Hacktivism: Anonymous Breaches Australian ISP To Protests Data Retention
from the proving-a-point dept
Glyn Moody recently wrote about Australia reviving some troubling internet snooping policy, part of which includes an aggressive data retention policy for ISPs, in which they need to collect and maintain connection data from their users for up to two years. As Glyn notes, this policy mirrors what other nations throughout the world are attempting to put in as well, despite the serious pushback on security and privacy grounds from the technology community.So perhaps it shouldn't be all that surprising when famed hacktivist group Anonymous decides to make the concerns a reality to prove a point. Slashdot points us to news that Anonymous has breached one Australian ISP, AAPT, and lifted some 40GB of data using an un-patched Adobe Cold Fusion exploit. As Australian site ITnews reports, this hack appears to be yet another attempt at activism by Anonymous:
"Anonymous had threatened earlier this week to release the data but was reportedly working to minimise potential harm to individual customers.The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.This is what happens when you ignore complaints by the very people who can bring about the unintended consequences of your unfortunate internet legislation. Pushing forward with data retention bills even as it is proven that customer data is accessable seems problematic. Perhaps Anonymous and other groups can use this as an ongoing example of why such retention policies are dangerous.
The threatened release of data appears to be in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years.
One hacker told iTnews' sister publication SC Magazine that the data was stolen "to prove a lack of security at ISPs and telcos to properly protect the information" that would be stored under the Federal Government's data retention draft policies."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymous, australia, data retention, hactivism
Reader Comments
Subscribe: RSS
View by: Time | Thread
Twitter hashtag #ozlog
[ link to this | view in thread ]
It's seriously bullshit that every hack is now attributed to anonymous just to give it some sort of political Robin Hood spin. Fuckers broke into a computer and stole data. That's horrible Why praise it?
[ link to this | view in thread ]
That was faster than expected
Too late, that was comment #2
The point is that collecting and retaining vast amounts of personal data without sufficient security is just not a smart idea. It's like wearing a sign on your back that says "$10,000 in my wallet" then getting upset when you get mugged.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The bad thing is that it actually had to go this far for people to see it.
[ link to this | view in thread ]
Re:
And honestly, rather it happens now, like this, than by who knows who and for who knows what purpose later. Governments need to pull their head out of their arses and realise that stuff like that isn't secure just because they say it must be.
[ link to this | view in thread ]
Re: That was faster than expected
[ link to this | view in thread ]
Re:
Anything that happens where an anonymous group claims to be working as part of Anonymous is an act of that group. Even if it's by a group of people who have no contact or relation to any one who has done anything before. That's what is unique about the whole thing and is something that the media has utterly failed to get it's head around.
Now there are some pretty core groups and circles that make up the meat of the current consistent agenda and most people who are serious about this stuff tend to fall in those circles as matter of course but if every single person involved in this current series of activism simply stopped... any other group could and likely would pick up the banner and carry it on. Any coherent action the group seems to take is an emergent response to who is claiming to do what for that group. Given that people who agree with the current direction are going to be attracted to the group it becomes a re-enforcing loop, the more they act like activists more activists will want to act as them.
[ link to this | view in thread ]
Re: Re:
No, that's what you fail to get. A couple of years ago, this would have been the work of "some stupid hacker". Now the same stupid hackers paste an anonymous sticker on their work, and it's suddenly some big political thing.
They are just hackers, being assholes by breaking into other people's stuff, plain and simple.
Let's stop rewarding them for being criminals.
[ link to this | view in thread ]
Re: That was faster than expected
Welcome to info terrorism. What they are doing in many ways is driving business AWAY from the internet, because clearly it's not safe to do it. So many people don't want to have personal information online, won't use a credit card, and as a result won't pay for service.
In many ways, it's part of the anonymous support for piracy. Stop putting your personal information online, stop making online purchases, and just pirate the shit already.
Banks by definition need your personal information. Are you suggesting they should just run all their accounts anonymously?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: That was faster than expected
Slap terrorism in front of anything an wage war against it. Be a patriot!
Lots of crimes scare people but that doesn't make it terrorism. So when did hacking become "info terrorism"? I guess mugging is now "urban terrorism".
The point of the article is that gathering and RETAINING personal data is not a good idea for a government, not a bank.
[ link to this | view in thread ]
Re: Re: That was faster than expected
From article: The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.
As much as it sucks that Anonymous did this, I'd say it's much better for glaring vulnerabilities like this to be taken advantage of and pointed out now, rather than people only learning about it when they find their bank accounts empty some day.
The way I see it, Anonymous is, in their usual fashion, pointing out what should be obvious here: forcing ISP's to retain a massive database of personal info like that does nothing but provide a massive target for hackers, and like you said, no matter how good the security, any system can be accessed remotely will be hacked, especially if, in a case like this, it gives the hacker(s) access to an enormous, and enormously valuable, database of information.
