From The Sydney Morning Herald
By Nino Bucci
Islamic State has hacked the personal information of Australian Defence Force employees and their relatives, a Victorian MP, and several public servants, and urged home-grown terrorists to attack them, in a chilling online breach.
Many of the Australians whose mobile phone numbers, email addresses, online passwords, and home suburbs were published had no idea their safety had been compromised until contacted by Fairfax Media on Wednesday.
Islamic State bragged for hours on social media about the dump of information relating to more than 1400 people, most of them supposedly US military personnel, and accompanied it with a terrifying call-to-arms.
But Australian authorities were caught on their heels, with Defence personnel and the Victorian MP among those who were unaware of the hack.
This is despite Australia's most senior Islamic State militant, former Melbourne man and terror recruiter Neil Prakash, posting links to the information on social media about 4.30am on Wednesday.
A message from the Islamic State Hacking Division, which accompanied the spreadsheet of personal details, warned: "know that we are in your emails and computer systems, watching and recording your every move.
"We have your names and addresses, we are in your ... social media accounts.
"We are extracting confidential data and passing on your personal information to the soldiers of the khilafah [caliphate], who soon with the permission of Allah will strike at your necks in your own lands!"
Fairfax Media found the details of at least eight Australians in the list, including a mother who is employed by the ADF, a Victorian MP, employees or former employees of NSW Health, and an Australian National Audit Office employee.
The brother of a Defence force employee and a former Army reservist were also compromised.
Fairfax Media will not publish the names of those on the list.
Half of those whose information had been leaked – including the MP, a Defence employee, the former reservist, and the relative of a Defence employee – confirmed they had first learnt about the breach when contacted by Fairfax Media.
The numbers published on the spreadsheet were used to contact them.
The Victorian MP said he had contacted the security detail tasked with protecting parliamentarians and was concerned about his family's welfare.
"I'm completely at a loss," he said.
"What do I do? The police probably know less than you and I."
One of the Defence employees was home with her children when she was alerted to the breach. She was shocked she had not been contacted by her employer.
The brother of a Defence employee was equally staggered that he had not been contacted by authorities.
"I've just been thinking about whether I should be calling someone," he said.
"I would think they would have their finger on the pulse a bit more.
"It's not as if they don't have my number."
Prakash, a former attendee of the Al-Furqan Islamic Centre in Springvale South, urged his Twitter followers to share the hacked information, also tweeting "cyber war got em shook!".
Other prominent militants, including British man Junaid Hussain, who is third on a CIA kill list of Islamic State operatives, also used social media to promote the leak and encourage attacks.
The Australians compromised by the hack appear to have few connections to each other, but at least half were employed by Defence, had been a reservist, or had a family member in the armed forces.
None are believed to have served in the Middle East, or to have been particularly outspoken against Islamic State.
Curiously, at least three had graduated from Queensland universities.
Most of the passwords listed related to the personal email accounts or devices of those who were hacked, rather than work accounts.
Some of the information was outdated, but it is possible to locate somebody's position using only their mobile phone number.
The Australian Federal Police and Department of Defence both declined to answer detailed questions about the hack, including why those compromised had not been contacted, whose responsibility it had been to inform them, and whether authorities had even been aware Australians had been implicated in the breach before they were contacted by Fairfax Media.
"The AFP is aware of today's claims by a group calling itself the Islamic State Hacking Division," an AFP spokesman said.
"As with all matters that could potentially impact safety and security, the AFP will liaise with its federal government and state and territory partner agencies in regard to appropriate activities in response to this.
"The safety of members of the Australia community is the main priority of the AFP and its partner agencies.
"It is not appropriate for the AFP to comment further at this stage."
Similarly to the AFP, a Defence spokesman said that "as a matter of principle and long-standing practice, the government does not discuss specific cyber incidents, activities or capabilities.
"Discussing details of any cyber incident could jeopardise ongoing investigations, monitoring of cyber incidents and the ability to protect information and networks."
An ASIO spokesperson said it did not comment on "operational matters".