Queensland TAFE and Education department websites hacked

November 10, 2015 |

It has been a bad day for Queensland Education, at least on line.  The Queensland TAFe and Education departmens websites have been breached according to the itnews report Qld TAFE, Education websites hacked.  Interestingly the Government was made aware of the threat by, presumably, the hacker who made a threat.  Hackers breaching security and stealing information and then threatening to use it unless payment is made is a common tactic.  A demand for payment was made of Aussie Farmers Direct when its web site was breached and personal information stolen.  Aussie Farmers Direct put out a media release stating

Aussie Farmers Direct has advised its customers of unauthorised access to, and publication of, some
customer non-financial details by a third party.
It appears that this data has been published as part of an extortion attempt on the Company.
Aussie Farmers Direct takes the issue of customer data privacy very seriously and we are conducting a thorough investigation. We have notified the Australian Federal Police and the Office of the Australian Information Commissioner, and are now acting on their advice as well as that of independent IT security experts.
Although we do not store credit card numbers within our systems we have also taken the precaution
of contacting our banking partner about the matter.
Aussie Farmers Direct sincerely apologises for any inconvenience this has caused but we are
confident that the matter will be resolved quickly.
We greatly value our customers’ trust and remain committed as ever to providing Australians with
high quality and reliable service.
The itnews article is notable for the palaver that government spokesmen adopt when reporting breaches.  Say a lot to say not very much.  It provides:

Anonymous assailants threaten state govt over stolen data.

Attackers have infiltrated websites operated by Queensland’s TAFE and Education departments and stolen data, state government CIO Andrew Mills revealed today.

Initial investigations indicated the compromised data involved information lodged by citizens through the enquiries and website feedback forms, Mills said.

“For security reasons, the government will not be providing specific details of the information illegally accessed,” he said.

“We are confident that no financial data such as credit card information or bank details have been accessed.”

Skills Minister Yvette D’Ath told state parliament the stolen information was no more sensitive than that found “on other public websites like the White Pages”.

She said it was “held in a format that is not very usable if someone was to access that data”.

The state government has assessed the severity of the threat as “credible but low-level”.

It was alerted to the breach by an anonymous threat via email, however it declined to detail what demands were made.

The office of the GCIO is leading efforts to close the security hole that allowed the attackers entry and “further strengthen its security protocols”. Queensland Police, the Australian Federal Police and the Australian Cyber Security Centre have all been notified of the incident.

Qld Police confirmed it was working with other law enforcement and government agencies on the breach.

It indicated other government agencies across the country had suffered similar attacks.

“This illegal activity follows a number of recent similar cyber attacks in other organisations in both government and private sectors across the country and reminds us all of the challenges associated with cyber security,” Mills said.

“We remain committed to the highest online security protocols required to safeguard our information and Queenslanders can be assured that we are committed to fully investigating this illegal act.”

Queensland Education Minister Kate Jones told parliament the government was “taking this incident very seriously”.

In the UK there is a report, Parliament HACKED: Sensitive data STOLEN, used to hold MP to ransom, that Parliament has been hacked and sensitive files have been accessed.  It provides:

CYBERTHIEVES hacked into the parliament’s secure computer network and used sensitive files to hold an MP to ransom, it has been revealed.

Cybercrooks hacked into parliament’s secure network and compromise several computers, The Times has claimed.

The hackers unearthed confidential documents relating to MP for Newcastle upon Tyne Central, Chi Onwurah – the shadow digital minister – and her employees.

The hack is the first report of a successful cyberattack against the secure parliament network, which is used internally used government employees.

It comes amid fears hackers are winning the cyberarms race against public bodies and companies, like Talk Talk – which was successfully hacked earlier this month with devastating consequences.

According to The Times report, the attackers used a cryptolocker virus to lock confidential files from a shared drive on the parliament network.

Once locked, the virus displayed a random note to the MP with a telephone number and instructs to pay a ransom to unlock the sensitive files.

The MP for Newcastle upon Tyne Central admitted the virus spread fast – but was stopped before it managed to attack any files containing sensitive data about constituents.

The Parliamentary Digital Service (PDS) seized all of the Ms Onwurah’s computers and cut off her connection to shared drive.

Her hard drives were then wiped and replaced, The Times confirmed.

“It’s important that everyone realises how susceptible we all are to theses attacks,” Ms Onwurah said.

“There are reports that foreign intelligence agencies have targeted MPs’ computers, so the time has come to find out how well we are being protected, especially now we know what cyberattackers can do.”

She now plans to investigate the extent of cyberattacks on MPs and the protective measures put in place by the PDS.

Parliament’s computer network serves some 8,500 people, including MPs, lords and staff in the constituency and Westminster offices.

The PDS declined to say how many times the network had been breached in the past two years.

One Response to “Queensland TAFE and Education department websites hacked”

  1. Queensland TAFE and Education department websites hacked | Australian Law Blogs

    […] Queensland TAFE and Education department websites hacked […]

Leave a Reply

Verified by MonsterInsights