Hacktivism: Anonymous Breaches Australian ISP To Protests Data Retention
from the proving-a-point dept
Glyn Moody recently wrote about Australia reviving some troubling internet snooping policy, part of which includes an aggressive data retention policy for ISPs, in which they need to collect and maintain connection data from their users for up to two years. As Glyn notes, this policy mirrors what other nations throughout the world are attempting to put in as well, despite the serious pushback on security and privacy grounds from the technology community.
So perhaps it shouldn’t be all that surprising when famed hacktivist group Anonymous decides to make the concerns a reality to prove a point. Slashdot points us to news that Anonymous has breached one Australian ISP, AAPT, and lifted some 40GB of data using an un-patched Adobe Cold Fusion exploit. As Australian site ITnews reports, this hack appears to be yet another attempt at activism by Anonymous:
“Anonymous had threatened earlier this week to release the data but was reportedly working to minimise potential harm to individual customers.The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.
The threatened release of data appears to be in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years.
One hacker told iTnews' sister publication SC Magazine that the data was stolen “to prove a lack of security at ISPs and telcos to properly protect the information” that would be stored under the Federal Government's data retention draft policies.”
This is what happens when you ignore complaints by the very people who can bring about the unintended consequences of your unfortunate internet legislation. Pushing forward with data retention bills even as it is proven that customer data is accessable seems problematic. Perhaps Anonymous and other groups can use this as an ongoing example of why such retention policies are dangerous.
Filed Under: anonymous, australia, data retention, hactivism
Comments on “Hacktivism: Anonymous Breaches Australian ISP To Protests Data Retention”
Twitter hashtag #ozlog
2min primer vid & petition is (youtube) http://bit.ly/OF5tHd
So again… Anonymous, or one hacker dude with an attitude hiding behind their name?
It’s seriously bullshit that every hack is now attributed to anonymous just to give it some sort of political Robin Hood spin. Fuckers broke into a computer and stole data. That’s horrible Why praise it?
Re: Re:
Well it’s actually both good and bad.. The good thing about this is that people can now see the lack of security of their private data.
The bad thing is that it actually had to go this far for people to see it.
Re: Re:
If he says he’s Anonymous, then he’s Anonymous. That’s how it works.
And honestly, rather it happens now, like this, than by who knows who and for who knows what purpose later. Governments need to pull their head out of their arses and realise that stuff like that isn’t secure just because they say it must be.
Re: Re:
Says the guy posting under the title “Anonymous Coward”.
Anything that happens where an anonymous group claims to be working as part of Anonymous is an act of that group. Even if it’s by a group of people who have no contact or relation to any one who has done anything before. That’s what is unique about the whole thing and is something that the media has utterly failed to get it’s head around.
Now there are some pretty core groups and circles that make up the meat of the current consistent agenda and most people who are serious about this stuff tend to fall in those circles as matter of course but if every single person involved in this current series of activism simply stopped… any other group could and likely would pick up the banner and carry it on. Any coherent action the group seems to take is an emergent response to who is claiming to do what for that group. Given that people who agree with the current direction are going to be attracted to the group it becomes a re-enforcing loop, the more they act like activists more activists will want to act as them.
Re: Re: Re:
“Anything that happens where an anonymous group claims to be working as part of Anonymous is an act of that group. Even if it’s by a group of people who have no contact or relation to any one who has done anything before. That’s what is unique about the whole thing and is something that the media has utterly failed to get it’s head around.”
No, that’s what you fail to get. A couple of years ago, this would have been the work of “some stupid hacker”. Now the same stupid hackers paste an anonymous sticker on their work, and it’s suddenly some big political thing.
They are just hackers, being assholes by breaking into other people’s stuff, plain and simple.
Let’s stop rewarding them for being criminals.
Re: Re: Re: Re:
But to tell the public those facilities are insecure, you must prove it’s insecure, right?
Any suggestion on how to prove it without breaking it there?
Re: Re: Re:2 Re:
Yes, pretend the security flaws don’t exist, blame some sacpegoat such as Anonymous, terrorists or your grandma and avoid addressing the point. Put simply:
1- Have a security problem breached by good hackers that won’t disclose the info.
2- Whine about terrorism, Anonymous and child porn.
3- Persecute the good hackers and piss them off.
4- ???
5- Have tremendous losses trying to fix the mess. (while we profit from the lulz)
Re: Re: Re:3 Re:
No, you can do what more intelligent hackers do: You discover a flaw, you document the flaw, you take the flaw to the media a couple of days AFTER you let the target know.
