Hacker convicted for infiltrating Country Liberals' website

A Victorian man has been charged with hacking into the website of the Country Liberal political party and stealing sensitive credit card details and personal information for as many as 117 members.

Aaron Camm was this week fined $500 and put on a 12-month good behaviour bond after pleading guilty to penetrating the website, following three charges of computer hacking by the Australian Federal Police.

The then-18-year old used a SQL database command attack, known as SQL injection, to unlawfully access the online membership application section of the site.

Camm was able to nab credit card details of 76 party members and the personal information of 117 members, and later made a number of purchases online using the stolen credentials.

He performed the attack over several months from November 2014 to February 2015, according to the Bendigo Advertiser.

The NT-based Country Liberals website was taken down in March last year "for a short period of time" when the AFP alerted the party to the attack, Country Liberals president Tory Mencshelyi told iTnews. 

It is down currently for reasons unrelated to the hack, Mencshelyi said - the party is rebuilding it for the federal and Northern Territory political campaigns.

The party had initially been advised the attack may have been perpetrated by hacking affiliate Anonymous, Mencshelyi said, after the collective reposted stolen information that had been dumped online by Camm.

However, the AFP later traced the attack back to Camm and searched his home in March 2015, when they seized several electronic devices including a PC and iPhone.

According to the Bendigo Advertiser, Camm said he learnt the SQL injection technique from YouTube and wanted to test if he could do it. He was unemployed at the time, the paper said, and boredom led him to attempt the attack.  

Mencshelyi said the party had acted quickly to secure its systems upon being alerted to the breach, by changing the site's passwords and taking it offline for a short period of time.

She said when the website comes back online it will no longer store credit card details locally, with the party moving to a third-party gateway for payments. Membership details will still be stored locally.

"It's a good warning to businesses and organisations that store information and financial details for their membership to ensure their systems have the highest level of security," she told iTnews.

"Unfortunately for us we were able to be hacked, but we have put in place measures to ensure that any details that come through online are securely stored, and we are constantly monitoring and reviewing our website and security."