Transport site was accessible: Contractor

The private contractor which set up a website to host the NSW Government's transport blueprint has admitted that parts of the site had been publicly available, despite concerns that the site had been hacked to access the blueprint.

The private contractor which set up a website to host the NSW Government's transport blueprint has admitted that parts of the site had been publicly available, despite concerns that the site had been hacked to access the blueprint.

"Areas of the site were temporarily accessible by the use of internal web page addresses," the contractor, Bang the Table, told ZDNet.com.au in a statement.

"This is a matter of significant embarrassment to us. While security was in place on the front page of the site, clearly it was not sufficient to prevent the internal content being accessed. We would like to assure our clients and the community that systems have already been put in place to ensure this cannot happen again," it said.

On Saturday, The Sydney Morning Herald splashed its front page with an exclusive story on the NSW Government's unreleased transport blueprint, saying it had obtained key announcements when they were accidentally uploaded onto a transport website.

But Transport Minister David Campbell said the private contractor developing the site, Bang The Table, had said its unlaunched site had been hacked into on 18 and 19 February.

"I am advised by Bang The Table that at no time was [the] website available to casual viewers," Campbell had told parliament yesterday.

Bang the Table called in the NSW Police to investigate the matter.

Despite its admission that parts of the site had been "temporarily accessible", Bang the Table reiterated the minister's statement that unauthorised persons had attempted to break the security of the website prior to public release.

"On the evening of February 18 a sustained and automated attempt was made by unknown persons to break the security of the Shape Your State website, prior to its public release," the statement said.

The company clarified that the assumption that an automated attempt had been made was "based on a large number of hits being received in a short period of time from a single IP address".

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All