It embarrasses them without having to spew everyone’s personal information all over the place. This sort of abuse of personal information is possibly the biggest crime around. It’s internet terrorism. The customers are not the reason there is a security issue, why punish them with it?
Re: Re: Re:4 Re:
No, you can do what more intelligent hackers do: You discover a flaw, you document the flaw, you take the flaw to the media a couple of days AFTER you let the target know.
If their purpose was to get this flaw fixed, yes. That was not their purpose.
Re: Re: Re:4 Re:
The customer is the problem, they let the ISP’s do anything they want without any regard. Most companies / corporations can do anything they want because they know the customers will not do anything about it…apathy…
People need to wake up and start being more active in protecting their own privacy and security.
Re: Re: Re:4 Re:
Whose personal information was spewed all over the place? They haven’t released the customer data, or have you not read the article?
Re: Re: Re: Re:
Wow you really don’t understand the history of Anonymous do you? Hackers being jerks used to act as Anonymous all the time, this is a group that has ruin peoples lives far more often as they hunted down paedophiles. The only reason they really did anything was “because it was a laugh”. You didn’t really hear much about it because for the most part they didn’t do anything news worthy. “Some stupid hacker” doing “Some stupid shit for the lolz” is effectively what Anonymous started out as.
That changed with the scientology protests. Those protests did not really start out because Anonymous had a fundamental political aim, scientology just offered a soft target. Anonymous could do what they do best, fuck with people for their own enjoyment, with out feeling guilty because scientlogly was such a awful fucking thing in the first place. Justified lolz in other words, which was often the driving force behind the “good” the group did. Either that or fucking with any one trying to fuck with them.
What no one expected lest of all Anonymous was just how far that movement would spread. It pulled in a wealth of people who were their more for the activism than for the lolz even if lolz were still being had. This actually caused a lot of tension with given old school groups who disliked this influx of effective newfags ext. But by the nature of what the group is there was nothing they could really do about it.
Given that Anonymous agenda is only a reflection of that which any one acting in their name is current doing and given that that agenda can draw or make more active people who agree with it we saw a real shift towards actual honest activism. The group has take as moral principle the ideals that have allowed it to operate.
No matter what you think of the how of what they’ve done here you would be very foolish to dismiss the why as just “hackers being assholes”. 5 years ago I would have likely agreed with you but currently Anonymous is on a honest track of free web activism through what is effectively civil disobedience. That this may let them have lolz and be assholes is now an added extra rather than the main driving force.
Re: Re: Re:2 Re:
Bravo! Moved me to tears ;_;
And that is what these morons don’t understand.
Re: Re: Re:3 Re:
I may tank my creditability here but what’s struck me most about the current state of Anonymous is that it’s the first real world example of a effective Stand Alone Complex… a term coined by a the Ghost In the Shell anime series… ya ya I know know but read this and then hear me out.
http://en.wikipedia.org/wiki/Philosophy_of_Ghost_in_the_Shell#Stand_Alone_Complex
Anonymous is currently and effectively people copycating the behaviour that resulted from the scientology protests. But that behaviour was the emergent result of an action that was originally and largely motivated by different reasons. The ideals that got copied where the ideal that where perceived by the wider group and not as such the ideals that originally there. As such they can not be traced to one person or group, so there is no real originator for the current state of Anonymous that people are independently decided to act with in.
In other words people are acting in the name of a group ideal that has no real original source and is the result of a feedback loop based on an emergent set of group behaviour during the protests… and I honestly think the term stand alone complex is by far the best expression for what is happening with the group. It’s effectively a subset of meem theory which is actually now a credible research area.
Anonymous actually was a stand alone complex from the start if you want to go back and look at it but the changes from the protests are some what easier to look at than the actual origins of the idea.
And now I’m going to shut up because I’ve not done near enough research in to this to actually be sure of any of the above… it’s just been on my mind lately and I’m bored.
Re: Re: Re:4 Re:
Ghost in the Shell is not easy to watch and understand. Might be the case yes. But the fact is that it has become an ideology that embraces many ideologies. I see the movement as some kind of laboratory of what’s to come.
Re: Re: Re:5 Re:
It very much is. I don’t think enough people really realise that and they are going to be caught flat footed because they did not bother to learn from it. The internet has changed how social groups and structures work but Anonymous is the biggest representative of major new type of social group and structure that simply couldn’t have existed in exactly this way before. That alone makes it’s worth paying attention to.
