The brazen airport computer theft that has Australia's anti-terror fighters up in arms

[InfoSec News <isn () c4i org>]

Forwarded from: Christian Wright <cw () c4i org>

http://www.smh.com.au/articles/2003/09/04/1062548967124.html

By Philip Cornford
September 5, 2003

On the night of Wednesday, August 27, two men dressed as computer
technicians and carrying tool bags entered the cargo processing and
intelligence centre at Sydney International Airport.

The men, described as being of Pakistani-Indian-Arabic appearance,
took a lift to the third floor of the Charles Ulm building in Link
Road, next to the customs handling depot and the Qantas Jet Base.

They presented themselves to the security desk as technicians sent by
Electronic Data Systems, the outsourced customs computer services
provider which regularly sends people to work on computers after
normal office hours.

After supplying false names and signatures, they were given access to
the top-security mainframe room. They knew the room's location and no
directions were needed.

Inside, they spent two hours disconnecting two computers, which they
put on trolleys and wheeled out of the room, past the security desk,
into the lift and out of the building.

The brazen theft has prompted Australia's top security agencies to
conduct emergency damage audits amid fears that terrorists may have
gained access to highly sensitive intelligence from the computers.

The Australian Federal Police and ASIO, the two chief guardians
against terrorism, fired off angry memos to customs officials,
demanding to know the extent to which their top-secret operations have
been compromised.

The Australian Customs Service has admitted the security blunder, but
told customs officers in an email that no sensitive operational
information was lost.

This brought angry rebuttals from customs officers who claimed that
the two mainframe servers held thousands of confidential files,
including top-secret communications between customs investigators and
the AFP and ASIO.

They point to the fact that all officers have been instructed to
change passwords which give them access to the system, but a spokesman
for the Customs Minister, Chris Ellison, said this was a
"precautionary measure".

The theft is being investigated by the AFP, which is conducting 65
counter-terrorist operations against nationalist groups in Australia
and international terrorist groups such as al-Qaeda and Jemaah
Islamiah.

Customs officers believe the thieves had inside information because
they knew how to bypass security, how to identify themselves and where
to go, plus the fact that the mainframe room was regularly entered
after hours for maintenance.

The Community and Public Sector Union, which represents customs
officers, has asked for guarantees that none of its members is at risk
as a result of the theft.

The union expressed fears thatthe lives of undercover agents could be
jeopardised after officers claimed that customs officials were
covering up the true extent of the damage. Also at risk, they said,
are operations against terrorists and international drug cartels in
which customs officers watch the movements of suspects and suspicious
cargo in and out of the country.

They stressed that terrorists had the most to gain by stealing the
servers. "The servers have no value except the information they
contain," an officer said. "They would have personal internal email
accounts, probably the passwords for those accounts, and any
information harboured within them.

"Customs officers use the accounts to communicate volumes of sensitive
operational material and intelligence to each other, including
information from other agencies such as AFP and ASIO. This would be at
risk."

The spokesman for Senator Ellison said: "Extensive testing of the
system is being carried out to determine whether it has been
compromised by the theft. No evidence has emerged to indicate that
there has been any intrusion. Customs has been advised that the
servers did not contain personal, business-related or national
security information.

"Nevertheless, arrangements were made to change all staff passwords as
a precautionary measure. All staff have been asked to report any
irregularities in their access arrangements to the system. As the
matter is subject to an ongoing investigation, it is inappropriate to
comment further. Although there is no evidence of an intrusion,
Senator Ellison has called for a full report."

A spokeswoman for the Attorney-General, Daryl Williams, who is
responsible for ASIO, said: "This is an issue for customs. It is not a
national security issue."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.