Sydney council victim of AntiSec campaign
A Sydney council appears to be one of the latest victims of the AntiSec campaign, with what seems to be the council's main website and prototype sister site databases being leaked by Anonymous.
In a tweet today, @AnonymousIRC said, "A wild leak appears: for a change, we sail to Australia this time", providing a link to four SQL database dumps belonging to Mosman Municipal Council and the promise of more to come. LulzSec has previously made similar attacks, but over the weekend decided to disband after its 50th day of hacking.
Mosman Municipal Council's manager of IT services, Kevin Nonweiler, confirmed to ZDNet Australia that the council had experienced a breach, but emphasised that no rate-payer information had been compromised and that all the information in the dumps was publicly available information.
Text in the dumps match information that is publicly available on the council's website, confirming the claim. However, one of the files in the dump also contains information for a prototype website that is not yet completed and not indexed by search engines. Nonweiler said that the site had no direct links, so without knowing the address of the site, it was not possible to navigate to. Despite this, a quick Google search reveals the site is mentioned in draft plans on the council's website and, while not linked, could be easily accessed by anyone who had read the public document.
The prototype site currently has placeholder images and text used extensively throughout. Its content also matches information found in the dump, part of which carries a commencement date of July 2011.
The dumps also contain several usernames and hashed passwords to access the back-end administration for the site. Nonweiler stated that these passwords have been changed and that as the dumps now only contain publicly accessible information or invalid passwords, they were not a security risk.
The council is currently consulting with its hosting provider to determine how the breach occurred. Nonweiler declined to say who that was, but a Whois look-up showed that its hosting is provided by Anchor. When queried, Anchor said that the breach wasn't related to any of the services it provides.