Re: Re: Re:4 Re:
Someone is a connoisseur of Group dynamics I see!
and most likely have nailed some of the reality that is conceptually hard to grasp by the standard horde.
I’ve said it before though.
“Having grown up with the cracker/hacking culture (in all it’s forms) Anonymous is everything anyone wants it to be and everything you don’t.
It’s an IDEA not a group, its a meme not a gathering, its a conceptual take on the original virtuality and Plato’s shadows.
Or it’s none of the above. Though it could just be that person sitting across from you, that person you see fleetingly everyday and give a nod too, or that person who stares back at you in the mirror.
Re: Re: Re:4 Re:
Tim, you went a very long way to suggest mob mentality. Think of it as “what they actually got away with” as the standard for the next person in line to try to beat.
It’s perhaps more telling when you frame it against how society has worked for hundreds of years. We cannot as a people afford a police man on every corner, in every building. Society has always had a level of standards (call them morals, but not religious, more like civilization) that we have generally maintained. We have had times where that has slipped (pre-industrial age England, as an example), but generally we hold fast to many basic principals.
However, there has been a very big change over the last 75 years or so. Call it the Mafia factor. The Mafia is the ultimate in “getting away with it” organizations, using a combination of intimidation, reward, and chutzpah to be some of the nastiest criminals and yet often upstanding citizens in most people’s eyes as well. After the dirty 30s and the war, people came back tired of fighting and we went back to our civilized ways. The Mafia didn’t translate as well to suburbia, I guess.
Fast forward to the 80s, where street gangs have taken over most US cities in a signficant way. They too are organizations based on the idea of “what they can get away with”. You know the drill, plenty of crime, drugs, hookers, and so on… and the most pervasive intimidation system called “snitches get stitches”. They came to understand that the legal system really cannot handle a large organized army of people intentionally breaking the law every day, and lawlessness became the rule of many places in the US.
Hackers of the past were like the Mafia… Anonymous is like a series of street gangs. They aren’t fighting for what’s right, they are fighting for more pie for themselves, more freedom to do more of what they do, with less chance of getting caught.
They have actually gotten to the point with Anonymous that it is now like a long running online riot. People are empowered by the mob to do the very things that they know are wrong, that they shouldn’t do, but they do them anyway, because they think they can get away with it.
Why do you think they fight so hard against “censorship”? Because part of that censorship would be to remove the Anonymous factor that they use to embolden their actions. If every hack was easily tracked back to your computer, do you honestly think there would be much hacking?
Anonymous is mostly a bunch of pissant kids, thinking they are cool by spraying internet graffiti around. Very few of them can do more than run someone else’s script.
Re: Re: Re: Re:
Politicians, bankers and corporations are rewarded all the time for being criminals and taking peoples stuff.
Wake up!
Re: Re: Re:
Not just posting under the title “Anonymous Coward”, but he also goes battshit crazy when you even DARE mention that you know its him (like that’s hard to figure out lol). He always screams and whines, MY PRIVACY HAS BEEN VIOLATED BY DIRTY PIRATE MIKE AND PIRATE COMMENTATORS.
Re: Re: Re: Re:
says the anonymous coward, natch.
Re: Re: Re:2 Re:
Look in the mirror.
Re: Re: Re:2 Re:
Wait… What ?!?
Re: Re: Re: Re:
The more he doth protest about being violated, the more I keep getting the impression that he wants to be violated by Mike, and I’m sadly not talking about his privacy.
Notice: I humbly apoligise to all those who have just had a horrible image placed in their heads.
Re: Derp
Yup that’s the point of Anonymous. Could be anyone, could be everyone. And yes, there is a Robin-Hood aspect to it because these things are done in the spirit of Anonymous. Also, this is blamed on Anonymous because they are the ones that actually did it…
http://anonnews.org/
Re: Re:
I don’t give a crap. What I know is that if my information is not being retained by every Tom, Dick, Harriet, and their cat, I am at significantly less risk of my privacy being violated by unintended disclosure or security breaches.
It would also be nice to not have to pay for general policing efforts just to access the internet, because I already pay taxes thanks.
It’s absurd for the state to put its citizens privacy at extreme risk, and force them to pay for it via their ISPs, rather than through the general taxes where the costs might cause electors to think twice about whether or not this is what they want their government to be using their resources for.
By making ISPs pay for and maintain the necessary IT infrastructure for these “law enforcement” purposes, the government are externalising their costs to innocent internet users and distancing themselves from any PR fall out over the costs.
People will just blame their ISPs for these costs that the ISPs are forced to incur and pass onto their customers.
