• Enjoy the freedom to innovate and grow your business

    [ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.

  • IT Admin: No Time to Save Time?

    [ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!

  • Free Forrester analysis of CRM solutions

    [ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.

  • Great articles on other sites
  • RSS Great articles on other sites

  • Reader giveaway: Google Nexus 5

    We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.

  • News, Telecommunications - Written by on Thursday, September 27, 2012 10:34 - 27 Comments

    Has iiNet been hacked? Rumours swirl

    news National broadband provider iiNet has conducted an audit of its network security, as persistent rumours continue to swirl that one of the company’s customer databases has been broken into and its contents handed over to spammers – a claim iiNet says it can find no evidence for.

    Several months ago, Delimiter received an unverified tip stating: “iiNet’s games network has been hacked. Usernames and passwords compromised. Happened 3 months ago. Discovered last Friday. Customers have not been notified and don’t know that their passwords are not secure.” At the time, the information was not able to be verified, and there continues to be no verified evidence that such an attack had been perpetuated at the ISP.

    However, starting several weeks ago, iiNet customers on broadband forum Whirlpool started complaining about receiving spam email containing Amazon branding to accounts which they had not publicly used for any purpose.

    “Since I run my own mail server, I don’t use my @iinet.net.au e-mail address except to contact iiNet,” a user named ‘Malvineous’ wrote at the time. “A few weeks ago I started getting a couple of non-English spam messages sent to it (all from the same place), which seemed strange as I have never entered this address in anywhere. This morning I received an apparently legitimate looking spam from “Amazon local deals” except that it appeared to originate from a Linode VPS instead of Amazon’s network.”

    A number of other users replied noting ‘that they had been experiencing exactly the same phenomenon. “Same thing with me,” wrote ‘rikki’, for example. “I recently logged in to my iinet email account (which I never use), for a support query update and noticed that email which I just deleted without reading it as it looked like spam. I’ve been having exactly the same thing with my iinet email address. Like you, I never use it and have my own mail server. I probably first noticed the Amazon email a week or so ago and just received another this morning.”

    ‘Malvineous’ wrote that they were concerned about the wider implications from the situation, rather than merely the fact that their email address was receiving a small amount of spam.

    “Given that it seems a number of iiNet customers are receiving the *same* spam, at the same time, it looks like there’s a list of iiNet usernames floating around somewhere. This is quite worrying, because if it turns out to be true, we need to know where the list came from. If it was stolen from iiNet, what other information was taken? Was it just usernames, or did it include real names, addresses and/or credit card info as well?” they wrote. “Nobody is that worried about the spam itself, but the fact that there is spam suggests there’s something bigger going on, and that’s what we’re concerned about.”

    One possible avenue of attack is an automated spam mechanism guessing iiNet usernames through a brute force avenue – simply emailing every possible combination of usernames. This possibility was raised by iiNet representative Mayank Gavri on the Whirlpool thread dealing with the situation.

    This week, iiNet network services manager Roger Yerramsetti posted that iiNet had done “a lot of digging” but could not find any evidence of a security breach or inappropriate access of customer information. “Our teams have looked outward from iiNet and we’ve had expert people looking inward from outside as well,” he wrote. “There were some settings we were not happy with, which have now been modified, but for obvious reasons we cannot state what we have done. At this point we are happy to offer to change any affected account holder’s authoritative email address to stop any further unwanted emails.”

    The news comes several months after another major Australian telecommunications company, AAPT, had some of its data compromised, with the loose knit group of Internet activists known as ‘Anonymous’ publishing some 3.5 gigabytes of data from the company, in protest against a wide-ranging package of surveillance and data retention reforms currently proposed by the Federal Government.

    At this point there is no verified evidence that iiNet has been hacked at all – only rumours and innuendo. But I thought it worth publishing an article on this subject as I have been receiving reader tips about this matter every two or three weeks for the past couple of months, and iiNet has made a statement on the issue. If anyone does have concrete evidence about this issue – especially if iiNet is hiding anything – please don’t hesitate to use Delimiter’s anonymous tips form. Even we won’t know who you are ;)

    submit to reddit


    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. GongGav
      Posted 27/09/2012 at 11:00 am | Permalink |

      If it walks like a duck, quacks like a duck, and looks like a duck, theres a good chance its a duck.

