Australian Insurer Hacked…Lets have a closer look….

July 20th, 2007 Drazen Drazic Posted in Bad Developers, Bad Stuff, Dumb Security, Vulnerability Management, Web Application Security, cyber crime |

Okay, the SMH reports; Turkish hackers bring down insurer’s site. This is a funny story, in a weird/bad sort of way but hopefully another company that learns their lessons before being hit really bad:

- “Hackers” or kids having some fun?
- “Spokesman Robert Whelan said despite customer fears that their account information may have been compromised, no customer details were accessed.” - probably not in this case given the type of attack and who did it but seriously guys, do you really know if that is the case?
- “Customer information for AAMI is all kept on a very separate infrastructure on our website,” - Hmmmm…..if this was so easy, gees…..
- “Earlier today, AAMI, which offers general insurance, was scrambling to find out how a group calling itself the “Ay Yildiz Team” hijacked its website, replacing it with an anti-Israel message”- Ain’t rocket science generally in cases like this!
- “When contacted at around 10.15am this morning, an AAMI spokesman said he did not know what had happened. “We only found out 15 minutes ago and I’m now trying to find out what is going on in the way of whether this was just a hack into the front part of the site or it went deeper,” he said. Philip Olsen, an AAMI customer who discovered the hack around 9.30am, said he was concerned that his account information may have been compromised. “I called them and they had no idea it was a problem, so their claims that my account information, including credit card info, was safe seemed hollow at best,” said Olsen. “If they [the hackers] can get on their main web page and deface it like that, what else can they get access to,” he said.” - Philip Olsen: AAMI Security Monitoring Manager?! Hire that dude!

What am I doing even writing this? Must be a Friday thing. Off to Zone-H with you all!