NSW Government alleges transport website hacked

The NSW Government has claimed a website housing its transport blueprint was hit with two days of "IT attacks" that breached security and exposed confidential documents.

Details of the blueprint were revealed by The Sydney Morning Herald last Saturday.

The paper alleged it obtained the secret documents because they "had been uploaded accidentally to a new website... registered to a company called Bang The Table."

But the state's transport minister David Campbell told NSW Parliament yesterday that claims the documents had been "uploaded accidentally were incorrect."

He instead alleged the website had been breached after two days of sustained attacks on the site's firewall and said the matter had been referred to NSW Police.

"It was a secure site, as it was under construction," Campbell said.

"Contrary to the newspaper's claim, I am advised by Bang the Table that at no time was the website available to casual viewers."

Campbell said he had been advised by the IT contractor building the website, Bang The Table, that "there were two days of IT attacks on the website firewall security that began on Thursday 18 February at 8.44 p.m. and continued until around midday on Friday 19 February".

"On the advice provided by Bang the Table, it seems that the only way to enter the site was to hack into it. And allegedly someone did," Campbell said.

"It was not a one-off but a concerted effort. An internal investigation by Bang the Table found a total of 3,727 unauthorised hits on the website's firewall security over a two-day period.

"That is akin to 3,727 attempts to pick the lock of a secure office to take highly confidential documents."

He alleged the attacks had been traced back to four IP addresses, including a "Sydney media" address. He did not name the paper directly.

"On Friday 19 February an unknown person using a Sydney media IP address entered the secure site for 21 minutes from 1.02 p.m. unti1 1.23 p.m. and accessed confidential Government information," Campbell said.

The allegations were dismissed by The Herald. In a statement, the paper's editor Peter Fray said the journalists "may well be hacks but they are not hackers."

"The information on the NSW public transport blueprint was freely and publicly available on Friday afternoon, February 19. Accessing it did not require a password. You just had to put in the web address," Fray said.

"The real issue here is that the government's spin machine did not control the release of the information.

"The Herald spoiled the government's plans for a glossy launch of the information on Sunday."

Fray said he was unaware of the police investigation but would "happily assist" authorities with their inquiries.

Update: Bang The Table has admitted areas of the website were "temporarily accessible", according to a report by ZDNet.