Australian InfoSec Incident Report 2013 Summary

Australian Information Security Incident Reported: 2013

“The reports are only up to May 2013 and take up at the end of 2014 in the next report. I ran away to a tropical island to learn Stand Up Paddle Surfing and a bit more about balance on more than a board.” – SteveK

Blueprints for new ASIO headquarters ‘stolen’
Blueprints for ASIO’s new $631 million building were stolen by someone in China when a computer system containing the information was hacked.
May 27, 2013. Ben Grubb, SMH
From: http://www.smh.com.au/it-pro/security-it/blueprints-for-new-asio-headquarters-stolen-20130527-2n7kz.html

Oops: Google search reveals private Telstra customer data.
The personal information of thousands of Telstra customers has been found online using a Google search.
May 16, 2013. Ben Grubb, SMH
Read more: http://www.smh.com.au/it-pro/security-it/oops-google-search-reveals-private-telstra-customer-data-20130516-2jnmw.html

Hackers target Bureau of Statistics data
The Australian Bureau of Statistics has confirmed that hackers have recently attempted to break through its security systems to get hold of potentially market sensitive information.
Apr 26, 2013. Peter Ryan, ABC
From: http://www.abc.net.au/news/2013-04-26/abs-targeted-by-hackers/4652758

New Zealand web sites security breached overnight
It appears the latest round of hacked New Zealand web sites are simply defaced with the hacker’s “signature page”.
March 6, 2013. Whaleoil
From: http://www.whaleoil.co.nz/2013/03/breaking-new-zealand-web-sites-security-breached-overnight/

Hackers breach Reserve Bank
Hackers penetrated computers at the Reserve Bank of Australia in a “highly targeted” and “plausible” email phishing scam targeting employees.
March 11, 2013. Lia Timson, SMH
From: http://www.theage.com.au/it-pro/security-it/hackers-breach-reserve-bank-20130311-2fv8i.html

Cracks widen in ABC website security
More than half of the “hashed” passwords exposed in a breach of about 50,000 accounts on the ABC’s website have been cracked by an Australian security researcher.
February 28, 2013. Ben Grubb, SMH
From: http://www.smh.com.au/it-pro/security-it/cracks-widen-in-abc-website-security-20130228-2f78z.html

Lush: Australian and New Zealand Online Security Breach
After recently having its UK website hacked, hand-made costmetics retailer, Lush has announced that its Australian and New Zealand websites have also been the target of hackers and been possibly compromised
February 15, 2013. Nirosha Methananda, PowerRetail
From: http://www.powerretail.com.au/news/lush-online-security-breach/

Criminals breach Australian tax system
Fears have been raised about the security of Australian taxpayers’ information after four tax agents’ account details were illegally used by third parties.
February 8, 2013. Ben Grubb, SMH
From <http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax-system-20130208-2e2kn.html>

Security fears over exposure of web-accessible printers
Google is exposing thousands of Hewlett-Packard printers that aren’t password protected, allowing anyone to control and manage them remotely and print reams of documents.
Many of the printers are at universities, including a number in Australia.
January 29, 2013. Ben Grubb, SMH
Pasted from <http://www.smh.com.au/it-pro/security-it/security-fears-over-exposure-of-webaccessible-printers-20130129-2dhxo.html>

ABC hacked over Wilders interview, personal information of thousands leaked online
VICTIMS have been left stunned after their personal information was leaked online following an alleged hacking attack on the ABC website.January 21, 2013. FebruaBen Grubbews Limited Network
From <http://www.news.com.au/technology/abc-hacked-over-wilders-interview-personal-information-of-thousands-leaked-online/story-e6frfro0-1226586775959>

UNSW confirms hacking breach
The University of NSW has been the target of a “concerted effort” to hack its systems in December and January forcing the shutdown of 25 of its servers, a spokesman confirmed.
January 21, 2013. Asher Moses, SMH
From: http://www.smh.com.au/it-pro/security-it/unsw-confirms-hacking-breach-20130121-2d272.html

Drake reports 300k breach to Oz watchdog, but says no risk to affected
The Australian office of hacked recruiter Drake International say details in a candidate database stolen by hackers last week posed no risk to affected individuals — but it has nonetheless reported the breach to the Australian Information Commissioner’s Office.
January 16, 2013. Liam Tung (CSO Online (Australia))
http://www.cso.com.au/article/446646/drake_reports_300k_breach_oz_watchdog_says_no_risk_affected/