Hackers release stolen AAPT data

Powered by SC Magazine
 

But nothing sensitive yet revealed in leaks.

Hackers purportedly belonging to the Anonymous collective have released a portion of the 40 GB database it stole from a breached AAPT server last week.

After days of threats from the Anonymous splinter group, the hackers — operating under the name "Op Australia" — began to release records including customer names, phone numbers and addresses.

The released data appeared to be heavily redacted but some of the records included information from Federal Government agencies such as the Department of Defence, Attorney-General's Department and the Australian Federal Police.

Private sector companies, embassies and local government institutions were also listed in the released records, which the hackers threatened could number 600,000.

Much of the data was uploaded to Pastebin, which has recently cracked down on hacking activity and more quickly removed posts containing stolen data.

Anonymous members had promised to remove sensitive customer information from the leaks in order to protect individuals.

The group also separately released AAPT's secure certificate as a way of proving the source of the information.

The group's representatives would not provide iTnews sister site SC Magazine with an encrypted sample of the uncensored data to verify what data was exposed.

One spokesman for the loosely knit hacking collective said only that it contained "juicy" information but did not specify if that included credit card or customer financial data.

A further 3.5 GB of customer data would be released over the coming days, SC was told.

Another Anonymous hacker affiliated with the hack told the ABC that data included "names, agreements, phone records, ip records registrations, contracts, company information, contact persons, company bank accounts".

AAPT confirmed last week that a 12-month-old backup of its business website had been compromised, with hackers retrieving two "historic" data files concerning "limited personal customer information" compromised. 

The hackers broke into the dedicated server, hosted by Melbourne IT, through a "very old" Adobe Cold Fusion vulnerability that was unpatched on the servers.

The ISP had been informed of the breach on Wednesday but it was understood AAPT was not entirely certain of the contents of the stolen data cache prior to the leak.

Melbourne IT had become aware of the vulnerability after Queensland Government websites that Melbourne IT hosted were defaced last week.

AAPT data had been stolen and uploaded elsewhere by the time the patch was applied.

The high-profile hacks came in apparent protest to the Federal Government's proposed data retention regime, which would mandate telcos and internet service providers to collect and keep transmission data from users for up to two years.

AAPT has been contacted for comment.

Copyright © SC Magazine, Australia


Hackers release stolen AAPT data
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1114

Vote