ARN

PM's office passwords pose security risk

More than 10 per cent of passwords used in the Prime Minister's department can be easily broken in an hour by hackers

More than 10 per cent of passwords used in Prime Minister Julia Gillard's department can be easily broken in an hour by hackers using "brute force", a report from the Australian National Audit Office says.

Auditor-General Ian McPhee discovered passwords could be cracked by running a basic generator that found phrases like "Holiday1" were used in place of more complex passwords using a mixture of numbers, symbols and letters.

McPhee looked at four seemingly very different areas of government: Medicare, the office of financial management, prime minister and cabinet and ComSuper.

"These agencies were selected as they represent a general cross-section of agencies and their associated ICT (Information and Communication Technology) systems," he said.

While the problems were not specifically linked with the individual groups, a graph included in the report shows all four groups had more than 10 per cent of "total passwords compromised" by "brute force" attacks.

Similar problems were found across the organisations.

Not only did passwords need to be more complex, but access to web-based email accounts such as Hotmail and GMail needed to be blocked.

Basic software updating was not being done regularly enough, and this left security holes, the audit found.

The failure showed a lack of a "security culture".

The problem of relatively simple passwords is made even worse because some of them provide access to so-called "privileged access accounts".

These accounts allow the user to change the passwords of others, move data, change data and perform other actions with national security implications.

McPhee called for a close look at the risk.

The department of prime minister and cabinet agreed.

"Review of privileged access accounts is regularly undertaken," the department said.

The release of the audit coincided with News Ltd reports that the unclassified network used by cabinet has been hacked, possibly byChinese cyber soldiers.

The Australian Security Intelligence Organisation is said to have begun an investigation.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Australian National Audit Office, etwork, Hotmail, National Audit Office, Technology
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Australian National Audit Office (ANAO), email, hackers, passwords, Prime Minister Julia Gillard, security, security breach
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/392_kodak-i2000-series-scanner-add-a-smart-touch-t
ACA Pacific

Kodak i2000 Series Scanner - Add a Smart Touch to your office.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.