The Western Australian Government came under attack from hackers who defaced nine of its websites in two days, including the Government House and the City of Perth earlier this month.
The defacements were commonly SQL injection attacks, a kind of attack that is considered by many to be a low-level threat.
But the attacks follow the discovery of prolific web and application vulnerablilities in a scathing report into lax security standards of Western Australian hospitals and government departments by the state Auditor General.
The vulnerablilities can be exploited to deface websites and access core networks. Critical vulnerablilities were found in seven prominent departments investigated in the report.
Departments were also found to lack adequate intrusion detection methods, and two had stored unencrypted credit card data on an internal public drive and stored in an application. Almost half of the departments did not have adequate access controls, and many lacked sufficient network security, and physical and logical controls.
The Federal Government was the subject of Distributed Denial of Service (DDOS) attacks and web defacements earlier this year by online activist group Anonymous. The group launched a coordinated assault on the Australian Parliament House and the Department of Broadband, Communications and the Digital Economy web sites in protest to the Federal Government’s internet content filtering scheme.
It followed a DDOS attack on the Prime Minister’s web site late last year.
Members in the Labor caucus were quick to write-off the attacks as low-hanging fruit. Security experts say there are few effectual counter-measures against a DDOS attack.