Sections

Services

Information

UK United Kingdom

Anonymous' Operation Australia – can the federal police stop them?

About 10am this morning, Anonymous used Twitter to announce an attack on the Australian Security Intelligence Organisation (ASIO) website. Anonymous claimed the ASIO website would be unavailable for the…

What’s being done about the latest spate of Anonymous attacks? zigazou76

About 10am this morning, Anonymous used Twitter to announce an attack on the Australian Security Intelligence Organisation (ASIO) website. Anonymous claimed the ASIO website would be unavailable for the rest of the day.

The ASIO website was down for about 30 minutes after the attack and is now operating slowly or not at all. It appears the attack may be ongoing, but ASIO’s technical staff are recovering the situation.

Anonymous has been claiming attacks would occur on ASIO and on the Defence Signals Directorate (DSD) website via the Anonymous Operation Australia Twitter account.

The Anonymous attacks are part of an ongoing campaign against the government proposal to introduce a data retention scheme that would require carriers and ISPs to store the web history of every Australian for one to two years.

Anonymous has been using distributed denial of service (DDoS) attacks for some time now as part of this campaign. Late last month Anonymous used DDoS or website defacing attacks on ten goverment websites.

The question that every Australian should be asking the government and the Australian Federal Police (AFP) is what are they doing about the Anonymous attacks?

Anonymous has now launched attacks on a range of government websites, broken into an AAPT server and stolen customer data which was recently partially released on the web.

When is the AFP going to declare the Anonymous attacks a major crime and dedicate resources to finding the perpetrators? Can the AFP stop the Anonymous attacks?

The answer is “no” if today’s events are any indicator. What makes the situation even worse is that Anonymous gave the AFP and ASIO plenty of warning – yet the attack succeeded.

Is Anonymous correct in its assertion the government proposal to implement a two-year data retention scheme will put all Australians at risk of far worse outcomes than the current Anonymous campaign?

It is time for the AFP to demonstrate to all Australian’s that their internet history can be protected by government authorities.

What hope have the companies that would be forced to implement the data retention scheme got of combating internet criminals if the government and AFP are powerless to stop Anonymous?

A good way for the AFP to demonstrate their capability to stop internet crime would be to identify and arrest the members of Anonymous who are participating in Operation Australia.

Another possible approach similar, to that employed by US authorities, would be for the AFP to offer the Anonymous members jobs?

Electronic Frontiers Australia (EFA) stated on July 13 that:

EFA is deeply concerned about the proposed changes to National Security legislation foreshadowed in the discussion paper issued this week by the Attorney-General’s Department.

These proposed changes, if implemented in their entirety, would appear to amount to a massive expansion of surveillance activity across the entire community, accompanied by a corresponding reduction in accountability for that surveillance activity, and are therefore a potentially significant threat to the civil liberties and privacy of all Australians.

In the USA earlier this month a bill that would establish security standards to prevent cyberattacks on the US critical infrastructure failed to pass the Senate. Clearly, the US government is struggling to regulate the internet and to protect their vital infrastructure.

Key reasons for the failure of the US bill were the financial burden that would be placed on private companies, a view that government intervention was not necessary, and the provision for sharing cyberthreat data between government and industry. The data retention and sharing worried many people about potential privacy and security breaches.

A recommended first step for the Australian government is to invest in research that would enhanced privacy and security and provide real outcomes that can be implemented here.

For me a litmus test of the government’s intentions is whether or not it will mandate the use of Secure Socket Layer (SSL) certificates for email. In my view SSL should be mandatory from the customer’s device to the Simple Mail Transfer Protocol (SMTP) server and between SMTP servers. This simple step would greatly improve privacy and security.

The internet is a critical piece of infrastructure that is being used in ways beyond its original design. Authorities should not try to use the internet in ways that will jeopardise the security and privacy of Australians.

They should be able to provide people with a guarantee their security and privacy will be protected.

Further reading

Join the conversation

15 Comments sorted by

  1. el don

    logged in via Twitter

    meanwhile, some right wing US dingbats have launched a DDoS on wikileaks, to protest against Julian Assange...
    and today of course, what is really trending on twitter is a discussion of TripWire, a company related to Stratfor, the CIA, and other spying institutions. their software has been distributed to the NYC underground, and the streets of various US cities for a while now - to monitor 'suspicious' activity. whither so-called privacy now? we've long been aware that our internet activities are…

    Read more
    1. Sean Lamb

      Science Denier

      In reply to el don

      Oh well, bringing down ASIO's completely pointless website should teach them we won't be pushed around.

