You don’t have to be a celebrity to be the target of hackers. Last year saw a spate of attacks on Australian companies, their customers and staff and so far 2012 isn’t proving to be much safer. Last week saw yet another attack by hackers on an Australian company. This time it was telecommunications retailer Allphones, which had hundreds of staff usernames, passwords and company administrator logins exposed. It was apparently a SQL Injection attack which targeted their website. The hacker claimed 703 staff credentials were listed, along with 23,077 entries in the Allphones webclub.
Australian business and consumers were exposed during some high profile international attacks last year, amongst them Stratfor, RSA, Sony, Citi, and Epsilon. Even the CIA’s website was hacked, releasing 62,000 email addresses and passwords. A number of the leaked login details related to several government departments and councils.
Closer to home hackers caused chaos in June when they broke-in at Australian domain registrar and web host Distribute.IT. For almost a week the company and its customers were unable to get to the website online, let alone explain what happened or notify customers of any stolen data. Those companies that had their websites hosted on Distribute.IT’s servers were vulnerable to every piece of their data being stolen, including databases containing credit card information and usernames and passwords. When the hacker initially broke in, it defaced Distribute.IT’s website with the message “OWNED BY EVIL AT EFNET YOU MOTHER f****ers”. Fnet is a notorious meeting place for ”black hat” hackers who vandalise websites and commit fraud and identity theft.
Evil is the same hacker who recently broke into the University of Sydney’s website. In that instance Evil admitted to hacking into the university from Brazil. The University was forced to call in two internet security firms to beef up protection of its computer networks after its home page was sabotaged and corporate webpages were altered. The home page was replaced with an offensive message that taunted the site’s administrator for lax security. Evil said he hacked into the system for money. He claimed to have gained control of three-quarters of the network and to have breached security three times.
But not all hackers do it for the money or to create chaos like Evil. Last year a group calling themselves LulzSec justified their hacking as “fun” and said they were doing it to draw attention to poor security. They exposed both personal email account details and a number of government addresses. These accounts included AusAID, the Victorian Department of Childhood and Early Education, Emergency Services Telecommunications Authority in Victoria and several local councils in NSW and Victoria. It’s argued however that the people they’re harming by releasing this information isn’t in fact the big corporations but rather the people whose details they’re actually putting online.
Of course this is all making Australian business very jumpy. Companies are now recognising the need to spend on IT Security to prevent these attacks and at the very least minimise damage. It’s not only malware and external attacks businesses are concerned about but there is an increasing concern around the threat mobile devices like smartphones and media tablets pose as well as cloud computing. Whether they are doing it for the money or to get attention, hackers will keeping the IT security sector on their toes in 2012.