Forwarded by: Clem Colman <clemat_private> More on the story from Sydney, Australia: http://www.smh.com.au/news/0108/09/national/national18.html Thursday, August 9, 2001 By Robert Wainwright and Les Kennedy A computer in the office of the Labor MLC Mr Tony Kelly was loaded with password "sniffing" software that could have been used to break into the personal files of the Liberal MP Mr Charlie Lynn, a consultant hired to investigate hacking allegations inside the NSW Parliament has found. The Herald has confirmed that the 12-page preliminary report by a Melbourne firm, eSec, commissioned by parliamentary staff and handed to police on Tuesday, recommends a more detailed analysis of the computer files - a move supported by initial police investigations. The eSec report, which the company refused to discuss last night, does not confirm any illegal activity, but suggests there is evidence of several computer hacking program tools on the system, either downloaded from the Internet or bought commercially. It supports the concerns first raised by parliamentary IT staff two weeks ago when they discovered Mr Lynn's name and his computer IP address on the screen of Mr Kelly's office computer. It is understood initial police investigations of the hard drive, being handled by the computer crime unit of the commercial crime agency, will concur with the eSec findings when finalised, probably today. The next stage of the investigation will be to conduct a forensic and diagnostic audit to determine if the hacking software has been used to illegally search private files of MPs. Police would not comment last night, but experts are confident the dates and times of any security breach would still be evident on the hard drive. Neither Mr Kelly nor his son, John, has been interviewed, and both maintain their innocence of hacking allegations. In other developments: * A report in a computer industry magazine yesterday said that parliamentary staff were warned two years ago that hacking incidents would occur at Parliament House unless security was drastically improved. * The Opposition raised concerns that Mr Lynn might not have been the only MP whose name and computer address was found on the hard drive. Mr Lynn has written to the Clerk of the Legislative Council, Mr John Evans, demanding to know why he was not told about the security breach immediately. Mr Lynn said he was unhappy at the way he had been treated and was frustrated that no-one had offered an explanation about what had happened. "I understand that Parliamentary staff have been instructed to refer all inquiries about the issue to the Premier's press secretary," he wrote. "Why is the matter now in the hands of the Premier's Department, given that it is a Legislative Council matter?" The managing director of eSec, Mr Andrew Tune, refused to confirm or deny reports that the company had been hired to conduct a report. But Mr Tune, whose company specialises in hacking technology, said there had been a rash of security incidents in recent years. "The rash of incidents is symptomatic of the size and severity of the problem. It is incumbent on all organisations to take care of sensitive data," he said. "There has been a tremendous expansion in the number and sophistication of hacking software available on the Internet." A spokeswoman for Mr Evans, Ms Lyn Lovelock, said she had received a report from a consultant on Tuesday and had handed it to police. However, she would not confirm whether it was done by eSec. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:33:51 PDT