Hackers steal AAPT customer data to protest web spying proposal
AAPT CEO David Yuile. Photo: MATTHIAS ENGESSER
- Every click you make, they'll be watching
- New web spy powers: for and against
- Roxon doubts over security plans to store web history
- Data trail easy to follow for Big Brother
Hackers have stolen customer data from Australian ISP AAPT to highlight the dangers of a proposal to force telcos to store every Australian's web history for up to two years.
AAPT CEO David Yuile confirmed the security incident which occurred at 9.30pm last night in a statement to Fairfax Media this afternoon, saying he was "extremely concerned". AAPT is conducting an investigation and has promised to contact any affected customers.
The "data retention" proposal to store Australian's web history is being considered by the Parliamentary Joint Committee on Intelligence and Security in the face of strident opposition from internet freedom advocates who believe it is unnecessary, invasive and could expose Australians to privacy risks. Its supporters are law enforcement agencies, who argue without data retention countless crimes would go unsolved.
Exactly what AAPT data has been stolen is so far unclear, and the hacker who claims to have stolen it has yet to release it. He told scmagazine.com.au that he stole it "to prove a lack of security at ISPs and telcos" would inevitably expose any web history data collected under the data retention scheme.
In a statement, Attorney-General Nicola Roxon urged interested parties to avoid "hysteria" and contribute to the Parliamentary Joint Committee on Intelligence and Security inquiry instead.
AAPT's David Yuile said Melbourne IT alerted his company to the security incident last night.
"It was brought to our attention by our service provider, Melbourne IT, at approximately 9.30pm last night that there had been a security incident and unauthorised access to some AAPT business customer data stored on servers at Melbourne IT," he said in a statement.
"AAPT immediately instructed Melbourne IT to shut down the servers when we were notified of the incident."
He said preliminary findings suggested that two files were compromised and that the data was "historic, with limited personal customer information".
Further, he said the servers on which the files were stored had not been used or connected to AAPT for at least 12 months. "We are undertaking a thorough investigation into the incident with Melbourne IT and the relevant authorities to establish exactly the type and extent of data that has been compromised, how the security incident happened and what further measures are required to prevent any future incidents."