      Multiple people reporting the same thing seems to point to the ISP being hacked. Provable or not, the perception is certainly there based on whats been going around. iiNet needs to jump on this now and explain whats going on, or risk a Sony style backlash from its client base.

      • Posted 27/09/2012 at 11:02 am | Permalink |

        I suspect a minor database has been broken into — not their main database — as not everyone is receiving the spam email.

        • GongGav
          Posted 27/09/2012 at 11:04 am | Permalink |

          Quite possibly, but the perception is still out there that they have been hacked, and people are going to make their own conclusions. Which wont be positive ones.

          End of the day its in iiNet’s best interests to post SOMETHING stating whats happened, even if it is just a small issue. Wouldnt take much to calm people down, but right now if I was an iiNet customer I’d be worried.

    2. Andos
      Posted 27/09/2012 at 11:03 am | Permalink |

      I’ve found the same spam emails in my iiNet email, but I don’t think I’ve signed up to “iiNet’s games network” previously…

    3. Posted 27/09/2012 at 11:30 am | Permalink |

      Who even gets SPAM through their filters these days? I’ve not received legitimate SPAM in my iinet inbox for months. Possibly in my SPAM box but I don’t check it. Probably should I spose.

      I don’t use iinet gaming.

    4. stoffs
      Posted 27/09/2012 at 11:57 am | Permalink |

      i’ve been with them for nearly 8 years.

      I remember the day my account was created – i checked their webmail to see what it was like (less than 1 hour after activating the account) and there was a spam message in there.

      So i’ve always wondered if someone there was making some money on the side in regards to selling email account details.

    5. Soth
      Posted 27/09/2012 at 1:23 pm | Permalink |

      Another reason for not having data retention.

    6. Posted 27/09/2012 at 1:54 pm | Permalink |

      Just checked my iiNet email (something I probably haven’t done in over a year since I don’t use it), and I’ve got the Amazon emails as well.

      Oh well, spam away good spammers, fill my unused email account up as much as you want :)

      • Posted 27/09/2012 at 2:16 pm | Permalink |


        Hope they don’t have your credit card details on file at iinet…..cause that could’ve been stolen along with your email address. Not likely- the 2 are likely in separate databases for separate security levels, but even so.

        • Posted 27/09/2012 at 2:27 pm | Permalink |

          Yes they’ve got my credit card on record, but no I’m not worried :)

        • felixmeister
          Posted 28/09/2012 at 12:14 pm | Permalink |

          iiNet is PCI compliant. This means that
          1. CC details are never given to an agent but instead through an IVR, which the agent can’t hear.
          2. That IVR is separate from the rest of the phone system within an isolated secure environment
          3. The CC details themselves are not retained, just a hash within secure & encrypted storage.
          4. The CC details are not sent to the bank. Just the hash which is compared to a hash unique between the bank and the company.

          Yes, theoretically, someone could tap the line between you and iinet, extract the DTMF and rebuild your CC details but ‘borrowing’ your wallet/purse for a few seconds is probably easier.

    7. Daniel
      Posted 27/09/2012 at 5:52 pm | Permalink |

      Spam is random, i get shit all the time in my hotmail and gmail.

      The process should be immediately block and delete through your email client.

      If your using an email client (like outlook) don’t immediately display attachments and or pictures.

      • Michael
        Posted 27/09/2012 at 7:50 pm | Permalink |

        Daniel, the issue is our primary accounts have been compromised not our secondary.

        The growing trend is, spam (3 certain emails) have been recieved to primary accounts, though not any secondary email accounts, (In a nut shell, our primary accounts have been targetted, so its not just random spam)

        Please read the whirlpool thread for details,

      • Michael
        Posted 27/09/2012 at 7:51 pm | Permalink |

        I should also point out, it has been revealed in the thread the details of our primary email are held on a different system.

        So the facts are.

        Primary accounts only have been effected,

        as stated by someone else in the first post..
        “If it walks like a duck, quacks like a duck, and looks like a duck, theres a good chance its a duck.”

    8. Guest
      Posted 27/09/2012 at 7:55 pm | Permalink |

      and the facts that people neglected to mention is there are people NOT getting this spam on their primary email account as well.

      • Posted 30/09/2012 at 8:36 pm | Permalink |

        I only received the first of these spam messages today. Maybe it is just a matter of time until everyone gets their fair share.

