Bolton loses his Bottle over hacked client details

We’re sorry, this feature is currently unavailable. We’re working to restore it. Please try again later.

Advertisement

This was published 14 years ago

Bolton loses his Bottle over hacked client details

By Mark Hawthorne

Just a day after it was revealed that rebel BrisConnections unit holder Nicholas Bolton did a $4.5 million deal to vote against his own resolutions to have the toll road builder wound up, his company Bottle Domains has been banned from its primary business of registering internet domain names.

The Australian Domain Name Administrator (auDA) yesterday terminated the accreditation of Australian Style, trading as Bottle Domains, "due to a serious breach of its obligations under the registrar agreement''.

In January this year the personal account details, including credit card numbers, of up to 60,000 Bottle Domain customers were posted for sale at an online forum by a computer hacker.

The Australian Federal Police are investigating and a 22-year-old Perth man has been arrested over the theft and charged with dishonestly dealing in personal financial information.

Bottle Domain's records were hacked into, and the account information stolen.

Such was the size of the security breach that the Australian High Tech Crime Centre, which is part of the AFP, took the unusual step of sending the country's major banks a list of customer account numbers that had been "compromised'' by the theft.

The auDa has since discovered the incident may have occurred in 2007, and Mr Bolton's Bottle Domains failed to notify it of that security breach.

"Information recently provided to auDA by Bottle Domains about the April 2007 incident revealed that it did not reset customer passwords or alert its customers to the possibility that their account information had been accessed by third parties,'' auDA said.

"Bottle Domains also failed to conduct an independent security audit to verify that the security vulnerability had been fixed, and that there was no other unauthorised access to its systems.''

auDA chief executive Chris Disspain said it was a very serious breach of its duty.

Advertisement

"auDA takes security issues very seriously,'' Mr Disspain said.

"In our view, Bottle Domains' failure to deal properly with the security incident in April 2007 demonstrated an alarming disregard of the potential risks to its own customers, and to the overall stability and integrity of the Australian DNS. Given the seriousness of the matter, it is appropriate that auDA terminate Bottle Domains' registrar accreditation.''

Mr Bolton told The Age that he planned to contest the decision made by auDA.

"Bottle Domains does not consider this to be a breach of agreement with auDA, and will defend the matter vigorously,'' he said.

In 2007 another Australian Style company, Domain Central, won the Deloitte Tech Fast 50 award. It was ranked the second-fastest growing internet company in the nation, and sixth overall in the Asia-Pacific region.

According to auDA, Bottle Domains will no longer be able to register domain names, which has created problems for several of the company's resellers.

One of those companies, COVE Business Technology, sent an email to clients informing them that their domain name will be transferred to another registrar

"Earlier today, auDA terminated the registrant agreement for Bottle Domains, our primary .au wholesale provider,'' COVE managing director Chris Band wrote.

"As Bottle Domains largest reseller, COVE is committed to providing quality domain names and we will be working around the clock to either help Bottle Domains resolve the issue with auDA or find another auDA accredited registrar that our domain system can be redesigned to use.''

Bottle Domains is one of four domain companies operated by Mr Bolton. The others are Domain Central, Explorer and another company called Bottle. The customers of those companies are not affected by today's decision.

Bottle Domains is the register of 20,000 domain names and has 11,000 customers.

According to Mr Bolton, the breach that occured in 2007 was with a competing accredited registrar called AustDomains and that all data accessed was "not considered confidential'' and was destroyed.

"Bottle Domains immediately patched the flaw, and did not consider further action necessary,'' Mr Bolton said.

He also stated that the AFP provided customer account information to the major banks at the request of Bottle Domains.

"It was out initiative,'' Mr Bolton said. "Bottle Domains is currently working to ensure no disruption to service for its customers, it is presently moving any concerned customers over to one of its other .au accredited registrars.''

According to Mr Disspain, the timing of today's announcement is in no way related to news that Mr Bolton made a $4.5 million deal to vote against his own resolutions at a meeting of BrisConnections unit holders yesterday.

Mr Bolton is accused of "greenmail'', in that he bought a major stake in the embattled toll road company to extract a payment from one of the major corporations building Brisbane's $4.8 billion Airport Link toll road.

"It's pure coincidence,'' Mr Disspain said. "We received our last piece of information from Mr Bolton, and answers to a series of questions we put to him, only two weeks ago. We have been investigating since and then made our decision. It's pure coincidence the announcement is out today.''

Loading

Most Viewed in Business

Loading