      Perhaps we could also make prank calls to the ASIO switchboard from public telephone boxes.
      Not that I doubt that ASIO is 400 million pa down the drain as a form of middle class welfare. But if we didn't pay them large salaries to twiddle their thumbs and infiltrate various extremist groups so successfully that they would probably cease to function if everyone on the ASIO payroll quit, where on earth would we find work for these extra graduates?

      report
    2. Joe Gartner

      Tilter

      In reply to Sean Lamb

      So it hasn't occurred to you that ASIO and DSD may actually perform some security function? Irrespective of what you and I may think of their intrusiveness or uselessness there are actual security threats in the world. This is not An argument for extended powers or an argument against restricting their powers. Merely consider that you could be wrong in your inference that ASIO, or some form of security service, is not required.
      I don't like property law much either but it doesn't mean we don't need cops.

      report
    3. Sean Lamb

      Science Denier

      In reply to Joe Gartner

      I am sure they do perform some security function - just in whose interests? I very much doubt in mine or any normal person.

      The fact is I don't have a clue what ASIO does - in fact does anyone? But they have 440 million budget and that must mean a lot of staff doing something. I presume they work at least in part along the lines of the CIA's Mighty Wurlitzer. If there is a fringe extreme group anywhere in Australia, chances are that half - and the loudest half - of the members will have ties…

      Read more
    4. Joe Gartner

      Tilter

      In reply to Sean Lamb

      "The fact is I don't have a clue what ASIO does "

      ahem... why are you making recommendations on what it should do and what branch of government it should be controlled by? Perhaps you should find out what ASIO does and who regulates it before making ill-informed comment.

      report
    5. Sean Lamb

      Science Denier

      In reply to Joe Gartner

      Johanne Gartner, nothing would delight me more than to spend a week happily browsing the ASIO archives.

      Do let me know if you can arrange that for me. Until then I think my comment was far from ill-informed. We have an organisation with a large budget and not simply zero public accountability, but zero historical accountability.

      report
    6. Joe Gartner

      Tilter

      In reply to Sean Lamb

      'Do let me know if you can arrange that for me'

      FOI, AG Department, Government Archives, hell you could even read a newspaper.... I didn't realise there was an excuse for not just writing ill-informed comment but being too lazy to be informed.

      report
  2. Tim Scanlon

    Debunker

    I have a company that I'm trying to get funded by the Federal Government. What I'm going to do is put surveillance cameras in everyone's homes and record their activities. Now, it's okay, I won't disclose any of this footage, but I will keep it for two years, just in case someone wants to investigate an individual. Of course, I guarantee everyone's privacy and there is no need to fear that this is an invasion of said privacy, it is just a precaution.

    report
  3. Philip Dowling

    IT teacher

    Best practice in many things is espoused by organisations but it is rarely practised. I know from the students that I teach that many organisations fail to put into practice basic security practices.
    In addition, many IT "professionals" assume that they know more than everybody else, when in practice they fail to configure security properly, fail to test it, and fail to log activity and to check logs.
    In addition, the professionals fail to read widely enough to know that simply buying expensive, high tech firewalls, etc, does not protect their installations when even Apple will divulge users' iCloud passwords with minimal effort.

    report
    1. William Bruce

      Artist

      In reply to Philip Dowling

      I'm not to Tech savvy and I can't understand why any serious security data is externally or internet accessible?
      Wouldn't it be better to keep important data only "in house accessible" so it can't be hacked, and, hi tech encode LIMITED electronic transmissions from point to point?

      report
    2. Mark A Gregory

      Senior Lecturer in Electrical and Computer Engineering at RMIT University

      In reply to William Bruce

      Hi William, in some circumstances companies can keep key systems isolated. However, today more and more of the data we create and use is communicated between offices, to other companies and so on. A good example of this is the new eHealth system that will connect doctors, patients, hospitals and health departments. This online eHealth system will hold all patient records, x-rays and so on. When you think of the damage that could be done to individuals if this system was hacked you get the size of the problem we have with how we want to use the network going forward.

      Your suggestion to encode all traffic is the only valid way forward and more and more systems are moving in this direction.

      report
  4. Michael Wyres

    logged in via Twitter

    While it might be fair and reasonable to suggest that the AFP should be doing something about the attacks by Anonymous, it might also be fair and reasonable to remember that the government does have the ultimate plan to track and log enormous amounts of data about our online activities <i>without</i> due legal cause, or warrant.

    Stopping the plan would stop the attacks. I certainly don't contain the actions of Anonymous, but should we really be mitigating the symptom, rather than eliminating the cause?

    report
  5. R_Chirgwin

    logged in via Twitter

    It would be easier to take the ASIO attack seriously if there were some prospect of a compromise to important information. But there wasn't.

    If protesters - peacefully - blockaded the front door of ASIO's offices, there would be tut-tutting and appropriate noises made, but nobody would think "national security secrets at risk!".

    A sense of proportion is important in reporting these events. If trivial "attacks", like stalling a promotional website, are given equal footing with serious attacks (the AAPT data theft), it encourages disproportional solutions - like the now-delayed "log all IP addresses" national security legislation.

    report