[AusNOG] CRN: Hackers Release Stolen Data

Skeeve Stevens skeeve+ausnog at eintellego.net
Wed Aug 1 07:12:12 EST 2012


From:
http://www.crn.com.au/News/310203,hackers-release-stolen-aapt-data.aspx?eid=4&edate=20120730&utm_source=20120730&utm_medium=newsletter&utm_campaign=daily_newsletter


Big names in collection.

Hackers purportedly belonging to the Anonymous collective have released a
portion of the 40 GB database they stole from a breached AAPT server last
week.

After days of threats from the Anonymous splinter group, the hackers —
operating under the name "Op Australia" — begans to release records
including customer names, phone numbers and addresses.

Though the released data appears to be heavily redacted, some of the
records include information from Federal Government agencies such as the
Department of Defence, Attorney-General's Department and the Australian
Federal Police.

Private sector companies, embassies and local government institutions are
also listed among the released records, which the hackers threatened could
number 600,000.

Much of the data was uploaded to Pastebin, which has recently cracked down
on hacking activity and more quickly removed posts containing stolen data.

Redaction of the records comes as Anonymous members promised to remove
sensitive customer information from the leaks in order to protect
individuals.

The group also separately released AAPT's secure certificate as a way of
proving the source of the information.

However, the group's representatives would not provide *CRN* sister site* SC
Magazine *with an encrypted sample of the uncensored data to verify what
data was exposed.

One spokesman for the loosely knit hacking collective said only that it
contained "juicy" information, but did not specify if that included credit
card or customer financial data.

A further 3.5 GB of customer data would be released over the coming days,*SC
* was told.

Another Anonymous hacker affiliated with the hack told the *ABC *that data
included <http://www.abc.net.au/worldtoday/content/2012/s3554859.htm> "names,
agreements, phone records, ip records registrations, contracts, company
information, contact persons, company bank accounts".

AAPT confirmed last week that a 12-month-old backup of its business
website<http://www.crn.com.au/News/309915,aapt-hacked-by-anonymous.aspx>
had
been compromised, with hackers retrieving two "historic" data files
concerning "limited personal customer information" compromised.

IThe hackers broke into the dedicated server, hosted by Melbourne IT,
through a "very old" Adobe Cold Fusion
vulnerability<http://www.crn.com.au/News/310021,melbourne-it-faces-heat-for-aapt-hack.aspx>
that
was unpatched on the servers.

The ISP had been informed of the breach on Wednesday but it was understood
AAPT was not entirely certain of the contents of the stolen data cache
prior to the leak.

Melbourne IT had become aware of the vulnerability after news of
defacements made to Queensland Government websites last week.

AAPT data had been stolen and uploaded elsewhere by the time the patch was
applied.

The high-profile hacks came in apparent protest to the Federal Government's
proposed data retention regime, which would mandate telcos and internet
service providers to collect and keep transmission data from users for up
to two years.

AAPT has been contacted for comment.


*

*
*Skeeve Stevens, CEO - *eintellego Pty Ltd
skeeve at eintellego.net ; www.eintellego.net

Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/networkceoau ; blog: www.network-ceo.net

The Experts Who The Experts Call
Juniper - Cisco – IBM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120801/0f2f5bc4/attachment.html>


More information about the AusNOG mailing list