Police are expected to lay charges soon against two people for allegedly hacking into the ANU’s computer system. The university has undertaken major computer-security reviews, and while it cannot ever guarantee there can be no successful hacking, it is sure it has the problem under control. The Pro-Vice-Chancelor, Philip Selth, said yesterday that the message to hackers was: “”If you are caught, we will call in the police.” Hackers gave information anonymously to The Canberra Times last week which suggested a detailed knowledge of the ANU computer system. They said they could get into private e-mail, change library fines, book records in the libraries, gain access to the computer that controlled swipe-card access to buildings, and gain access to exam papers.
The hackers said, “”The recent publicity concerning the “hacker’ problem at the University of Canberra is amusing in the context of general computer security on all of Australia’s university campuses.” They could have done hundreds of thousands of dollars damage, but did not. They were certain they went unnoticed until they had deliberately left footprints. There concern was that other groups with superior skills could get in and do damage. Mr Selth said hacking presented a difficulty for an open learning institution like the ANU. The university had to balance the requirements of academic research and open information with the need for financial and other security.
The university was building bigger electronic walls in its computer systems between academic information and financial and sensitive information. “”The hackers are only creating more inconvenience for their colleagues,” Mr Selth said. The higher the security the more inconvenient it became for legitimate users who had to go through more security requirements. It might also mean that the university would take a more restrictive view of extending Internet access to, say, graduates. He thought that the hackers who had revealed their handiwork last week were involved in incidents last year. Since then, the university had restructured it IT area, appointing a full-time security officer and reviewing security, especially passwords. The ANU had about 4000 terminals. The university had world-class computer researchers and workers who were now turning their attention to security and catching hackers. “”We think we’re on top of it, but you never know for sure,” he said. “”Computer hacking was like that.” There had been no reports of any damage since last year.
The criminal law in the ACT and other states has a gradation of computer offences. Typically they range from mere unauthorised access (maximum penalties of $1000 and six months); authorised access or unauthorised access plus fraud or dishonestly gaining financial advantage ($10,000 and two years); breaches of confidentiality and privacy ($10,000 and two years) to deliberate erasure of data or adding viruses ($10,000 and 10 years). These are maximum penalties for the most serious of their kind _ but the range is equivalent to drink-driving at the low end to burglary at the high end. Hackers also leave themselves open to civil actions for damages.