Melbourne IT investigates systems after AAPT attack

Melbourne IT has moved to verify whether any other customers had been affected by compromised servers during the recent attack on AAPT.

Melbourne IT is now in the process of conducting an investigation into whether any of its other customers have been affected by the attack on AAPT.

Melbourne IT had been responsible for the server that was breached, and ultimately contained data belonging to AAPT.

Speaking to ZDNet, Melbourne IT CEO Theo Hnarakis said that while the organisation was in the process of conducting a forensic investigation to determine the full extent to the breach, at this point, it was hard to say if anyone else was potentially at risk.

However, he did shed some light into how the attackers, which he believes were members of Anonymous, broke into the company's system and how the IT company became aware of it.

"We had been doing an audit on our own servers and we discovered, earlier this week, that one of our servers had been compromised."

That server contained AAPT's data and was running a version of Adobe's ColdFusion, which had been running with a vulnerability present.

"Once we discovered that vulnerability, we were able to rectify it within the hour. We discovered, obviously during that vulnerability stage, that data had been uploaded from the server to the internet. We were not aware of what that data was."

The reason Melbourne IT wasn't able to verify what data had been exfiltrated was due to the need to keep customer data completely confidential — a policy most datacentre operators adhere to.

As Melbourne IT has no ownership of the data, and is also not permitted to view the information, it has not involved the Privacy Commissioner. According to Hnarakis, this would be AAPT's responsibility.

"Whether it's current, whether it's historic, it's not our data."

Australian Privacy Commissioner Timothy Pilgrim told ZDNet that the Office of the Australian Information Commissioner had not been informed by AAPT of the incident and that it was now attempting to contact the telco to verify the situation.

ZDNet also contacted AAPT as to whether it would inform the Privacy Commissioner, but had not received a response at the time of writing.

The ColdFusion vulnerability described by Hnarakis matched initial reports by SC Magazine of how Anonymous penetrated its target, and the recent patching of Melbourne IT's systems also appears to match recent anecdotal claims by unverified members of Anonymous, who had stated that their target had removed their access.

Show Comments