    9. fourbypete
      Posted 27/09/2012 at 8:07 pm | Permalink |

      All golden here, I get spam from Russia/ Canada all the time but, nothing as described in the article. To be honest, I don’t even get the cialis/viagra spam anymore and I kinda miss it.
      If I was the AFP, I would be looking at students studying IT related subjects at universities. I’m very suspicious of them! I mean have you seen what they look like these days? It looks like they are from hacker school?!

    10. adam
      Posted 27/09/2012 at 9:32 pm | Permalink |

      I doubt the database has been broken.

      i do however know, if you throw certain php code onto iinet’s personal webhosting, you CAN successfully list their entire webhosting, which basically lists ALL usernames, you cant see whats hosted by that user, but you can see the thousands of users on that specific host that your also hosted on.

      thats all these email scammers need, 1 compromised machine, 1 login, to gain thousands of other usernames :)

      note: i said USERNAMES. not passwords.

      • GongGav
        Posted 28/09/2012 at 9:14 am | Permalink |

        Interesting. In short, if they run the php code and see a username of GongGav, then it doesnt take many braincells to expect that Gonggav@iinet.com.au is a valid email address. Then spam it to see.

    11. Posted 27/09/2012 at 11:09 pm | Permalink |

      I’ve got the same 3 emails in my iinet webmail, from around the middle of the month. I’ve never used my iinet mail service (even for contacting iinet) as I’m a business customer & run my own mail server.

      Also of interest is the fact that my username is 12 characters long and a mixture of alpha and numeric characters. It’s not easily guessable, but I’ve got the same mails as others are complaining about. Oh and I don’t use iinet games service, and never have done

      I’m smelling more than a coincidence..

    12. giltapple
      Posted 28/09/2012 at 1:17 am | Permalink |


      … was not able to be verified, and there continues to be no verified evidence that such an attack had been perpetuated at the ISP.

      It has to be suspected that an/the attack may not have been perpetuated because it had not initially been perpetrated.

    13. Jason
      Posted 28/09/2012 at 8:28 am | Permalink |

      iiNet sucks balls anyway. Who cares.

      • PuffedSlinky
        Posted 28/09/2012 at 12:50 pm | Permalink |

        Solid argument there Jason /sarcasm

    14. EssJay
      Posted 30/09/2012 at 7:20 pm | Permalink |

      I have also been getting the Amazon Local Deals spam.
      Difference is that my address is pre iiNet and is @ozemail.com.
      This means that is doesn’t look like a brute force attack on iiNet – it must be a database/list.
      My account is a primary account and gets the spam.
      My wife’s account is also ozemail.com and is a secondary account and doesn’t get the spam, also indicating this is not brute force but from leaked data.

    15. John Lindsay
      Posted 03/10/2012 at 6:33 pm | Permalink |

      The 3FL forum was a standalone system with its own user database and was not connected to iiNet’s secure networks.

      In June we found that the system was hacked via an unpatched hole in PHP. Upon finding this, we shut down the forum immediately. No financial information was stored on this database. We didn’t handle the external communications well after this incident and have made changes to our internal policies.

      We subsequently retired the old 3FL forum after merging with games.on.net.

      We’ve investigated the spam issue and there’s no evidence linking the emails to the 3FL forum. Accounts created since the 3FL server was shut down have received this spam so it is very unlikely there is any connection.

      iiNet takes security and our customer’s privacy very seriously. We do not store complete credit card data on our servers and are audited for PCI compliance regularly. We run penetration tests against public facing servers and against our firewalls regularly.

      The forum user “adam” has mentioned a php mechanism for finding other customer usernames on the customer web server. We suspect this is the likely origin of the mailing list. Many php installations allow this access but we should have closed it off when the system was installed and we have now.

      I am confident that we are using reasonable and prudent techniques to protect our systems and our customers.

      John Lindsay
      iiNet Ltd

      • Posted 03/10/2012 at 6:36 pm | Permalink |

        Cheers John

        I’ve been with iinet for 8 years now and although we’ve had our ups and downs, I’ve been predominantly happy with your service.

        You appear to have this under control and I know I appreciate, as I’m sure many others do, direct contact with individuals through these sorts of forums to let us know.

