
Pasted from <http://www.smh.com.au/it-pro/security-it/aussie-cyber-cops-report-thousands-of-incidents-20120924-26gz1.html>

Islamic hackers deface emergency web pagesWeb pages of the NSW State Emergency Service were hacked and defaced in an apparent Islamic protest against the controversial YouTube video that insults the prophet Muhammad.
October 2, 2012. By Asher Moses, Fairfax Media
Pasted from <http://www.smh.com.au/it-pro/security-it/islamic-hackers-deface-emergency-web-pages-20121002-26wix.html>

Judges at risk: court security flaws
Serious security flaws have been discovered inside the Federal Court, including two instances where former staff still had access to judges’ personal hard drives.
September 29, 2012. By Linton Besser, Fairfax Media
From <http://www.smh.com.au/it-pro/security-it/judges-at-risk-court-security-flaws-20120928-26qpq.html>

Hackers breach, deface UTS website
Hackers broke into a server at the University of Technology Sydney and published the usernames and passwords of dozens of staff accounts on a UTS web page.
September 25, 2012. By Asher Moses, Fairfax Media
From <http://www.smh.com.au/it-pro/security-it/hackers-breach-deface-uts-website-20120925-26i4j.html;

Police databases have major security flaws
Victorian police databases for firearm licences, sex offenders and personnel have major security flaws, according to the state’s Commissioner for Law Enforcement Data Security.
September 14, 2012. By Lucy Battersby, Fairfax Media
From: http://www.smh.com.au/it-pro/government-it/police-databases-have-major-security-flaws-20120914-25wbz.html