Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Hackers claim to have made off with 1800 usernames, email addresses and hashed passwords held by the Tasmanian Government.
Emails are linked to state agencies including Departments of Premier and Cabinet; Treasury; Infrastructure, Energy and Resources; Health and Human Services; Primary Industries, Parks, Water and Environment; and Economic Development, Tourism and the Arts.
The attacker, alias Sp1d3r, gained root access on a media release server operated by the Department of Premier and Cabinet, and accessed user emails and administer credentials.
The media.tas.gov.au site has since been taken offline.
"We obtained full access to the entire system," the hacker, a member of group S4t4n1c S0uls, told SC.
The Tasmanian Department of Premier and Cabinet disabled all logins to the site and patched the vulnerability used in the attack.
"We are satisfied that no information obtained from the media.tas.gov.au website could be used to access other sites on the State Government network," a department spokesman said.
“The login details that appear to have been obtained by the hackers were unique to the media distribution site and have since been disabled."
But the Portugal-based hacking group said in a translated response that the information it obtained could allow it to "access the web and email servers across the government".
"What do you think of this info? Can I get the email conversations of these accounts? And access the admin on the servers? I can? Haha [but it is] clear that I will not do this."
It also said the attack was launched under the auspices of the decade-old Anti Security online movement.
The group defaced the site, causing a media release with one of the group's logos to be sent to media.
"We showed the whole nation and the government that millions invested in technology and safety have not been enough, or were not actually invested," Sp1d3r said.
"We follow an ideology ... protesting against the lies and misrepresentations of corrupt governments, seeking information about where public money goes. We pay taxes and it's absurd that we do not always received the expected response of the state. This is our rotten world."
The group said it has not sought to "destroy or damage" systems that it had hacked, including the server owned by Tasmanian Government.
S4t4n1c S0uls comprises of six members including Sp1d3r, Az_lum, V3rin, S3th, ne0, Ch3z.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.