TippingPoint: .gov.au sites frequently hacked

Targeted cyber-criminal activity towards Australian State Government websites has dramatically increased over the last two years, according to security vendor, TippingPoint.

Speaking at its annual security briefing in Sydney, Ken Low, APAC security marketing director at TippingPoint said from October 2005 to May 2007, attacks on qld.gov.au websites have increased from 23 to 47 hacks, resulting in an increase of 104 per cent.

Attacks on sa.gov.au sites also intensified, moving up from 19 to 28, which is a change of 47 per cent, while hacks on the nsw.gov.au domain name moved up by only 12 per cent from 85 to 95 hacks.

Tasmania and Victoria both saw a 33 per cent increase and Western Australian targeted hacks rose by 14 per cent while the Northern Territory was the only region with minimal change.

“Government sites are hacked at least one to two times a month,” said Low.

“Just last month, an [undisclosed] government site was taken down. The hacker was able to bypass the defences and bypass access controls to launch an exploit that brought the site down.”

According to Low, the increase of IT competency in Australian states is increasing the possibility of committing attacks. TippingPoint’s recent research also revealed that hacker numbers inside Australia have increased and are therefore helping fuel the surge.

“The Top 10 hackers in Australia have raised the bar; responsible for more than 3500 attacks between June 1999 to May 2007,” said the report.

Low said: “In the past it was hard to find hackers in Australia which cross the 100 mark - as in responsible for more than 100 attacks - but now there are almost 30 hackers in Australia that were responsible for more than 100 hacks.”

Tougher security enforcement from both government and technological approach is needed as well as better security awareness,” said Low.

The Queenland government did not respond to a request for comment.