Auditor calls for Government ban on Gmail, Hotmail

[mellie]

Auditor calls for Government ban on Gmail, Hotmail

An audit of electronic security at four Federal departments and agencies found one department - Prime Minister and Cabinet - allowed staff to access the free unsecured email services for business reasons.

Log files obtained by the auditor showed some department staff were using the free accounts regularly.

Prime Minister and Cabinet told the auditor that it would cease allowing staff access to free email services from July 1, .

Why July 1,(The day the greens take the balance of power in the senate) why not effective as of immediately if insecurities have been identified?

The Australian National Audit Office has called on all government agencies to block free web-based email services like Gmail and Hotmail to mitigate security and information integrity risks, labeling them as a vector for attack or accidental leaks.

A member of my family works for non-government health care organisation, and even they, as dull as their conversations between staff and so forth would be, (hackers wouldn't even bother targeting their staffs insecure email accounts) they are forbidden to use unsecured email services on their secured networks.

A ‘brute force’ test resulted in around 20 percent of passwords being compromised, according to the audit.

You know how easy it is to access hacking tools these days, sigh~


Anyone with enough time on their hands with a average understanding of computers can crack free email accounts, look at all these lovely tools.

http://packetstormsecurity.org/files/ta ... ker/page2/

The Audit highlighted other areas to improve network security including:

* Ensuring content filtering software blocks access to Internet sites that are inappropriate for work use or may be high risk for malicious content, such as those with adult content, gambling, chartrooms, dating sites, criminal or terrorist information, music downloads and SPAM.
* A documented patching process for the network operating system and third party applications, and monitoring that the processes was correctly implemented.
* The use of email filtering software that blocked delivery of suspicious emails and prevented transmission of unmarked or inappropriately marked emails.

You mean, our government has decided to patch their back-door?

You see guys, this freedom portal enabled them to watch porn, tweet, social network, social engineer, blog, spam at work, even hack....but now Libs are coming in, they want them on a leash.

Are imposing censorship basically.


Ps, did you know Rudd was tweeting Libyan rebels encouraging them to overthrow their government right up until the UN stepped in?

So, Ok for Labor to have freedoms and liberties at work, but not now they anticipate Libs being in power within 12 month?








If it were simply a matter of ignorance, or careless oversight, then surely, they would remedy this as soon as possible?

Most teenagers I know can hack a free insecure email account... what made Gillard think that those with a vested interest in our nations affairs couldn't, or wouldn't?

Or perhaps, she is happy to share with those she emails via her insecure free email account.

Funny how only now has this been recommended.

Anyone smell a rat, a labor of moles even?


http://www.itnews.com.au/News/252168,au ... tmail.aspx

_____________________

Notes:

- Odd they should now decide to secure their emails now, that Libs are entering the arena. I guess now, they want to keep tabs on all libs, make sure they can infiltrate their servers and gain access to their email accounts this and wont be able to social network as efficiently as the server will be in lock-down.

See, the thing with hacking emails is you need to know the email address, so if the government enforce gov-issue secure emails to all government employees so they may communicate with one another at work, then they can keep tabs on them cant they.

Labor had it good, they could operate in virtual secrecy for nearly 4 years, funneling information to global agencies and organisation unscrupulously, were granted their 'virtual' privacy, even if this 'allegedly' compromised national security... and now only at the close of their leadership do they impose legislation to make government employees emails more secure?

Get real!



ps-

-Who ordered the audit?

[mellie]

China spies suspected of hacking Julia Gillard's emails

* Hackers compromise parliamentary computers
* At least ten ministers have been targeted
* Chinese spies are top of the suspects list

THE parliamentary computers of at least 10 federal ministers including the Prime Minister, Foreign Minister and Defence Minister are suspected of being hacked into in a major breach of national security.

It is believed that several thousand emails may have been accessed. Senior sources in the Government have confirmed to The Daily Telegraph that the espionage occurred over more than a month, beginning in February.

Four separate government sources confirmed that they had been told Chinese intelligence agencies were among a list of foreign hackers that are under suspicion.

An investigation is now believed to be under way by ASIO after Australian intelligence agencies were tipped off to the cyber-spy raid by US intelligence officials within the Central Intelligence Agency and the Federal Bureau of Investigation.

The cyber attack is believed to have occurred on the Australian Parliament House (APH) email network used primarily for MPs' correspondence and not on the more secure departmental network which ministers use for sensitive communications.

An intelligence brief to the Australian Government is believed to have revealed hackers had been accessing the APH computers of a number of cabinet ministers.

However, the sources claimed it was a network not primarily used by ministers for official communications.

Among the ministers' parliamentary computers believed to have been compromised in Canberra were Foreign Minister Kevin Rudd and Defence Minister Stephen Smith.