        Thanks for the info

    16. Billie
      Posted 28/02/2013 at 8:14 am | Permalink |

      I’d be more worried about reports of hacking into user space at iiNet.

      Several instance reported from Nov 2012 to Feb 2013.

    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:

  • Most Popular Content

  • Six smart secrets for nurturing customer relationships
    [ad] Today, we are experiencing a world where behind every app, every device, and every connection, is a customer. Your customers will demand you to be where they and managing customer relationship is the key to your business’s growth. The question is where do you start? Click here to download six free whitepapers to help you connect with your customers in a whole new way.
  • Enterprise IT stories

    • NetSuite in whole of business TurboSmart deal turbosmart

      Business-focused software as a service giant NetSuite has unveiled yet another win with a mid-sized Australian company, revealing a deal with automotive performance products manufacturer Turbosmart that has seen the company deploy a comprehensive suite of NetSuite products across its business.

    • WA Health told: Hire a goddamn CIO already doctor

      A state parliamentary committee has told Western Australia’s Department of Health to end four years of acting appointments and hire a permanent CIO, in the wake of news that the lack of such an executive role in the department contributed directly to the fiasco at the state’s new Fiona Stanley Hospital, much of which has revolved around poorly delivered IT systems.

    • Former whole of Qld Govt CIO Grant resigns petergrant

      High-flying IT executive Peter Grant has left his senior position in the Queensland State Government, a year after the state demoted him from the whole of government chief information officer role he had held for the second time.

    • Hills dumped $18m ERP/CRM rollout for Salesforce.com hills

      According to a blog post published by Salesforce.com today, one of Ted Pretty’s first moves upon taking up managing director role at iconic Australian brand Hills in 2012 was to halt an expensive traditional business software project and call Salesforce.com instead.

    • Dropbox opens Sydney office koalabox

      Cloud computing storage player Dropbox has announced it is opening an office in Sydney, as competition in the local enterprise cloud storage market accelerates.

    • Heartbleed, internal outages: CBA’s horror 24 hours commbankatm

      The Commonwealth Bank’s IT division has suffered something of a nightmare 24 hours, with a catastrophic internal IT outage taking down multiple systems and resulting in physical branches being offline, and the bank separately suffering public opprobrium stemming from contradictory statements it made with respect to potential vulnerabilities stemming from the Heartbleed OpenSSL bug.

    • Android in the enterprise: Three Aussie examples from Samsung androidapple

      Forget iOS and Windows. Today we present three decently sized deployments of Android in the Australian market on Samsung’s hardware, which the Korean vendor has dug up from its archives over the past several years for us after a little prompting :)

    • Businesslink cancelled Office 365 rollout cancelled

      Microsoft has been on a bit of a tear recently in Australia with its cloud-based Office 365 platform, signing up major customers such as the Queensland Government, Qantas, V8 Supercars and rental chain Mr Rental. And it’s not hard to see why, with the platform’s hybrid cloud/traditional deployment model giving customers substantial options. However, as iTNews reported last week, it hasn’t been all plain sailing for Redmond in this arena.

    • Qld Govt inks $26.5m deal for Office 365 walker

      The Queensland State Government yesterday announced it had signed a $26.5 million deal with Microsoft which will gain the state access to Microsoft’s Office 365 software and services platform. However, with the deal not covering operating system licences and not being mandatory for departments and agencies, it remains unclear what its impact will be.

    • Hospital IT booking system ‘putting lives at risk’ doctor

      A new IT booking platform at the Austin Hospital and Olivia Newton-John Cancer and Wellness Centre in Melbourne is reportedly placing the welfare of patients with serious conditions at risk.

  • Enterprise IT, News - Apr 17, 2014 16:39 - 0 Comments

    NetSuite in whole of business TurboSmart deal

    More In Enterprise IT

    News, Telecommunications - Apr 17, 2014 11:01 - 150 Comments

    Turnbull lies on NBN to Triple J listeners

    More In Telecommunications

    Featured, Industry, News - Apr 17, 2014 9:28 - 1 Comment

    Campaign Monitor takes US$250m from US VC

    More In Industry

    Digital Rights, News - Apr 17, 2014 12:41 - 15 Comments

    Anti-piracy lobbyist enjoys cozy email chats with AGD Secretary

    More In Digital Rights