[ISN] Hunt reveals hacking tools in MP's computer

From: InfoSec News (isnat_private)
Date: Thu Aug 09 2001 - 04:37:07 PDT

  • Next message: InfoSec News: "Re: [ISN] Code Red is Not The Problem"

    Forwarded by: Clem Colman <clemat_private>
    More on the story from Sydney, Australia:
    Thursday, August 9, 2001 
    By Robert Wainwright and Les Kennedy 
    A computer in the office of the Labor MLC Mr Tony Kelly was loaded
    with password "sniffing" software that could have been used to break
    into the personal files of the Liberal MP Mr Charlie Lynn, a
    consultant hired to investigate hacking allegations inside the NSW
    Parliament has found.
    The Herald has confirmed that the 12-page preliminary report by a
    Melbourne firm, eSec, commissioned by parliamentary staff and handed
    to police on Tuesday, recommends a more detailed analysis of the
    computer files - a move supported by initial police investigations.
    The eSec report, which the company refused to discuss last night, does
    not confirm any illegal activity, but suggests there is evidence of
    several computer hacking program tools on the system, either
    downloaded from the Internet or bought commercially.
    It supports the concerns first raised by parliamentary IT staff two
    weeks ago when they discovered Mr Lynn's name and his computer IP
    address on the screen of Mr Kelly's office computer. It is understood
    initial police investigations of the hard drive, being handled by the
    computer crime unit of the commercial crime agency, will concur with
    the eSec findings when finalised, probably today.
    The next stage of the investigation will be to conduct a forensic and
    diagnostic audit to determine if the hacking software has been used to
    illegally search private files of MPs.
    Police would not comment last night, but experts are confident the
    dates and times of any security breach would still be evident on the
    hard drive. Neither Mr Kelly nor his son, John, has been interviewed,
    and both maintain their innocence of hacking allegations.
    In other developments:
    * A report in a computer industry magazine yesterday said that
      parliamentary staff were warned two years ago that hacking incidents
      would occur at Parliament House unless security was drastically
    * The Opposition raised concerns that Mr Lynn might not have been the
      only MP whose name and computer address was found on the hard drive.
    Mr Lynn has written to the Clerk of the Legislative Council, Mr John
    Evans, demanding to know why he was not told about the security breach
    Mr Lynn said he was unhappy at the way he had been treated and was
    frustrated that no-one had offered an explanation about what had
    happened. "I understand that Parliamentary staff have been instructed
    to refer all inquiries about the issue to the Premier's press
    secretary," he wrote.
    "Why is the matter now in the hands of the Premier's Department, given
    that it is a Legislative Council matter?"
    The managing director of eSec, Mr Andrew Tune, refused to confirm or
    deny reports that the company had been hired to conduct a report.
    But Mr Tune, whose company specialises in hacking technology, said
    there had been a rash of security incidents in recent years. "The rash
    of incidents is symptomatic of the size and severity of the problem.
    It is incumbent on all organisations to take care of sensitive data,"
    he said.
    "There has been a tremendous expansion in the number and
    sophistication of hacking software available on the Internet."
    A spokeswoman for Mr Evans, Ms Lyn Lovelock, said she had received a
    report from a consultant on Tuesday and had handed it to police.
    However, she would not confirm whether it was done by eSec.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 06:33:51 PDT