Friday, 30 June, 2000 Hacker cracks Treasury's web site

By LINCOLN WRIGHT

An adventurous computer hacker cracked into a Treasury web site containing confidential information about thousands of Australian businesses that had registered for the new goods-and-services tax system.

The hacker called ABC Radio yesterday morning and told the announcer he had gained access to the banking details of 27,000 companies that had provided their financial details to the government.

He told the radio program he had sent 17,000 e-mails to companies that had registered, informing them of their bank details.

The Australian Federal Police has launched an investigation into the person, who had initially gone by the name of "Kelly".

As a result of the report, the federal Treasury closed the web site and the AFP has started an investigation into the hacker, or what some in the underground of computer infiltration call a "cracker".

The cracker or hacker said there was basically no security on the web site of the GST Start-Up Assistance Office, used by companies that wanted to register for supplier status for the redemption of $200 GST certificates.

"Registered suppliers are entitled to supply goods and services for GST certificates issued with ABN [Australian Business Number] and GST registration before 31 May," the GST Start-Up Assistance Office said yesterday,

The Institute of Chartered Accountants said it was concerned about the report, saying it was a serious breach of privacy that would undermine the confidence people have in public institutions.

The Treasury assistance site contains about 27,000 Australian Business Numbers.

No taxpayer information had been infiltrated into by the hacker, the Australian Taxation Office said, and its databases had not been breached.

The Taxation Commissioner, Michael Carmody, managing one of the most fundamental changes to the tax system, broke off from meetings yesterday to deal with the problem.

He said, "Our web sites have not taxpayer information or databases on them at all."

The web site that was hacked into was www.gstassist.gov.au.

Computer experts said the hacker typed in a number and came up with the details of the company, depending on the number that was used.

The e-mail the registered companies received from "Kelly" said the site had serious security flaws which permitted access to private details.

Opposition treasury spokesman Simon Crean said the Government had failed in its duty to ensure that the privacy of businesses was protected.

"This is a total botch-up by the government and they stand condemned," Mr Crean said.

But Prime Minister John Howard said Mr Crean should have been denouncing the hacker and not the government.

"That is absolutely and completely irresponsible," he told Parliament.

A spokesman for the National Institute of Accountants, Neil Marshall, said "Who knows what could have happened in this situation? The Government should be embarrassed by this security lapse but they should be thankful they just lost face. But businesses could have lost more."

http://www.canberratimes.com.au/news2/news5.shtml

-- Martin Thompson (mthom1927@aol.com), June 30, 2000