Military personnel data hacked for 'fun'
ADFA graduation parade in Canberra Photo: Andrew Sheargold
A lone hacker stole the personal details of thousands of Australian military staff during an audacious attack he conducted "for fun".
The raid, which breached a university database at the Australian Defence Force Academy last month, is one of the worst known cyber attacks on a government organisation in this country.
Several websites linked to the online movement Anonymous now host the stolen information, which includes a mix of names, identification numbers, passwords, email addresses and dates of birth of about 10,000 students and 1900 staff at the university.
Among the victims are hundreds of senior officers in the army, navy and air force, as well as military personnel from other nations who are enrolled at the academy.
The hacker, known only as Darwinare, said he completed his raid within minutes.
He told Fairfax Media he was shocked at the lack of security.
"I know right, very surprised I didn't get kicked out. So simple, took like three minutes," he said in an online message.
The University of NSW, which runs the academic courses at ADFA, told students of the attack the day after it was carried out, saying it took "immediate action to mitigate the impact of this event".
"We have also removed any possibility of further hacking."
The university said almost all of the stolen passwords were historical and could not have been used to access emails or other personal information.
However, it warned students to be wary of opening "suspicious emails" and said their names and dates of birth "may be used for attempts at identity theft".
"Again, this requires additional vigilance."
Darwinare, who describes himself as "the first black hacker", has previously breached the networks of online bookstore Amazon and at least two American universities.
He contributes to Anonymous and joined its raids on Israeli government websites last month in response to that nation's airstrikes in the Gaza Strip.
When asked why he targeted the university at ADFA, he said: "Oh, that old thing: I was bored."
He said his cyber attacks were mostly "hacks for fun".
"Occasionally, I dedicate a [data] dump to a particular operation of interest."
The Defence Force Welfare Association said on Tuesday that military personnel would be worried by the breach, even though most of the stolen information was not confidential.
Its national president, Colonel David Jamison, said: "The real issue is the ease with which someone can hack into the university and get those records.
"If they can get those, what other records are accessible to them? I'm very concerned the university security was so lax."
Anonymous launched a wave of raids against Australian government websites in September to protest against Labor's plan to record how citizens use the internet.
However, most of those attacks involved shutting websites down rather than stealing confidential data.
Earlier this year, the head of the Australia Secret Intelligence Service, Nick Warner, said spy agencies were directing "considerable resources" against internet warfare.
"The field of cyber-operations is one of the most rapidly evolving and potentially serious threats to our national security in the coming decade," he said.
"Government departments and agencies, together with corporate Australia, have been subject to concerted efforts by external actors seeking to infiltrate sensitive computer networks."