PM's office passwords pose security risk

More than 10 per cent of passwords used in Prime Minister Julia Gillard's department can be easily broken in an hour by hackers using "brute force", a report from the Australian National Audit Office says.

Auditor-General Ian McPhee discovered passwords could be cracked by running a basic generator that found phrases like "Holiday1" were used in place of more complex passwords using a mixture of numbers, symbols and letters.

McPhee looked at four seemingly very different areas of government: Medicare, the office of financial management, prime minister and cabinet and ComSuper.

"These agencies were selected as they represent a general cross-section of agencies and their associated ICT (Information and Communication Technology) systems," he said.

While the problems were not specifically linked with the individual groups, a graph included in the report shows all four groups had more than 10 per cent of "total passwords compromised" by "brute force" attacks.

Similar problems were found across the organisations.

Not only did passwords need to be more complex, but access to web-based email accounts such as Hotmail and GMail needed to be blocked.

Basic software updating was not being done regularly enough, and this left security holes, the audit found.

The failure showed a lack of a "security culture".

The problem of relatively simple passwords is made even worse because some of them provide access to so-called "privileged access accounts".

These accounts allow the user to change the passwords of others, move data, change data and perform other actions with national security implications.

McPhee called for a close look at the risk.

The department of prime minister and cabinet agreed.

"Review of privileged access accounts is regularly undertaken," the department said.

The release of the audit coincided with News Ltd reports that the unclassified network used by cabinet has been hacked, possibly byChinese cyber soldiers.

The Australian Security Intelligence Organisation is said to have begun an investigation.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark