During the two month period examined, computer forensics indicate that the alleged incursions on which the crown relied originated from the defendant’s IP address. The allegation is based on a total of 130 visits to the Air Services Australia (ASA) website. Visiting the ASA website is not illegal, indeed as a public service safety website, pilots are encouraged to access the site many times per day to obtain updated weather information and safety bulletins. (NOTAM).

Of the 130 alleged 'visit' incidents only nine visits have been forensically tracked to the defendant’s former IP address. There are significant discrepancies contained within the presented data.

Notes:-
In December YYYY the XXXXX based aircraft were broken into and flight data laptops were stolen. The dedicated flight crew laptop contained all the required, password enabled software links (NAIPS) to enable flight planning and the submission of flight plans through the XXXXX account; the lap top included all stored username and password detail; all standard flight plans for sensitive Customs flights conducted by the Base at the time.

Comment:

Even if the motive for the theft was solely the lap top computers, it begs the question how did the perpetrators gain the information, airside access and the knowledge to enter the aircraft?

This event was a serious and potentially dangerous event presenting very real and serious repercussions in the form of high risk of terrorism or criminal threat. Part of XXXXX function was the monitoring of illegal boat activity. It is noteworthy that the potential threat was not reported to AISIO or the subject of an in depth Australian Federal Police (AFP) report. There is no record of improved security protocols being implemented, there is a clear breach of the DoIT approved Transport Security Program (TSP)

This begs a question of the XXXXX commitment to safety and security. Further raises the issue why are the allegations against XXXXX viewed as 'heinous' whilst a serious security and safety event was treated in a cavalier matter.

Q) Why were the company XXXXX usernames/passwords not changed after a high risk security breach, where the sensitive information was known to be in the hands of criminal or potentially, terrorist elements?

Q) Why were ASIO, AFP, Customs and Border Protection not advised of the breach?

Q) There are some 130 alleged incursions, can the Crown advise if any of the remaining 121 unaccounted incursions can be traced to the missing aircraft computers?

Q) Can XXXXX provide explanation of why the password system was only changed at the insistence of the AFP - (dd/mm/Yy ); and why the enforced changes were only reflected in a change to a non encrypted seven digit password?