Western Australian Government websites defaced by hackers

Auditor General says web vulnerablilities rife in government departments

The defacement left on the hacked websites.

The defacement left on the hacked websites.

The Western Australian Government came under attack from hackers who defaced nine of its websites in two days, including the Government House and the City of Perth earlier this month.

The defacements were commonly SQL injection attacks, a kind of attack that is considered by many to be a low-level threat.

But the attacks follow the discovery of prolific web and application vulnerablilities in a scathing report into lax security standards of Western Australian hospitals and government departments by the state Auditor General.

The vulnerablilities can be exploited to deface websites and access core networks. Critical vulnerablilities were found in seven prominent departments investigated in the report.

Departments were also found to lack adequate intrusion detection methods, and two had stored unencrypted credit card data on an internal public drive and stored in an application. Almost half of the departments did not have adequate access controls, and many lacked sufficient network security, and physical and logical controls.

The Federal Government was the subject of Distributed Denial of Service (DDOS) attacks and web defacements earlier this year by online activist group Anonymous. The group launched a coordinated assault on the Australian Parliament House and the Department of Broadband, Communications and the Digital Economy web sites in protest to the Federal Government’s internet content filtering scheme.

It followed a DDOS attack on the Prime Minister’s web site late last year.

Members in the Labor caucus were quick to write-off the attacks as low-hanging fruit. Security experts say there are few effectual counter-measures against a DDOS attack.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Western Australiasql injectionWA Auditor Generalwebsite vulnerability

More about Federal GovernmentOffice of the Auditor General

Show Comments