Anonymous to release 40GB cache from hacked ISP

Updated: The hacker behind yesterday's defacements against Queensland Government websites will release a sample of a massive data cache allegedly stolen from one of Australia's largest internet service providers.

The hacker, claiming to be associated with Anonymous, told SC they would not release user details contained in the stolen data or name the victim telco.

But they said the telco was "one of Australia's largest".

The cache was said to be a 40Gb database backup and was accessed through an unpatched Adobe ColdFusion vulnerability.

The hacker said the unnamed telco later found and removed the remote shell they uploaded to the server and patched the vulnerability. 

A sample of the cache will be soon released via the hackers' Twitter account.

The data was stolen "to prove a lack of security at ISPs and telcos to properly protect the information" which would be stored under the Federal Government's data retention draft policies.

Yesterday, the same hackers operating under the banner of Anonymous defaced a string of Queensland Government websites in protest against the draft policies.

The hackers targeted the websites after Prime Minister Julia Gillard held an online video conference with the public through Google+, the search giant's social network.

Targeted websites included those linked to tourism, science and economic development. The text of of each defacement was removed shortly after the attacks.

Traffic filtering data was stolen reportedly through a local file inclusion vulnerability on the Queensland Department of State Development website and uploaded to the website ParAnoia, operated by the Anonymous research wing.

Defacements of Australian websites are a daily occurrence and are considered basic in information security circles.

The latest round is targeted as a protest against the proposed data retention poicy.

The Government has held talks with internet service providers for the past two years on the proposal, which would mandate providers to store up to two years' worth of a users' online historical data and provide easier access to social networks such as Twitter.

A public discussion paper released this month on the topic, also providing greater powers to the Government's spy agencies, brought the issue back in the spotlight.

Copyright © SC Magazine, Australia