[ad] The service leader for Cloud is now in Australia. Secure, reliable cloud and managed hosting all backed by 24x7x365 Fanatical Support. Create your free account now.
Buy an Seagate Business Storage NAS for your chance to win a holiday
[ad] Purchase a selected Seagate Business Storage NAS to receive a $20 cash-back AND go into the draw to win a $1,000 Flight Centre voucher so you can holiday in the destination of your choice. T&Cs apply.
Great articles on other sites
- NBN Co strategic review to be released tomorrow
- Xbox One smashes sales records
- Tech leaders call for speed, ubiquity in NBN rollout
- AIIA urges Hockey to tackle taxes
- IBM accuses Qld govt of trying to ‘rewrite history’
- Newlease undergoes reverse takeover to score ASX listing
- Australia Post loses battle | The Australian
- Start-ups leap at Telstra's accelerator
- Labor won't hand over NBN advice to Turnbull
- Adelaide Uni on hiring blitz for tech transformation
How mobile and social media affect your Customer Experience strategy
[ad] How will the adoption of mobile devices and social media affect your Customer Experience strategy? Are you reaching your organisation's customers through these touch points? Click here to download a whitepaper by Fifth Quadrant examining consumer and business attitudes to these new contact channels.
50 things top IT pros need to know
[ad] This 18 page TechRepublic whitepaper explores 10 things you should know to become an epic IT manager, 40 other essential tips to advance your IT career and practical guidance for starting an IT consulting business. Click here to access the whitepaper.
News, Telecommunications - Written by Renai LeMay on Thursday, September 27, 2012 10:34 - 27 Comments
Has iiNet been hacked? Rumours swirl
news National broadband provider iiNet has conducted an audit of its network security, as persistent rumours continue to swirl that one of the company’s customer databases has been broken into and its contents handed over to spammers – a claim iiNet says it can find no evidence for.
Several months ago, Delimiter received an unverified tip stating: “iiNet’s games network has been hacked. Usernames and passwords compromised. Happened 3 months ago. Discovered last Friday. Customers have not been notified and don’t know that their passwords are not secure.” At the time, the information was not able to be verified, and there continues to be no verified evidence that such an attack had been perpetuated at the ISP.
However, starting several weeks ago, iiNet customers on broadband forum Whirlpool started complaining about receiving spam email containing Amazon branding to accounts which they had not publicly used for any purpose.
“Since I run my own mail server, I don’t use my @iinet.net.au e-mail address except to contact iiNet,” a user named ‘Malvineous’ wrote at the time. “A few weeks ago I started getting a couple of non-English spam messages sent to it (all from the same place), which seemed strange as I have never entered this address in anywhere. This morning I received an apparently legitimate looking spam from “Amazon local deals” except that it appeared to originate from a Linode VPS instead of Amazon’s network.”
A number of other users replied noting ‘that they had been experiencing exactly the same phenomenon. “Same thing with me,” wrote ‘rikki’, for example. “I recently logged in to my iinet email account (which I never use), for a support query update and noticed that email which I just deleted without reading it as it looked like spam. I’ve been having exactly the same thing with my iinet email address. Like you, I never use it and have my own mail server. I probably first noticed the Amazon email a week or so ago and just received another this morning.”
‘Malvineous’ wrote that they were concerned about the wider implications from the situation, rather than merely the fact that their email address was receiving a small amount of spam.
“Given that it seems a number of iiNet customers are receiving the *same* spam, at the same time, it looks like there’s a list of iiNet usernames floating around somewhere. This is quite worrying, because if it turns out to be true, we need to know where the list came from. If it was stolen from iiNet, what other information was taken? Was it just usernames, or did it include real names, addresses and/or credit card info as well?” they wrote. “Nobody is that worried about the spam itself, but the fact that there is spam suggests there’s something bigger going on, and that’s what we’re concerned about.”
One possible avenue of attack is an automated spam mechanism guessing iiNet usernames through a brute force avenue – simply emailing every possible combination of usernames. This possibility was raised by iiNet representative Mayank Gavri on the Whirlpool thread dealing with the situation.
This week, iiNet network services manager Roger Yerramsetti posted that iiNet had done “a lot of digging” but could not find any evidence of a security breach or inappropriate access of customer information. “Our teams have looked outward from iiNet and we’ve had expert people looking inward from outside as well,” he wrote. “There were some settings we were not happy with, which have now been modified, but for obvious reasons we cannot state what we have done. At this point we are happy to offer to change any affected account holder’s authoritative email address to stop any further unwanted emails.”