That was faster than expected
I was just about to mention that someone will read this article and ONLY see that a computer was hacked and a crime was committed.
Too late, that was comment #2
The point is that collecting and retaining vast amounts of personal data without sufficient security is just not a smart idea. It’s like wearing a sign on your back that says “$10,000 in my wallet” then getting upset when you get mugged.
Re: That was faster than expected
You could have the best security in the world and some little jumped up hacker twat would still find a way in. No network is 100% secure and every measure you take to secure it makes it harder or less convenient for users to access it. There has to be a balance.
Re: Re: That was faster than expected
Having any security at all would probably be a good start.
From article: The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.
As much as it sucks that Anonymous did this, I’d say it’s much better for glaring vulnerabilities like this to be taken advantage of and pointed out now, rather than people only learning about it when they find their bank accounts empty some day.
The way I see it, Anonymous is, in their usual fashion, pointing out what should be obvious here: forcing ISP’s to retain a massive database of personal info like that does nothing but provide a massive target for hackers, and like you said, no matter how good the security, any system can be accessed remotely will be hacked, especially if, in a case like this, it gives the hacker(s) access to an enormous, and enormously valuable, database of information.
Re: Re: Re: That was faster than expected
Agreed, the problem here is not that Anonymous did this. The problem is that the data exist at all.
These hackers admitted to have gotten the database. A less scrupulous hacker would just have lifted the database and started searching for targets for blackmailing or stealing.
Re: Re: That was faster than expected
Please refrain from exposing yourself as an utter moron with such comments
Re: That was faster than expected
“The point is that collecting and retaining vast amounts of personal data without sufficient security is just not a smart idea. It’s like wearing a sign on your back that says “$10,000 in my wallet” then getting upset when you get mugged.”
Welcome to info terrorism. What they are doing in many ways is driving business AWAY from the internet, because clearly it’s not safe to do it. So many people don’t want to have personal information online, won’t use a credit card, and as a result won’t pay for service.
In many ways, it’s part of the anonymous support for piracy. Stop putting your personal information online, stop making online purchases, and just pirate the shit already.
Banks by definition need your personal information. Are you suggesting they should just run all their accounts anonymously?
Re: Re: That was faster than expected
Info terrorism??? Seriously???
Slap terrorism in front of anything an wage war against it. Be a patriot!
Lots of crimes scare people but that doesn’t make it terrorism. So when did hacking become “info terrorism”? I guess mugging is now “urban terrorism”.
The point of the article is that gathering and RETAINING personal data is not a good idea for a government, not a bank.
Re: Re: That was faster than expected
You’ve lost any respect you had left when you used the terrorism tag. Seriously, it doesn’t matter if it was an Arab with long beard yelling “Allah Allah” in front of his computer or the neighborhood kid trying to grab attention, the fact is that THERE ARE VULNERABILITIES and while even a well maintained system with constant monitoring and updating will not be 100% safe this highlights that there are security flaws everywhere and that the Govt wants to RETAIN USER DATA AGGRESSIVELY EVEN THOUGH IT WILL BE EXPOSED.
Labeling blowing Arabs terrorists haven’t stopped them from bombing. Labeling whatever hacker a terrorist won’t stop them from hacking. And it will add some useless Govt apparatus to tackle the problem that will make everybody’s life worse and won’t make the problem go away.
In many ways, it’s part of the anonymous support for piracy.
Seriously? Are you that retard? Actually it’s an insult to the real Down Syndrome ppl. You are too stupid for them. You can’t take piracy out of your head and address the real issues for a moment can you? I know there are ppl as dense and stupid as you in the world you guys manage to make me amazed and shocked more frequently than I’d like.
Banks by definition need your personal information. Are you suggesting they should just run all their accounts anonymously?
Banks are doing a much better job with their security because flaws will cost them money. They aren’t perfect but out of the last 100 data breaches how many were from the banking system and how many the Bank was at fault and not the user clicking some lame phishing atack?
Come back from your fantasy delusional world and start addressing the facts.
Re: Re: Re: That was faster than expected
I should clarify that by no means I hold any type of prejudice against the Down Syndrome ppl. They are actually much better than those shills here. Damn politically correct world.
Re: Re: Re: That was faster than expected
Ninja, the point is that the acts are done to terrorize, not to fix. They hurt and harm ordinary citizens for a “higher cause”, no different from a car bomb in a crowded street. I know there is no bloodshed, but there is pain, suffering, cost, and turmoil for people who are just not involved.
The real fear is that the same hackers will do it against next week. Not to improve things, just to tweak noses and push their “just” causes.
