Over the past few weeks we have watched Australian hacktivist who are not happy about the proposed security laws that may or may not be coming into place been attacking many different Australian websites under the OpAustralia flag as a result. Alot of these sites have so far been Queensland government based with many defacement’s already happening. The have also been playing with Tony Abbotts website in the form of XSS attacks. > @TonyAbbottMHR You’re a gay fucker –https://www.tonyabbott.com.au/SearchResults.aspx?Search=<script>alert("Tony Abbott is a gay fucker, free Australia now, Australia doesn’t need internet data saved, we need freedom – NullCrew")<%2Fscript> … … &https://tonyabbott.com.au/SearchResults.aspx?Search=<iframe+src%3Dhttps%3A%2F%2Fi.imgur.com/aAiOX.png%2Fscriptlet.html+< … …@Op_Australia @Cyber_War_News@AuAnon #OpAustralia
One of the largest attacks they are claiming so far comes in the form of 40gb of data leaked from Australia’s 3rd largest ISP, AAPT. The data is said to come from a company who has been helping the Australian government monitor content. The main media have been running around wild over this with reports floating around that the data may be exposed by this sunday/monday. Also it appears the Australian government is onto this with an investigation already underway to find out exactly whats been leaked and who the hackers are. This morning i got a email from the Australian government stay safe online service which puts out warnings about these kinds of things. SSO statement:
Users of AAPT services are advised that the internet service provider has confirmed a breach of its systems held at an external service provider, Melbourne IT. Details are limited, however AAPT has confirmed that there has been unauthorised “access to some AAPT business customer data stored on servers.” There has been significant media attention, including claims of responsibility made by Anonymous, which indicate that the compromised data includes: names, agreements, phone records, IP records registrations, contracts, company information, contact persons, company bank accounts. This is unverified information at this time. Authorities are investigating and more information will be provided as it becomes available. AAPT also stated it will be contacting affected customers. What do I do? If you are a customer of AAPT and have any concerns about the security of your data, contact AAPT directly. Precautionary Measures: Business customers of AAPT may consider monitoring financial activity for any bank accounts provided to AAPT. Any passwords used to log on to AAPT’s site can be changed. Monitor AAPT and this service for updates.
So for now the Australian population who use’s AAPT will be fairly on edge as no one is really sure to exactly what data has been obtained and is coming for a possible leak. Also as the SSO alert states this data has been obtained from well known web hosting and service provider MelborneIT who have before been in the headlines for all the wrong reasons.