FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
Labour scoffs at KiwiRail's cyber security fail
Wed, 17th Feb 2016
FYI, this story is more than a year old

The Labour Party is calling out the cyber security on a KiwiRail website, labelling it as amateur and embarrassing.

The test website was left open to the public and users were able to book train and ferry tickets for free.

Cleverly, Labour's open government spokesperson Clare Curran says, KiwiRail left a hole in its security so big you could drive a train through it.

“KiwiRail left its test website open for anyone on the internet,” Curran says.

“On the site it was possible to make bookings that appear legitimate on ferries and trains with a fake credit card number. It is remarkably easy for anyone with good technical knowledge to use the site to make free bookings,” she says.

Curran says she alerted KiwiRail of the security issue after she was contacted by a “whistleblower”, but it took 16 days to get the issue sorted out.

“It is still unclear if the issues have been resolved,” she adds.

Curran says that while the National government is pledging cyber security as extremely important, that message clearly isn't getting through to agencies.

“The Government has to get into the 21st century and secure its websites,” she says.

“Amy Adams launched a computer emergency response team (CERT) to great fanfare late last year to help protect the public and businesses online,” Curran says. “It's extremely embarrassing that its government agencies need that team more than anyone,” she adds.