• Windows Server 2012 Resource Centre


    [ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.

  • ClearView transforms its business through automation with SolveXia


    [ad] A real-world analysis of how insurance company ClearView improved productivity, reduced human-error risk and increased time spent by staff on high-value activities through automating processes. Click to download case study.

  • Great articles on other sites

  • RSS Great articles on other sites


  • Managing virtualised environments: Free whitepaper


    [ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.

    • Blog, Enterprise IT, Security - Written by on Monday, February 11, 2013 16:03 - 3 Comments

    ATO suffers minor IT security breach

    Tags: , , , , , , ,

    tax1

    blog We’re constantly hearing more and more about how “cyber” security is the next big bad, but concrete examples of how Australian Government infrastructure has been broken into are still thin on the ground. One incident to pop up last week has been what appears to be a relatively minor breach of an Australian Taxation Office portal through the logins of a number of tax agents. The Sydney Morning Herald reports (we recommend you click here for the full article):

    “Fears have been raised about the security of Australian taxpayers’ information after four tax agents’ account details were illegally used by third parties.”

    The SMH report was quite sensationalist in nature (we know, not surprisingly for the newspaper), but it does look like quite a substantial amount of investigation has been carried out into what took place here. Also, note that we may see more on this in future, as the SMH reporter who wrote the story has filed a Freedom of Information request for further information from the ATO. However, the ATO doesn’t feel as though the SMH got everything right, and has issued its own statement on the situation:

    “It has been reported today that taxpayer information is at risk after criminals stole the identity of four tax agents. The report suggested that all Australian taxpayers’ information was under threat. This is incorrect. The identities of four tax agents were stolen and used to fraudulently obtain AUSkeys giving access to specialist tax agent online services (tax agent portal).

    The ATO has contained the threat and cancelled the AUSkeys. We are working with the affected tax agents to ensure their practices and information is secure. Doing business online has benefits, but it also comes with risks. People looking to commit identity fraud constantly look for ways to profit so it is critical to remain vigilant regarding your personal information and online security. Online fraud can be complex and multilayered. We are investigating the incident and working with relevant law enforcement agencies.”

    So where’s the truth here? We suspect it’s somewhere in the middle between these two views. Was this a serious breach, with the taxation files of millions of Australians at risk? Not really. The ATO’s systems look to be a little bet better protected than that. But equally, was this just an incident of no consequence? Again, not really. The intrusion did have the potential to see some sensitive tax information stolen.

    In our experience, this kind of outcome is pretty much the norm in the IT security industry. When a break-in initially occurs, it’s panic stations, followed by a gradually calm-down as the realisation hits that nothing that sensitive was accessed. It will be interesting to see if more such security breaches occur over the next few years in the Federal Government.

    Image credit: Matt Aiello, royalty free

    Related posts:

    1. Vodafone investigates reported security breach
    2. ThreatMetrix acquires Aussie security firm TrustDefender
    3. Govt may force data breach disclosure
    4. Dell Australia hit by Epsilon breach
    5. Does e-tax 2010 have a security hole?
    		 submit to reddit Print Friendly and PDF

    3 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. GongGav
      Posted 11/02/2013 at 7:19 pm | Permalink | Reply

      Not sure how much I can say, but the blunt reality is that the risk to taxpayers was very very small. You’ve pretty much nailed it Renai, it wasnt an overly serious issue, but equally there will naturally be consequences.

      Look at it a different way. The ATO discovered the issue very early on, and acted on it accordingly. So as something that (sadly) is relatively common in IT security, at least they were able to head it off before it escalated to Sony-esque proportions.

    2. Stephen H
      Posted 12/02/2013 at 10:30 am | Permalink | Reply

      Given reports from the US of how hackers have managed to penetrate government agencies, it seems the only real protection is to avoid attracting hackers’ attention. If they want to break in, they will.

    3. Bargy987
      Posted 12/02/2013 at 10:49 am | Permalink | Reply

      It would be interesting to know whether this is a social breach (ie a laptop was stolen that contained the Auskeys), Third party software was hacked (and they obtained the Auskeys that way), or if it is a breach of Auskey itself?

    Leave a Comment

    Comment


    Home Forums Topics

    Viewing 15 topics - 1 through 15 (of 72 total)
    1 2 5
    Viewing 15 topics - 1 through 15 (of 72 total)
    1 2 5

    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


    Get our daily newsletter

    Get all our new articles every weekday morning.

    Email address:



  • Anonymous tips

    Got some inside information on something that should be made public? Use our anonymous tips form. Even Delimiter won't have a clue as to your real identity.

    • Most Popular Content

  • Enterprise IT news & views

    • Hacked? NSW Education in major outage steam-computer-broken

      The NSW Department of Education and Communities has confirmed it has suffered a major event in its IT operation this week that knocked key staff services such as email offline, with an an unverified source claiming it had been hacked and suffered the deletion of thousands of accounts.

    • Future IT project fail?
      NSW Police gets COPS replacement funding       backtothefuture

      If you’ve been following state government IT in Australia for as long as I have, it starts to get easier and easier to see major IT project failures before they even happen. And NSW Police just popped up a doozy.

    • Is IBM retrenching 1,500 Aussie staff? ibmlogo

      If reports are to be believed, and they’re flooding in from both mainstream media outlets with claimed staff sources, as well as online staff message boards, the company could be in the process of making some 1,500 Australian staff redundant, which would probably be about 10 percent of its local workforce.

    • Attanasio takes NSW RMS CIO role joe-attanasio

      Former Customs CIO Joe Attanasio takes up the equivalent role at NSW Roads and Maritime Services.

    • Kundra reforms hit Queensland:
      State Govt pledges ‘cloud first’, IT dashboard       brisbane

      The Queensland Government has committed to adopting two of the most radical measures implemented by then-US Government chief information officer Vivek Kundra in the Obama administration’s first term, as it grapples with a government-wide ICT Audit released last week that starkly demonstrates the potential for further disasters akin to the Queensland Health payroll catastrophe.

    • Questions raised about Post IT transformation australiapost

      Australia Post has issued a statement staunchly defending the progress of its IT transformation program, Building Future Ready IT, as questions are being raised about some aspects of the project’s ability to meet its goals on time and while avoiding significant risks associated with any such corporate technology renewal effort.

    • Enterprise IT, News - Jun 20, 2013 12:12 - 3 Comments

    Hacked? NSW Education in major outage

    More In Enterprise IT


    Enterprise IT News

    Internet, News, Security, Telecommunications - Jun 20, 2013 14:20 - 7 Comments

    Rejected: Labor to block Greens warrants bill

    More In Telecommunications


    News Telecommunications

    Blog, Gadgets - Jun 19, 2013 15:32 - 5 Comments

    BlackBerry Q10 hits Australia July 1

    More In Gadgets


    Blog Gadgets Industry

    Reviews - Jun 11, 2013 17:24 - 14 Comments

    Samsung Galaxy S4: Review

    More In Reviews


    Gaming Reviews