Anonymous Dumps Australian Telco Data Online [Updated]

After the threats, admissions and delays, hacktivists protesting the data retention scheme proposed by the Federal Government's National Security Inquiry have begun dumping data gleaned from an Australian telco -- presumably AAPT.

So far, the dump looks to be as large as we were promised: 40GB of customer data. Sources leaking the data say that there are over 600 tables of customer information set to be published, and after looking at the first few, it looks to be all business account information.

Update: Looks like this leak isn't going to be the full 40GB we were promised. Sources are reporting that this is only a partial leak. So far we've seen the records of government and business customers leaked.

The drama began when hackers claiming to represent Anonymous began acting out on the Twitter hashtag intended for questions for Prime Minister Julia Gillard to answer during her first Google Plus Hangout.

The hackers wanted the Prime Minister to address their concerns regarding a plan proposed by Attorney-General Nicola Roxon floated two years ago that would force ISPs to retain customer browsing data for a period of two years. The data would presumably be used in law enforcement and cyber-security cases should they ever arise.

Roxon was only in initial talks with ISPs over the scheme when the story broke in 2010, but the plan reared its head once again last month when the Parliamentary Joint Committee on Intelligence and Security announced it would be investigating proposed changes to several key pieces of intelligence gathering legislation. Part of these proposed changes included the now-notorious data retention scheme.

Concerned members of the public were asked to contribute to the inquiry, but Anonymous instead decided to protest the proposed changes, rather than sit down for a chat.

Hackers representing Anonymous under the guise of Operation Australia hacked 10 Queensland government websites as a warm-up, saying that it was in protest of the state government tracking its citizens. Following the initial attack and defacement of the state's online government property, we brought you the news that the hackers had put the local telco scene on notice.

A representative of the group said that it would soon hack and expose the customer records of a national telecommunications provider or ISP to demonstrate that data held by a telco as it would be under the data retention scheme can be breached and exposed online.

A day passed with no word, before the group hinted that the organisation it had breached was in fact AAPT.

Hours later, AAPT's CEO David Yuile came forward with a statement, saying that one of its servers housed at Melbourne IT had been breached, and the loss of historic customer records had occurred. An investigation kicked off into the breach, but at no time did the telco say that the breach was the work of Anonymous.

Skip ahead to now, and Anonymous is in the process of dumping government and business customer data onto Pastebin for the world to see. This episode is far from over, however. We're likely to see more data trickle out over the coming days.



    this is all i could find.. so far

      They are not opening without the password !! what's the password for these files ??

    This is all i could find so far ;)!/search/%23aapt%20%23opaustralia

    Cant access the paste bin data from phone. Files are large - has someone downloaded one and checked what's in it?

    This comment has been deemed inappropriate and has been deleted.

      Who are the Jerks here? The hackers or the companies with inadequate security allowing script kiddies the ability to take our information and post it on the net? Or maybe its the government for not having laws in place forcing business's to adequately secure our very private information? What constitutes a 'hack'? Its someone looking into a computer system they aren't authorised for. So essentially I can have data on customers with a Admin/Admin username and pass, yet if someone took that information I have no liability? Jerks, you are correct but i think your pointing the finger in the wrong direction.

        Things are always complicated, and businesses and governments obviously have a responsibility to have secure networks, but exploiters of vulnerabilities are hurting innocents for dubious political gain. Consider someone breaking into a house or a sexual assault - how appropriate is it to question the level of security of the home, or the attire and activities of the assault victim?

      For the record, my deleted comment was:


      I think it's fair to reinstate it here, as I've substantiantiated with a further comment.

      You know the pass for these files ??

    Such wankers, couldn't they have just hacked the server to show it could be done and then left? Putting customers' stuff everywhere is unnecessary.

      So basically those who couldn't opt-out are being punished twice. Once by the government, and once by Anonymous. Is this going to be any more effective than suicide-bombers blowing up both the enemy and their own?

    Stupid idiots! Instead of harming the general public who majorly will provide their support, why don't you just aim at exposing Roxon's full internet browsing data for all to see!? Only ONE target you need to concenrate on, is is that too difficult??

    Argh. I hate it when people think they're being nice by only screwing over government and businesses. My business is small. If it takes a hit from something like this it lands in really hot water and life becomes pretty difficult. Meanwhile the businesses that people don't mind being part of the collateral damage don't even flinch.

    Didn't they censor this shit before releasing it? Find out the full story before you whine guys.

    So was it really " loss of historic customer records" - meaning records of customers who are important in history? If so, who are these customers important in history?

    Or was it just "loss of historical customer records" - meaning customer records from the past?

    There's a guide to avoiding mass leaks for companies over at the 360 blog, guess AAPT didnt read it!

    Good on em. Let the government and big business know that thy are not safe. I would like to see anonymous do more hacking a leaking of government and big business documents. Also if they could give me a better credit rating that Wouk be great!!! Haha

    If people think that this is the 1st time ... you are dreaming... companies tent to ignore things like that until it goes public... aaaand that what happened aaaannnnnf thats why YOU know about it ... and THATS WHY YOUR ARE NOT HAPPY!

    and comparing it to suicide bombings is a bit of a overkill dont you think

    The thing is - sure they could have hacked the server and then proclaimed they did it, but without "proof" such as releasing the details, the government and the ISPs could have said they were lying. By releasing the data, they at least prove how bad the governments data retention plan is

    Imagine if a government wanted to pass a law that created a database on every single citizen, recording everything they read, everything they watch, & everything they say - oh wait... with the NBN that's all going to be through your ISP now...

Join the discussion!