It is believed Prime Minister Julia Gillard's parliamentary computer was another compromised.

The Attorney-General Robert McClelland would neither confirm nor deny the cyber-spy incident.

In a statement issued to The Daily Telegraph, Mr McClelland said: "It's the long standing practice of successive Australian Governments not to comment on the operations of security and intelligence agencies.

"Australia's security and intelligence agencies, as a matter of course, work closely and co-operatively with their international counterparts on cyber security.

"The Australian Government takes the issue of cyber security very seriously and is constantly strengthening cyber security measures.

"Australia has in place a range of measures including the Cyber Security Operations Centre within the Defence Signals Directorate and a dedicated cyber investigations unit within the Australian Security Intelligence Organisation [ASIO]."

However, several government sources confirmed to The Daily Telegraph they had been made aware of the breach to the parliamentary network. "That is the information that has been relayed to me," one senior government source said.

Another government source, who confirmed they were provided with the same information, said it was "deeply concerning". "These claims need to be examined seriously," they said.

One MP said they regularly received informal warnings from security agencies that "foreign" interests may be trying to access computers and telephones.

"[But] most ministers work off their departments' systems which are far more secure than APH," they said.

A recent cyber attack occurred in France when 10,000 government computers were hacked into and documents relating to the G20 were accessed by sources believed to have originated in China.

The Defence Signals Directorate has publicly warned that Australia was under threat from cyber attack.

Read more: http://www.news.com.au/techn ... z1Hx6pS1Z4

Now, the above announcement was made today, just a day or so after an audit of electronic security at four Federal departments and agencies found one department - Prime Minister and Cabinet - allowed staff to access the free unsecured email services for business reasons.

Log files obtained by the auditor showed some department staff were using the free accounts regularly.

Then in response to their warning, Gillard told the auditor that she would cease allowing staff access to free email services from July 1, the day the greens form the balance of power in the senate, some 3 month away, of which meant Gillard was happy to allow herself and her staff continue breeching security until then.

......... hmmm, straaange, clearly our nations security isn't a priority?

Now this...

Audit finds holes in Canberra's finance systems

Lack of DR, weak passwords and no audit trails in some systems.

The Australian National Audit Office has discovered that several of Canberra’s most critical Government agencies – including Customs, the Department of Finance and the DBCDE – have been operating financial and HR systems without adequate controls in place around user identity and security.

The ANAO report also found that Australia’s Electoral Commission failed to have adequate disaster recovery or IT security controls in place.

The discoveries were made as part of a routine annual audit of the Financial Statements of Federal Government Agencies [PDF], which included an analysis of the internal controls of major agencies.

The audit identified “weaknesses” in Customs and Border Protection’s IT security policy – including “insufficient complexity of passwords”, “lack of monitoring of privileged users” and instances where there was inappropriate approval of new users.

The audit also found weaknesses in the management of user access to Customs’ Integrated Cargo System.

The Australian Electoral Commission, meanwhile, was found wanting in terms of IT security and business continuity.

The 2009/10 audit identified that the AEC had no disaster recovery plans for all of its IT systems and had never simulated any disasters to test its business continuity.

“This increases the risk that in the event of an interruption to business operations, an accident, or a disaster, the AEC will be unable to restore critical business systems within acceptable timeframes,” the report noted.

Further, the ANAO identified that the electoral office did not comply with the Government’s Information Security Manual (ISM), but did not go into any detail.

Systems access was also an issue for the Department of Finance, the Department of Broadband, Communication and the Digital Economy (DBCDE), AUSTRAC (Australian Transaction Reports and Analysis Centre) and CASA (Civil Aviation Safety Authority).

AUSTRAC – which was also found to have breached Commonwealth Procurement Guidelines – was found to have no delegation limits to its finance system for part of the year – a situation quickly remedied post the audit.

The Department of Finance, meanwhile, was cautioned after the username and password of a “super user”- with access to high-level systems - was found freely available in plain text format on a network drive that a significant number of Finance staff had access to.

The DBCDE was not found to have any access control issues, but its finance systems lacked an adequate audit trail to determine which staff had accessed or made changes in the system.

“During the 2009–10 final audit, the ANAO confirmed that DBCDE had addressed this matter by the removal of these access privileges and by implementing a system to proactively monitor system access,” the report said.

CASA was also found to lack a sufficient audit trail with regards to its finance and HR systems. And like Customs, a number of CASA users were found to be using default passwords that were not complex enough.

“These accounts were not uniquely identifiable to an individual,” the audit noted. “This situation also provided higher levels of privileged access than required.”

CASA’s IT security posture was also criticised after the auditor discovered that developers had access to the IT production environment of its finance and HR systems, which the ANAO labelled “a lack of segregation of duties”.

