Report shows Government ignored hack attack warnings

Report shows Government ignored hack attack warnings

A Cabinet report prepared for the Carr Government two years ago warned hacking incidents would occur at Parliament House unless IT security was drastically improved.

The consulting report prepared in 1998 by Admiral Computing warned immediate action had to be taken to secure Parliament House IT systems.

The Government ignored the warning that has resulted in the launch of a Police investigation last week into allegations a NSW Labor MP's computer was used to hack into confidential State Opposition files.

Admiral Computing's initial report into IT security was addressed to former general manager of the Central Corporate Services Unit at the Department of Public Works, Richard Michel.

According to the Department of Public Works June 1997/98 annual report, the Government paid $246,713 for the "information security breach analysis" project.

Michel said he received the report in 1998 "which provided the basis for a security framework" for the NSW Government, but would not elaborate on why recommendations were not implemented.

Michel, who is now the IT services director at the Department of Community Services, was also unwilling to comment on a second report by Admiral Computing into IT security at Parliament House handed to Cabinet several months later.

A Freedom of Information (FOI) request has been filed by NSW Opposition Leader Kerry Chikarovski to obtain a copy of the report in a bid to find out why action was not taken when Cabinet was made aware of the problem two years ago.

Chikarovski has advised Liberal MPs not to use the parliamentary computer system for confidential or sensitive matters until the issue is resolved and said Police Commissioner Peter Ryan has given an assurance full police resources will be used to investigate the matter.

"Opposition MPs will not be using the computers for any confidential matters until an audit is undertaken of all machines," she said.

"We are all on the same system here, which is a bit like the Commonwealth Bank and Westpac being on the same system; we are only using the computers for routine matters until the Government provides separate systems for Liberal and Labor or, at the very least, a major IT security upgrade."

Computer files in the office of Opposition Cabinet secretary Charlie Lynn had allegedly been hacked, but security sources familiar with the incident said "very little skill and expertise was required to breach the system".

"All you had to do is find the right drive, there is very little access control; user IDs and passwords are stored locally so potentially this person had access to everyone's computer," the source said.

"There is no way of telling if other information was accessed and we will never really know the extent of the breach or the number of times it has happened previously."

A spokesman for NSW Premier Bob Carr said IT security was a matter for the presiding officers and the clerks of Parliament House as they make all IT spending decisions.

He said they were in charge of operation and it was up to them to undertake an upgrade and improve security measures.

"The Premier will not take any action until police investigations are complete; we will not interfere in the process," he said.

Asked if the Government will make the report available and why it was ignored, the spokesman said it was available under FOI.

At a press conference earlier in the week, NSW Premier Bob Carr said the hacking incident or any reference to political espionage is "very, very serious".

The Cabinet Office also refused to comment on the report and Admiral Computing did not return calls.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Brand Post

Show Comments