The news comes several months after another major Australian telecommunications company, AAPT, had some of its data compromised, with the loose knit group of Internet activists known as ‘Anonymous’ publishing some 3.5 gigabytes of data from the company, in protest against a wide-ranging package of surveillance and data retention reforms currently proposed by the Federal Government.
At this point there is no verified evidence that iiNet has been hacked at all – only rumours and innuendo. But I thought it worth publishing an article on this subject as I have been receiving reader tips about this matter every two or three weeks for the past couple of months, and iiNet has made a statement on the issue. If anyone does have concrete evidence about this issue – especially if iiNet is hiding anything – please don’t hesitate to use Delimiter’s anonymous tips form. Even we won’t know who you are ;)
Latest Delimiter 2.0 articles (subscriber content)
|Politicians from Australia’s major parties need to stop issuing ludicrous blanket pardons for the intelligence community’s ongoing misdemeanours and start applying a basic modicum of transparency and accountability to this important national security function.|
|The independent pro-fibre National Broadband Network movement is doing a far better job of promoting Labor’s Fibre to the Premises-based NBN policy than Labor itself. When is Labor going to wake from its slumber and start supporting this scrappy but energetic grassroots network of activists?|
|Ziggy Switkowski's first substantial public appearance since being appointed NBN Co chief executive has starkly demonstrated just how different he is from his predecessor, Mike Quigley, and just how strictly he will adhere to the guidelines which his patron, Communications Minister Malcolm Turnbull, has set for him.|
|Australian technology companies have been virtually absent from the the nation’s public stockmarket over the past decade as the stigma of the dot com bust took its toll on investor confidence. But a clutch of new listings planned for the closing months of 2013 shows renewed interest in the sector and that local entrepreneurs are smelling money in the air once again.|
|NBN Co’s Strategic Review process gives the company an unmissable opportunity to re-evaluate the early decision to deploy its FTTP network primarily through Telstra’s underground ducts. The company and its new Coalition masters must now seriously consider deploying more fibre aerially on power poles in an effort to speed up its rollout substantially.|
|That moment which many Australian technologists fervently hoped for but never expected to see has come to pass: Simon Hackett has been appointed to the board of the National Broadband Network Company. But what questions should the Internode founder be asking NBN Co’s executive management team? Here’s five ideas to start with.|
|The rapid replacement of respected NBN Co chief operating officer Ralph Steffens with a Telstra executive who appears less experienced with fibre rollouts but better politically connected represents a key signal that NBN Co’s senior executive hiring process has now become completely politicised and is no longer independent from the Federal Government.|
Enterprise IT, Featured, News - Dec 11, 2013 13:07 - 2 Comments
“Diabolical mess”, “Scandal of epic proportions”: NT ICT Minister damns Fujitsu to hell in extraordinary rant
More In Enterprise IT
- Qld confirms plans to sell CITEC
- David Boyle appointed NAB CIO
- Qld payroll lawsuit ‘rewriting history’, says IBM
- Harbour City Ferries goes Microsoft across the board
- Payroll disaster: Queensland sues IBM
Featured, News, Telecommunications - Dec 12, 2013 13:42 - 4 Comments
More In Telecommunications
- Vodafone’s Morrow new NBN Co CEO: AFR
- Turnbull requests Labor’s secret NBN docs
- Labor forces NBN Co back to Senate
- Telstra 4G trials hit 300Mbps
- “Captain of the Titanic”: Turnbull mocks Quigley’s NBN tenure
Blog, Industry, Startups - Dec 10, 2013 10:19 - 0 Comments
More In Industry
- Telstra shares millions with Box
- The Australian IT sector needs a stronger voice
- Xbox One goes off with a bang … but will the PS4 launch eclipse it?
- It’s not just Freelancer: Aussie tech IPOs are back in general
- Freelancer’s IPO: A billion reasons to care
Digital Rights, News - Dec 10, 2013 18:57 - 0 Comments
More In Digital Rights
- Telstra ‘not logging’ customers’ web, email history
- Labor, Coalition reject Intelligence committee reformation
- Screwed: Australian PS4, Xbox One lack basic functionality
- Censored: Appeal for AG’s Blue Book fails
- Senate to force TPP publication