Report shows Government ignored hack attack warnings
By Sandra Van Dijk
8 August, 2001 14:00
Australia
http://computerworld.idg.com.au/idg2.nsf/All/9C21AF1DA1DD79E84A256AA2001761BB!OpenDocument&NavArea=Home&SelectedCategoryName=News
A Cabinet report prepared for the Carr Government two years ago warned
hacking incidents would occur at Parliament House unless IT security was
drastically improved. The consulting report prepared in 1998 by Admiral
Computing warned immediate action had to be taken to secure Parliament
House IT systems.
The Government ignored the warning that has resulted in the launch of a
Police investigation last week into allegations a NSW Labor MP's computer
was used to hack into confidential State Opposition files.
Admiral Computing's initial report into IT security was addressed to former
general manager of the Central Corporate Services Unit at the Department of
Public Works, Richard Michel. According to the Department of Public Works
June 1997/98 annual report, the Government paid $246,713 for the
"information security breach analysis" project.
Michel told Computerworld he received the report in 1998 "which provided
the basis for a security framework" for the NSW Government, but would not
elaborate on why recommendations were not implemented.
Michel, who is now the IT services director at the Department of Community
Services, was also unwilling to comment on a second report by Admiral
Computing into IT security at Parliament House handed to Cabinet several
months later.
A Freedom of Information (FOI) request has been filed by NSW Opposition
Leader Kerry Chikarovski to obtain a copy of the report in a bid to find
out why action was not taken when Cabinet was made aware of the problem two
years ago.
Chikarovski has advised Liberal MPs not to use the parliamentary computer
system for confidential or sensitive matters until the issue is resolved
and said Police Commissioner Peter Ryan has given an assurance full police
resources will be used to investigate the matter.
"Opposition MPs will not be using the computers for any confidential
matters until an audit is undertaken of all machines," she said.
"We are all on the same system here, which is a bit like the Commonwealth
Bank and Westpac being on the same system; we are only using the computers
for routine matters until the Government provides separate systems for
Liberal and Labor or at the very least, a major IT security upgrade."
Computer files in the office of Opposition Cabinet secretary Charlie Lynn
had allegedly been hacked, but security sources familiar with the incident
said "very little skill and expertise was required to breach the system".
"All you had to do is find the right drive, there is very little access
control; user IDs and passwords are stored locally so potentially this
person had access to everyone's computer," the source said.
"There is no way of telling if other information was accessed and we will
never really know the extent of the breach or the number of times it had
happened previously."
A spokesman for NSW Premier Bob Carr said IT security was a matter for the
presiding officers and the clerks of Parliament House as they make all IT
spending decisions.
He said they were in charge of operation and it was up to them to undertake
an upgrade and improve security measures.
"The Premier will not take any action until police investigations are
complete, we will not interfere in the process," he said.
Asked if the Government will make the report available and why it was
ignored, the spokesman said it was available under FOI.
At a press conference earlier in the week, NSW Premier Bob Carr said the
hacking incident or any reference to political espionage is "very, very
serious".
The Cabinet Office also refused to comment on the report and Admiral
Computing did not return calls.
-- Advice is seldom welcome; and those who want it the most always like it the least. -- Lord Chesterfield, 1748Regards brd
Bernard Robertson-Dunn Canberra Australia brd@dynamite.com.au brd@austarmetro.com.au
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:03 EST