Qld Govt depts home to botnets


Note: This article initially wrongfully focused on an audit report published in March this year. It has been updated to focus on IT security implications from the recent Queensland Government ICT Audit.

blog State government IT auditors have been warning about the ludicrously inept state of state government IT security systems and processes for some time; I can personally remember reporting on this area as long ago as five years, long before the current hysteria over ‘cyber-security’ intrusions and ‘cyber-espionage’ came to the fore. Plus, when it comes to IT in general, the Queensland Government is laughably inept.

That’s why it’s no surprise, but perhaps something of a worry, that last week’s Queensland Government ICT audit found that some of the state’s departments were home to botnets and contained woefully out of date and un-patched public-facing software. ZDNet tells us (we recommend you click here for the full article):

“It found that many government networks are “under constant attack”, “contain some computers that are compromised”, and “are involved in attacks against other systems”. The report noted that traffic is being allowed through perimeter defences, and that its audit probably has not detected the full extent of the problem, given the number of unpatched systems.”

None of this should be surprising, given that a separate audit report published in March this year and also reported by ZDNet sharply criticised a number of major Queensland Government departments for having zero plans to deal with IT security issues.

Could things get any worse at the Queensland Government when it comes to IT right now? Probably not. The state’s ICT systems are in dire need of replacement (to the tune of $7.4 billion), due to chronic underinvestment over decades, its procurement model appears to be largely broken, and now we find out that a number of government departments have been taken over by botnets and are attacking others. Quelle surprise! It’s Queensland! The most inept public sector jurisdiction in Australia! The land of ICT disasters! The home of the Queensland Health payroll catastrophe! The state that, when it comes to ICT, literally has no idea what it is doing!

Image credit: Popular Internet meme


    • Whole reason is the frontline staff don’t pay attention or report it. Might not be trained on security ideas

      I am contractor with over 4 years experience in government and enterprise:
      Situation happened last year where notice mouse moving around over 2 week period.
      Told my coworkers and got mocked like imagined it

      Eventually I told my head manager:
      “hey found something nasty. we need lets block this with TMG forefront blocking” then problem went away
      Which head manager response:
      “Why didnt you tell me sooner?”
      And Told him other co-workers mocked me

  1. Its not only Qld. I’ve seen clear evidence of compromised govt websites in some of the other states.

Comments are closed.