[ISN] Optus accounts hacked

From: InfoSec News (isnat_private)
Date: Fri Jul 12 2002 - 06:07:18 PDT

  • Next message: InfoSec News: "[ISN] Cyberterrorists don't care about your PC"

    http://www.themercury.news.com.au/common/story_page/0,5936,4683306%255E421,00.html
    
    By Joe Hildebrand
    11jul02
    
    A SYDNEY man has been charged over accusations he hacked into the
    internet accounts of more than 400,000 Optus customers.
    
    Detectives from the Computer Crimes Unit raided the 22-year-old's home
    in Bankstown, seizing computer equipment and arresting the man after a
    six-month investigation.
    
    Unit co-ordinator Detective Inspector Bruce Vandergraaf said the man
    allegedly accessed the user names and passwords of 435,000 Optus
    dial-up internet customers in December last year.
    
    He said the security of the system had been compromised and personal
    information such as user names downloaded.
    
    With that information the accused could have used any one of the
    accounts for free internet access or possibly shut down the system.
    
    "The worst that he could do with that access is he could shut the
    whole system down if he wanted to," Insp Vandergraaf said. "In the
    worst-case scenario he could cause incredible havoc. He didn't do the
    worst that he could do."
    
    The man has been charged with unauthorised modification of data with
    intent to cause impairment to a computer.
    
    However, Insp Vandergraaf said it was still unclear whether the young
    man had intended further damage to the system or whether he had hacked
    in just to prove he could.
    
    He said an investigation of the equipment seized might shed some light
    on the matter.
    
    "Motive is something we've yet to work out," he said.
    
    "[The equipment] might give us more indication, when we look at it,
    whether it's boredom or something more sinister."
    
    The man also has been charged over a similar computer attack on
    another unidentified internet service provider earlier this year.
    
    Insp Vandergraaf said the maximum sentence for the charge was 10
    years' imprisonment.
    
    A spokeswoman for Optus last night played down the risk to customers'
    privacy, saying that all customers were immediately notified and their
    passwords changed.
    
    She said no credit card details or personal information had been
    accessed and such data was heavily protected.
    
    But the Optus spokeswoman said the accused's motive was still a
    mystery to the company.
    
    "Your guess is as good as mine [as to] what his intention was, [but]
    certainly there was little or no impact on customers at the time," she
    said.
    
    The man was granted conditional bail yesterday and will appear in
    Bankstown Local Court on August 8.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 09:15:17 PDT