“The lack of segregation of duties increased the risk of unauthorised, erroneous and/or untested program changes being implemented into production, as well as increasing the risk of inappropriate changes to the production environment that may not be detected in a timely manner,” the audit report said. “This situation increases the risk of CASA’s system integrity and data availability being compromised.”

CASA argued that changing the way its development and production systems operated was not cost effective – but agreed to implement systems to log access.

ANAO judged most of the breaches to be "moderate" in nature and noted that many of the agencies had already worked to improve IT security as a result.

http://www.securecomputing.net.au/News/ ... stems.aspx

[mellie]

In other words, Gillard knows she wont be able to justify her squandering, now it's likely a federal election will be held within 6 months, so when Libs start fleecing through things, and start questioning where funds have gone Gillard will have an excuse.....

"Weeeelll Austraaaya, Jooolian Assangeee did it , he is the reeeeal criminal here not moieee,.":--Gillards excuse all, or something along these lines.





Perhaps she's willingly condoned/enabled the security breach, to assist her commie socialist alliances over seas, this and needed a digital trail of hacking evidence to argue that she was in deed hacked, thus wasn't her fault?

I reckon she's let them do it, overlooked an 'open port' to enable the passage of information ... could this be the beginning of WWIII if China really did become hostile?

No, they would have hatched this up between themselves to cover her commie ass.

Now she knows she's got nothing to lose anyway and is on notice.


It sounds like she's cooking up a sensationalist furphy to me.... announcing this in readiness for something thats about to leak.



Get ready, It's going to be a doozey....

[Pastafarian]

Perhaps she's willingly condoned/enabled the security breach, to assist her commie socialist alliance over seas, this and needed a digital trail of hacking evidence to argue that she was hacked, and wasn't her fault?

I reckon she's let China hack her, ... could this be the beginning of WWIII?

If you seriously believe that, you should be locked up in a psychiatric facility.

[IQS.RLOW]

Imagine if the culprits behind the hacking are wikileaks??

Can't wait for jooliar to be exposed

[mellie]

Perhaps she's willingly condoned/enabled the security breach, to assist her commie socialist alliance over seas, this and needed a digital trail of hacking evidence to argue that she was hacked, and wasn't her fault?

I reckon she's let China hack her, ... could this be the beginning of WWIII?

If you seriously believe that, you should be locked up in a psychiatric facility.

It's not the first time a member of her cabinet has been caught secreting classified information to other nations.

So, cut the crap, I mean, an audit alerts her to having compromised national security by allowing herself and her staff to use insecure shabby freeby crap email accounts, and 3rd party sites, to which she then advises "Yeah, when I get round to it...let me check my diary, oh yes, I can spare 2 minutes to advise my colleagues not to use insecure emails and or compromise our nations future on the 1st of July.

Next day, headlines confirm she's been hacked!

What a crock of shit.

[Pastafarian]

It's not the first time a member of her cabinet has been caught secreting classified information to other nations.

So, cut the crap, I mean, an audit alerts her to having compromised national security by allowing herself and her staff to use insecure shabby freeby crap email accounts, and 3rd party sites, to which she then advises "Yeah, when I get round to it...let me check my diary, oh yes, I can spare 2 minutes to advise my colleagues not to use insecure emails and or compromise our nations future on the 1st of July.

Next day, headlines confirm she's been hacked!

What a crock of shit.

Firstly, which member to which country.


Secondly, how does any of it prove that she is deliberately sending information to China, rather than the more obvious interpretation which is that the material which has been alleged to have been hacked, is not deemed that important so thus isn't high on her list of priorities?

[mellie]

Imagine if the culprits behind the hacking are wikileaks??

Can't wait for jooliar to be exposed

I hope so... it's either that or she has been up to no good and needs to justify why and how this information ended up in the hands of other.

Do you find it strange that after the audit recommended she stopped using insecure email services, she advised she would wait 3 more months before banning insecure emails services and third party software.

Lol, who's her IT genius...oh, lemmy guess, Stephen phony Conroy?.....

[mellie]

And IQS, just so you know, Wiki don't generally hack government departments to get classified documents, cables etc..., they just serve as a reciprocal for others who wish to leak...

Perhaps one of her own is about to gush, again? This or already has? This could be damage control.

Climate-gate was an inside job, their head scientist leaked them to wikileaks, then did something similar, had a mate get into his account to allude to their being stolen...when in fact, it's likely he gave them his password and told them exactly where to look. Not hard Meaning it's not technically hacking.

Remember, hackers aren't psychic, they need to know where to look, have to have an email addy first...this and an idea of what they are looking for, file wise.

She's full of shit.

[Pastafarian]

I suspect Mellie is a classic case of the Dunning-Kruger effect.