Internet service provider AAPT has suffered a hacking attempt at the hands of internet activists, and experts say the incident serves as yet another reason why businesses need to stay vigilant when updating their IT systems.
The internet activist group Anonymous has taken responsibility for the hack, saying the incident is part of a protest against proposed laws that would increase government surveillance powers. These laws would potentially include more personal data being harvested in servers similar to the ones that were attacked.
AAPT has released a statement confirming the hacking attempt occurred on Wednesday evening, and that data had been stolen.
“AAPT immediately instructed Melbourne IT to shut down the servers when we were notified of the incident,” chief executive David Yuile said in a statement.
“We are undertaking a thorough investigation into the incident with Melbourne IT and the relevant authorities to establish exactly the type and extent of data that has been compromised, how the security incident happened, and what further measures are required to prevent any future incidents,” he said.
The data contains customer records, but the extent of this data is unknown. AAPT was contacted by SmartCompany this morning, but a reply was not available prior to publication.
Anonymous has claimed it has stolen more than 40GB of data, and that it will start releasing some of that information over the next few days. In an interview with the ABC, one supposed Anonymous member suggests “ColdFusion” software used by AAPT contained a vulnerability that allowed the hack to occur.
Melbourne IT – the host of the servers – said it identified the attempt within an hour and was able to close down the vulnerability.
But AVG security advisor Michael McKinnon says there is a question over whether the data accessed by Anonymous had been archived for several months. If that’s the case, he says, it serves as a lesson in how businesses should go about protecting old data.
“As businesses grow, there’s an incredible sprawl of technology, and servers are systems that are only put in place for a short period of time,” he says.
“What inevitably happens is that various pieces of tech become out of date, and the business moves on, but the pieces of tech and servers are just sitting there because no one has made the effort to decommission them.”
For smaller businesses, this means they need to be vigilant in how they maintain old databases as they grow.
“It’s the natural progression of any business, over time they’ll need to decommission and turn things off in order to put new tech in place.”
This has been one of the first major hacks of the year for an Australian business. Last year, hosting provider Distribute IT was attacked and ultimately forced to sell in order to survive.
2011 was a huge year for hacking in general. Sony suffered the largest attack, which cost the business tens of millions of dollars after secure data in the PlayStation Network was accessed.
Yahoo! was also attacked earlier this month, when hackers gained access to email passwords.