RSA attackers pwnz0r Australians

Written by

Patrick Gray
Patrick Gray

CEO and Publisher

Infosec reporter Brian Krebs published a splendid post a couple of days ago that apparently unmasks 760 victims of the same group that owned RSA.

I've had a look through the list and pulled out all the Australian organisations I could find. From the looks of things this list was compiled by observing computers connecting back to evil C&C in China. That would explain why there are so many ISPs listed -- it's likely it wasn't the ISPs that got pwnz0riz3d, it was their customers.

This full list is apparently doing the rounds among congressional staff in the USA.

So, Australia-centric highlights of the reverse-lookups include:

* CITEC-AU-AP QLD Government Business (IT)

Basically all QLD Government IT is outsourced to CITEC. It's the QLD state govt's IT agency.

* DSE-VIC-GOV-AS Department of Sustainability & Environment,

Also affectionately known in political circles as the Department of Scorched Earth, it looks like DSE got popped. Not much mining in Victoria, so your guess is as good as mine as to why.

* CSC-IGN-AUNZ-AP Computer Sciences Corporation

I'm guessing this was CSC itself or one of its customers. Does CSC operate a few gateways? It does here, from memory... a few in Canberra, too. *cough*

Then there are the ISPs.

* AMNET-AU-AP Amnet IT Services Pty Ltd
* TPG-INTERNET-AP TPG Internet Pty Ltd
* MICRON21-AS-AU-AP Micron21 Melbourne Australia Datacentre. Co-Location Dedicated Servers Web Hosting
* PI-AU Pacific Internet (Australia) Pty Ltd
* TELSTRA Telstra Pty Ltd
* VZB-AU-AS Verizon Australia PTY Limited
* MPX-AS Microplex PTY LTD
* IINET iiNet Limited
* MCT-SYDNEY Macquarie Telecom
* AAPT AAPT Limited

Then there's this:

* TEAM-CYMRU – Team Cymru Inc.

Some of you will know why that's equal parts funny and bad.