Fucking stupid, isn’t it?
In fantasy land, these fucktards are heros, the great guys fighting against the man. In the real world, they are snotty little pricks who screw everyone else’s lives to prove their points.
I am addressing the facts. Have you had your credit card info stolen, misused, published on a website, or part of a hack? I have. It sucks to have to get ALL of your personal documents redone. It sucks to have to contact everyone you deal with to change that information. It makes me want to buy less on the internet. It makes me not want to do business on the internet. It makes me fear doing things on the internet. Oh, yeah, the last time I had to do this was May of this year. My crime? I purchased car parts.
The real world says the hacker pricks need to go away, their cause isn’t that noble.
Re: Re: Re:2 That was faster than expected
“Ninja, the point is that the acts are done to terrorize, not to fix. They hurt and harm ordinary citizens for a “higher cause”, no different from a car bomb in a crowded street. I know there is no bloodshed, but there is pain, suffering, cost, and turmoil for people who are just not involved.”
I guess you missed the part of the article where these uber-terrorist hackers were working specifically to minimize the exposure of any consumer information in the data they mined?
“In fantasy land, these fucktards are heros, the great guys fighting against the man. In the real world, they are snotty little pricks who screw everyone else’s lives to prove their points.”
If the boardrooms of ISPs are called “The Real World”, then perhaps you’re right, but their point still was proved and completely validated. Not sure what YOUR point is, other than you don’t like people who are good at computering, apparently….
“The real world says the hacker pricks need to go away, their cause isn’t that noble.”
The real world also says that any nation requiring retention of customer data should also be able to offer up a solution for securing that data. Otherwise the only safe protection is purging.
But hey, just keep telling us all how evil everyone is except the idiots that allowed private information to get stolen. I’m sure someone thinks you’re smart….
Re: That was faster than expected
One hacker told iTnews’ sister publication SC Magazine that the data was stolen “to prove a lack of security at ISPs and telcos to properly protect the information” that would be stored under the Federal Government’s data retention draft policies.”
Seems like Anon could have just as easily used its considerable skills to help the ISP fix the security vulnerability, but chose a different route.
Re: Re: That was faster than expected
Seems like Anon could have just as easily used its considerable skills to help the ISP fix the security vulnerability, but chose a different route.
You missed the point if you think this is about one security flaw at one ISP.
Re: Re: That was faster than expected
Perhaps you should considert the “ease” with which this data was accessed.
seems to me that every country in the world is doing it’s best to remove any and all privacy and freedom laws for private citizens as soon as possible, using any excuse possible. in actual fact it’s because the various governments are scared of information being released that they would rather keep hidden. it has nothing to do with any form of protecting from terrorism, stopping child porn, drug dealing or any other sort of criminal act. it’s all being done so as to know exactly who said what to who and when. what a sad state of affairs we have when each government is as/more scared of it’s own people than of it’s so called enemies that it has to know every aspect of everyone’s life 24/7. is it possible to have a world-wide dictatorship with multiple controllers?
Re: Re:
They are afraid of their ppl because they stopped representing them at some point and started representing their own financial interests in favor of the corporations. The people can take only so much disrespect and disdain and started getting angry at the Governments. The response is to try and control dissidences instead of addressing the real issue and starting representing the people again. Our shills are experienced in ignoring the problems. They are just the surface of a much deeper issue.
Annonymous Cold Fusion hack of aapt
What worries me is, the centralisation of data. So, it was an exploit we all knew about. That sort of gives you an idea of where to look. But the more you put data in one place (government silos) the less you have to look. Anyone who wants to do some serious damage only has to wait for some stupid government to round up all the data and put it in one place
When are governments going to realise that respect of citizens privacy also ensures that very same privacy.
Groan……
AAPT
In case it hasn’t been mentioned yet, nobody in Australia really gives a shit about AAPT and, quite frankly, it does not surprise me in the least that their security is lackluster at best. Now if the ISP was Telstra, Optus or iiNet then I’d sit up and pay attention. There’s a hint for Annonymous as to who to go for next to make an impact.
Really get some attention on it
They should try to identify any high-ranking politicians, lobbyists, etc in the database and then release their data to make the point about what such a bad idea it is. If it’s a general hack the politicians will be all, “yeah, that’s not good.” But by releasing their own data then suddenly it’s “Oh crap! We need to reconsider this, it’s clearly a bad idea.”
So, trademarking and selling anonymous gear still soundlike a good idea?
Would some intelligent soul please turn America off once and for all?