[ link to this | view in thread ]
Re: Re: Re:
Any suggestion on how to prove it without breaking it there?
[ link to this | view in thread ]
Re: Re: Re:
That changed with the scientology protests. Those protests did not really start out because Anonymous had a fundamental political aim, scientology just offered a soft target. Anonymous could do what they do best, fuck with people for their own enjoyment, with out feeling guilty because scientlogly was such a awful fucking thing in the first place. Justified lolz in other words, which was often the driving force behind the "good" the group did. Either that or fucking with any one trying to fuck with them.
What no one expected lest of all Anonymous was just how far that movement would spread. It pulled in a wealth of people who were their more for the activism than for the lolz even if lolz were still being had. This actually caused a lot of tension with given old school groups who disliked this influx of effective newfags ext. But by the nature of what the group is there was nothing they could really do about it.
Given that Anonymous agenda is only a reflection of that which any one acting in their name is current doing and given that that agenda can draw or make more active people who agree with it we saw a real shift towards actual honest activism. The group has take as moral principle the ideals that have allowed it to operate.
No matter what you think of the how of what they've done here you would be very foolish to dismiss the why as just "hackers being assholes". 5 years ago I would have likely agreed with you but currently Anonymous is on a honest track of free web activism through what is effectively civil disobedience. That this may let them have lolz and be assholes is now an added extra rather than the main driving force.
[ link to this | view in thread ]
Re: Re: Re: That was faster than expected
These hackers admitted to have gotten the database. A less scrupulous hacker would just have lifted the database and started searching for targets for blackmailing or stealing.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
And that is what these morons don't understand.
[ link to this | view in thread ]
Derp
http://anonnews.org/
[ link to this | view in thread ]
Re: Re: That was faster than expected
Labeling blowing Arabs terrorists haven't stopped them from bombing. Labeling whatever hacker a terrorist won't stop them from hacking. And it will add some useless Govt apparatus to tackle the problem that will make everybody's life worse and won't make the problem go away.
In many ways, it's part of the anonymous support for piracy.
Seriously? Are you that retard? Actually it's an insult to the real Down Syndrome ppl. You are too stupid for them. You can't take piracy out of your head and address the real issues for a moment can you? I know there are ppl as dense and stupid as you in the world you guys manage to make me amazed and shocked more frequently than I'd like.
Banks by definition need your personal information. Are you suggesting they should just run all their accounts anonymously?
Banks are doing a much better job with their security because flaws will cost them money. They aren't perfect but out of the last 100 data breaches how many were from the banking system and how many the Bank was at fault and not the user clicking some lame phishing atack?
Come back from your fantasy delusional world and start addressing the facts.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
http://en.wikipedia.org/wiki/Philosophy_of_Ghost_in_the_Shell#Stand_Alone_Complex
Anonymo us is currently and effectively people copycating the behaviour that resulted from the scientology protests. But that behaviour was the emergent result of an action that was originally and largely motivated by different reasons. The ideals that got copied where the ideal that where perceived by the wider group and not as such the ideals that originally there. As such they can not be traced to one person or group, so there is no real originator for the current state of Anonymous that people are independently decided to act with in.
In other words people are acting in the name of a group ideal that has no real original source and is the result of a feedback loop based on an emergent set of group behaviour during the protests... and I honestly think the term stand alone complex is by far the best expression for what is happening with the group. It's effectively a subset of meem theory which is actually now a credible research area.
Anonymous actually was a stand alone complex from the start if you want to go back and look at it but the changes from the protests are some what easier to look at than the actual origins of the idea.
And now I'm going to shut up because I've not done near enough research in to this to actually be sure of any of the above... it's just been on my mind lately and I'm bored.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
1- Have a security problem breached by good hackers that won't disclose the info.
2- Whine about terrorism, Anonymous and child porn.
3- Persecute the good hackers and piss them off.
4- ???
5- Have tremendous losses trying to fix the mess. (while we profit from the lulz)
[ link to this | view in thread ]
Re: Re: Re: That was faster than expected
[ link to this | view in thread ]
Annonymous Cold Fusion hack of aapt
When are governments going to realise that respect of citizens privacy also ensures that very same privacy.
Groan......
[ link to this | view in thread ]
Re: That was faster than expected
Seems like Anon could have just as easily used its considerable skills to help the ISP fix the security vulnerability, but chose a different route.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
and most likely have nailed some of the reality that is conceptually hard to grasp by the standard horde.
I've said it before though.
"Having grown up with the cracker/hacking culture (in all it's forms) Anonymous is everything anyone wants it to be and everything you don't.
It's an IDEA not a group, its a meme not a gathering, its a conceptual take on the original virtuality and Plato's shadows.
Or it's none of the above. Though it could just be that person sitting across from you, that person you see fleetingly everyday and give a nod too, or that person who stares back at you in the mirror.
[ link to this | view in thread ]
Re: Re: Re:
Notice: I humbly apoligise to all those who have just had a horrible image placed in their heads.
