by Hamish Barwick

AAPT subject of data breach

Jul 26, 20122 mins

Internet service provider (ISP), AAPT, has confirmed that it was the target of a data breach which affected some AAPT business customer data stored on servers in Melbourne.

AAPT CEO, David Yuile, said in a statement that the incident was brought to its attention by service provider, Melbourne IT, at approximately 9:30pm (AEST) last night.

“Preliminary findings suggest it was two files that were compromised and the data is historic, with limited personal customer information,” he said.

“Further, the servers on which the files were stored have not been used or connected to AAPT for at least 12 months.”

Hacktivst group, Anonymous, which had threatened to release 40GB of data from an ISP in protest over the Australian Government’s proposed data retention laws–which could mean every internet users’ entire Web history is logged and stored for up to two years–posted a message on its Par:AnoIA Twitter account:

“Apparently rumors are spreading much already. Let us point the attention to this link:”

Operation Australia recently tweeted, “We can promise you. That the leak is not fake. We know, and the certain ISP knows.”

IBRS analyst, James Turner, told CIO Australia that the issue for AAPT is that an alleged group of hackers is attacking a third party and then claiming the attack is a political statement.

“It’s like stealing an individual’s car and then saying it was a protest against the number of red light cameras,” he said.

“Whoever committed this attack clearly hadn’t thought through what they were doing, and certainly not why they were doing it. This attack actually helps support the government’s case.”

According to Turner, attacks against civilians, or in this case an unrelated organisation, merely galvanises the Australian Government’s resolve to not be beaten.

“It’s likely that public support for ISPs being made to track user activity will actually increase — as a direct result of this attack.”

Earlier in the week, Anonymous claimed credit for taking down at least 10 Queensland government websites in protest over the proposed data retention rules.

According to a blog posting entitled Par:Onia members of the group used an authentication bypass to loot some “booty” from Queensland government servers which, according to Anonymous, showed how the Australian government was monitoring citizen’s activity online.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow CIO Australia on Twitter: @CIO_Australia