Optus accounts hacked

[InfoSec News <isn () c4i org>]

http://www.themercury.news.com.au/common/story_page/0,5936,4683306%255E421,00.html

By Joe Hildebrand
11jul02

A SYDNEY man has been charged over accusations he hacked into the
internet accounts of more than 400,000 Optus customers.

Detectives from the Computer Crimes Unit raided the 22-year-old's home
in Bankstown, seizing computer equipment and arresting the man after a
six-month investigation.

Unit co-ordinator Detective Inspector Bruce Vandergraaf said the man
allegedly accessed the user names and passwords of 435,000 Optus
dial-up internet customers in December last year.

He said the security of the system had been compromised and personal
information such as user names downloaded.

With that information the accused could have used any one of the
accounts for free internet access or possibly shut down the system.

"The worst that he could do with that access is he could shut the
whole system down if he wanted to," Insp Vandergraaf said. "In the
worst-case scenario he could cause incredible havoc. He didn't do the
worst that he could do."

The man has been charged with unauthorised modification of data with
intent to cause impairment to a computer.

However, Insp Vandergraaf said it was still unclear whether the young
man had intended further damage to the system or whether he had hacked
in just to prove he could.

He said an investigation of the equipment seized might shed some light
on the matter.

"Motive is something we've yet to work out," he said.

"[The equipment] might give us more indication, when we look at it,
whether it's boredom or something more sinister."

The man also has been charged over a similar computer attack on
another unidentified internet service provider earlier this year.

Insp Vandergraaf said the maximum sentence for the charge was 10
years' imprisonment.

A spokeswoman for Optus last night played down the risk to customers'
privacy, saying that all customers were immediately notified and their
passwords changed.

She said no credit card details or personal information had been
accessed and such data was heavily protected.

But the Optus spokeswoman said the accused's motive was still a
mystery to the company.

"Your guess is as good as mine [as to] what his intention was, [but]
certainly there was little or no impact on customers at the time," she
said.

The man was granted conditional bail yesterday and will appear in
Bankstown Local Court on August 8.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.