Hunt reveals hacking tools in MP's computer

[InfoSec News <isn () c4i org>]

Forwarded by: Clem Colman <clem () colmancomm com>

More on the story from Sydney, Australia:

http://www.smh.com.au/news/0108/09/national/national18.html

Thursday, August 9, 2001 

By Robert Wainwright and Les Kennedy 

A computer in the office of the Labor MLC Mr Tony Kelly was loaded
with password "sniffing" software that could have been used to break
into the personal files of the Liberal MP Mr Charlie Lynn, a
consultant hired to investigate hacking allegations inside the NSW
Parliament has found.

The Herald has confirmed that the 12-page preliminary report by a
Melbourne firm, eSec, commissioned by parliamentary staff and handed
to police on Tuesday, recommends a more detailed analysis of the
computer files - a move supported by initial police investigations.

The eSec report, which the company refused to discuss last night, does
not confirm any illegal activity, but suggests there is evidence of
several computer hacking program tools on the system, either
downloaded from the Internet or bought commercially.

It supports the concerns first raised by parliamentary IT staff two
weeks ago when they discovered Mr Lynn's name and his computer IP
address on the screen of Mr Kelly's office computer. It is understood
initial police investigations of the hard drive, being handled by the
computer crime unit of the commercial crime agency, will concur with
the eSec findings when finalised, probably today.

The next stage of the investigation will be to conduct a forensic and
diagnostic audit to determine if the hacking software has been used to
illegally search private files of MPs.

Police would not comment last night, but experts are confident the
dates and times of any security breach would still be evident on the
hard drive. Neither Mr Kelly nor his son, John, has been interviewed,
and both maintain their innocence of hacking allegations.

In other developments:

* A report in a computer industry magazine yesterday said that
  parliamentary staff were warned two years ago that hacking incidents
  would occur at Parliament House unless security was drastically
  improved.

* The Opposition raised concerns that Mr Lynn might not have been the
  only MP whose name and computer address was found on the hard drive.

Mr Lynn has written to the Clerk of the Legislative Council, Mr John
Evans, demanding to know why he was not told about the security breach
immediately.

Mr Lynn said he was unhappy at the way he had been treated and was
frustrated that no-one had offered an explanation about what had
happened. "I understand that Parliamentary staff have been instructed
to refer all inquiries about the issue to the Premier's press
secretary," he wrote.

"Why is the matter now in the hands of the Premier's Department, given
that it is a Legislative Council matter?"

The managing director of eSec, Mr Andrew Tune, refused to confirm or
deny reports that the company had been hired to conduct a report.

But Mr Tune, whose company specialises in hacking technology, said
there had been a rash of security incidents in recent years. "The rash
of incidents is symptomatic of the size and severity of the problem.
It is incumbent on all organisations to take care of sensitive data,"
he said.

"There has been a tremendous expansion in the number and
sophistication of hacking software available on the Internet."

A spokeswoman for Mr Evans, Ms Lyn Lovelock, said she had received a
report from a consultant on Tuesday and had handed it to police.

However, she would not confirm whether it was done by eSec.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.