Aussie data breaches doubled in 2011

The number of Australian data breaches reported to forensic investigators has already doubled those experienced in 2010, even though it's only April.

(Broken doors image, by Eran Sandler, CC2.0)

Some of the worst breaches have cost businesses many hundreds of thousands of dollars, and involved significant loss of credit card information and customer information.

Yet it seems that none of the breaches handled by forensic investigators Verizon and Klein&Co have been reported by the media.

"The old adage that all press is good press has been thoroughly dispelled," Verizon investigative response director Mark Goudie said. "None of the cases have been reported by media to my knowledge."

Most of the breaches, which this year were twice as numerous as those reported over same time in 2010, succeeded through basic information security bungles such as the use of lax passwords and default user access rights, Goudie said.

Klein&Co has already handled more than a third of the number of severe credit card breaches this year than it handled in 2010.

"This year we've handled between ten to 15 [credit card] breaches. We handled 33 during the whole of 2010," director Nick Klein said.

He said the major banks and card issuers have reported similar increases. Those organisations are often the first to detect credit card breaches thanks to the use of complex fraud detection technologies.

Banks will share information of breaches and tip-off merchants who then recruit forensic and Payment Card Industry qualified investigators.

Australian credit cards are valuable, and attacks are often "snatch and grab", where hackers will harvest a pile of cards and disappear, according to Klein. He said that they will leave a wreck of evidence behind of the crime, but seldom enough data to lead to their arrest.

But Goudie has found many instances where attackers have maintained access to a victim's infrastructure for months, and have slowly leeched credit cards and data out, sometimes by installing malware.

One hacker whose attack is under investigation by Verizon had manipulated logs and time stamps to throw off investigators. "It makes the analysis a whole lot more complicated because many of the things you rely on is now suspect. You need to double-check everything."

Goudie said that many of the attacks are made possible because of slack information security practices such as weak passwords and default user access rights.

Indeed, the breach of 624 credit cards and phone numbers by Sydney firm Rojone, reported by ZDNet Australia on Friday, exploited weak passwords, according to the alleged attacker responsible for the attacks.

"Rojone used weak authentication on everything, especially web and email, but no security at all on their intranet," he said in an email to ZDNet Australia.