[ link to this | view in thread ]
AAPT
[ link to this | view in thread ]
Re: Re: Re:
Wake up!
[ link to this | view in thread ]
Re: Re: That was faster than expected
You missed the point if you think this is about one security flaw at one ISP.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
It embarrasses them without having to spew everyone's personal information all over the place. This sort of abuse of personal information is possibly the biggest crime around. It's internet terrorism. The customers are not the reason there is a security issue, why punish them with it?
[ link to this | view in thread ]
Really get some attention on it
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
It's perhaps more telling when you frame it against how society has worked for hundreds of years. We cannot as a people afford a police man on every corner, in every building. Society has always had a level of standards (call them morals, but not religious, more like civilization) that we have generally maintained. We have had times where that has slipped (pre-industrial age England, as an example), but generally we hold fast to many basic principals.
However, there has been a very big change over the last 75 years or so. Call it the Mafia factor. The Mafia is the ultimate in "getting away with it" organizations, using a combination of intimidation, reward, and chutzpah to be some of the nastiest criminals and yet often upstanding citizens in most people's eyes as well. After the dirty 30s and the war, people came back tired of fighting and we went back to our civilized ways. The Mafia didn't translate as well to suburbia, I guess.
Fast forward to the 80s, where street gangs have taken over most US cities in a signficant way. They too are organizations based on the idea of "what they can get away with". You know the drill, plenty of crime, drugs, hookers, and so on... and the most pervasive intimidation system called "snitches get stitches". They came to understand that the legal system really cannot handle a large organized army of people intentionally breaking the law every day, and lawlessness became the rule of many places in the US.
Hackers of the past were like the Mafia... Anonymous is like a series of street gangs. They aren't fighting for what's right, they are fighting for more pie for themselves, more freedom to do more of what they do, with less chance of getting caught.
They have actually gotten to the point with Anonymous that it is now like a long running online riot. People are empowered by the mob to do the very things that they know are wrong, that they shouldn't do, but they do them anyway, because they think they can get away with it.
Why do you think they fight so hard against "censorship"? Because part of that censorship would be to remove the Anonymous factor that they use to embolden their actions. If every hack was easily tracked back to your computer, do you honestly think there would be much hacking?
Anonymous is mostly a bunch of pissant kids, thinking they are cool by spraying internet graffiti around. Very few of them can do more than run someone else's script.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
If their purpose was to get this flaw fixed, yes. That was not their purpose.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
People need to wake up and start being more active in protecting their own privacy and security.
[ link to this | view in thread ]
Re: Re: Re: That was faster than expected
The real fear is that the same hackers will do it against next week. Not to improve things, just to tweak noses and push their "just" causes.
Fucking stupid, isn't it?
In fantasy land, these fucktards are heros, the great guys fighting against the man. In the real world, they are snotty little pricks who screw everyone else's lives to prove their points.
I am addressing the facts. Have you had your credit card info stolen, misused, published on a website, or part of a hack? I have. It sucks to have to get ALL of your personal documents redone. It sucks to have to contact everyone you deal with to change that information. It makes me want to buy less on the internet. It makes me not want to do business on the internet. It makes me fear doing things on the internet. Oh, yeah, the last time I had to do this was May of this year. My crime? I purchased car parts.
The real world says the hacker pricks need to go away, their cause isn't that noble.
[ link to this | view in thread ]
Re: Re: That was faster than expected
[ link to this | view in thread ]
Re: Re: Re: Re: That was faster than expected
I guess you missed the part of the article where these uber-terrorist hackers were working specifically to minimize the exposure of any consumer information in the data they mined?
"In fantasy land, these fucktards are heros, the great guys fighting against the man. In the real world, they are snotty little pricks who screw everyone else's lives to prove their points."
If the boardrooms of ISPs are called "The Real World", then perhaps you're right, but their point still was proved and completely validated. Not sure what YOUR point is, other than you don't like people who are good at computering, apparently....
"The real world says the hacker pricks need to go away, their cause isn't that noble."
The real world also says that any nation requiring retention of customer data should also be able to offer up a solution for securing that data. Otherwise the only safe protection is purging.
But hey, just keep telling us all how evil everyone is except the idiots that allowed private information to get stolen. I'm sure someone thinks you're smart....
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: That was faster than expected
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
It would also be nice to not have to pay for general policing efforts just to access the internet, because I already pay taxes thanks.
It's absurd for the state to put its citizens privacy at extreme risk, and force them to pay for it via their ISPs, rather than through the general taxes where the costs might cause electors to think twice about whether or not this is what they want their government to be using their resources for.
By making ISPs pay for and maintain the necessary IT infrastructure for these "law enforcement" purposes, the government are externalising their costs to innocent internet users and distancing themselves from any PR fall out over the costs.
People will just blame their ISPs for these costs that the ISPs are forced to incur and pass onto their customers.
[ link to this | view in thread ]