iTWire has received confirmation from a number of sources that the hacked Queensland Government servers AND the AAPT business customer database were both hosted by MelbourneIT.
Furthermore, it would seem that Adobe's Cold Fusion application server was the underlying platform in all cases. Interestingly, when iTWire discussed this with well-known local security expert, Michael McKinnon of AVG, McKinnon observed that the issues with Cold Fusion were well known in the hosting community and relatively easily addressed. In fact, McKinnon admitted that he had only just finished re-checking that Cold Fusion servers under his own control were properly hardened prior to our conversation.
He outlined how the Cold Fusion exploit worked to this writer. It's very simple, but we won't be shouting it from the rooftops!
The Anonymous organisation has claimed that these hacks are in support of its opposition to the Federal Government's proposed data retention rules.
In that report, Varghese wrote, "Domain name arbiter, the Internet Corporation for Assigned Names and Numbers, has placed the blame for the domain hijacking of panix.com squarely on the shoulders of Melbourne IT.
"The domain name of Panix, one of the oldest ISPs in New York, was registered with Dotster, a registrar based in Washington. The hijack took place on January 15. By January 17, the domain had been restored."