AFP: offensive change needed to catch hackers

AFP: offensive change needed to catch hackers

Summary: The AFP wants to take more offensive action against hackers, but will be unable to do so without data-retention laws in place.

SHARE:

Australian Federal Police (AFP) assistant commissioner Neil Gaughan has had investigation after investigation met with frustration, and now, he says, it's time to go on the offensive.

Speaking at the Association and Communications Events Cyber Security Summit 2012 in Sydney this morning, Gaughan said that the AFP won't be able to prosecute its way out of the cybersecurity problem. He expressed his frustrations with the traditional mode of catching criminals.

"We live in a world where the global nature of technology enables criminals to exploit a truly transnational environment. High-tech crime offences have been evolving against a relatively static legal framework and, although work is at hand is to address the current legal framework we're operating in, I strongly argue that reform in this area is way too slow," he said.

Even cases that would be simple to remediate locally if they had taken place offline are taking years, due to cross-jurisdictional restraints.

"We've been investigating a cyber intrusion into a small to medium enterprise [and] it's taken us three years. We're still a fair way away from resolution, based primarily on the fact that the offenders are located in another jurisdiction, and for us to exchange information is a slow and dangerous process."

Gaughan said that the AFP is having some success in its investigations, but that there needs to be a fundamental shift in how law enforcement deals with cybercrime.

"Disruption needs to be more of a focus. We still need to investigate and lock the odd person up, but I think most ... would rather a process whereby law enforcement came in, obtained the relevant intelligence, took down overtly or otherwise the offending server to enterprise and then moved on."

Gaughan pointed to Microsoft's high-profile actions against the owners of various botnets as an example of the disruptive course of action that the AFP needs to learn from.

"I'm not saying that law enforcement want to go down the aggressive path that Microsoft did, but I think there's some lessons to be learned there about how they did that particular activity."

One area that Gaughan touched on was the debate over whether organisations should take matters into their own hands, and strike back if the attacker is known.

"The chances of you being prosecuted in eastern Europe for taking [offensive actions] are pretty negligible, but I'd be seeking some legal advice before I hit send. There's some argument that the only type of defence is offence, so you've got to strike early, perhaps."

One of the most useful actions that the government can take to help the AFP would be to provide access to information via a data-retention scheme in order to build investigations, as is currently being proposed. Gaughan said that without it, the AFP's ability to track online criminals is severely hampered. He also said that the debate on the matter has been skewed.

"Without data-retention laws, law enforcement cannot work out criminal associations. My team won't have a starting point about who downloaded child [abuse material] and the NSW Police won't know who the last contact of a person who ended up in George Street was, because the telcos won't be required to keep that information.

"There'll be an inability for police, in some circumstances, to respond to life-threatening situations and certainly very limited opportunity to conduct organised crime investigations. If we can't obtain the relevant information to assist us in our investigations, we can't even move down the disruption phase. That's why in my view, data retention is a must."

Gaughan also clarified that the proposed laws would cover "metadata" only; the "records of a telephone call, or internet protocol information ... totally separate to the contents of the communication".

Under the proposed scheme, Gaughan said that law enforcement would have a better idea of "who called who, when and on what number [and] who was using that particular IP address when it downloaded known child-abuse material ... or used a [specific] Facebook account to bring the child for sex or promote terrorist activity".

AAPT and Anonymous

Gaughan also took time out to address Anonymous' recent attacks on Melbourne IT and AAPT, which both occurred in response to the proposed data-retention laws. He stated that there are numerous ways of getting a point across without breaking the law.

"You can post on blogs, you can actually comment on news sites and you can also actually follow normal processes: put a submission into a parliamentary enquiry or something like that, if you feel so hard about a particular activity," he said.

Gaughan also addressed claims by Anonymous that their access to AAPT's data is the same as law enforcement having the data.

"Law enforcement has significant governance around what we do with people's information. We are governed by the [Australian] Privacy Principles. The question I ask is who governs Anonymous? What are they doing with the information that they have stolen from Melbourne IT?"

He also pointed out that the theft of AAPT's data had little to do with the proposed data-retention scheme.

"AAPT, regardless of whether there's data-retention laws or not, will still need to keep that data, because they still need to bill their clients."

Topics: Security, Government, Government AU

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Frustration and Offensive Behaviour

    I am sure Officer Gaughan has all the best intentions, in planning to use all the information about everyone for only the most scrupulously upright purposes. Unfortunately the track record of agencies in this regard is less than spectacular. Take the US NSA for example:

    https://www.eff.org/deeplinks/2012/07/why-nsa-cant-be-trusted-run-us-cybersecurity-programs

    These examples in a country with constitutional safeguards supposedly preventing such actions. We have no similar safeguards. The theory of retaining everyones data for access just in case some of us transgress, and that such data should be held by private companies, is extraordinary. Even the Stasi held their own files. But our folks want bastions of security like Thodeys Telstra to hold them. Or Exetel. Or Optus, and I can't seem to recall who owns Optus, now, let me think...
    btone-c5d11
  • Beating the Hairy Chest

    I think most Govt Bureaucrats mean well, however they are much misinformed, and poorly advised. I am really fed up with this chest beating of Politicians and now senior Bureaucrats, who I thought were a bit smarter, or at least get intelligent briefs on the subject, on the reduction of civil liberties all in the name of Terrorism.

    To think that keeping Telecommunication data will actually lead to the apprehension and reduction of serious cyber crime. I'm sorry that will not happen, all it will achieve is the chastising of 10 year old's and people with an IQ less than 90.


    Assistant commissioner Neil Gaughan should go back to his people and get a real impartial report, else he will just seem to be another Jim Hanson in charge of a group of muppets.
    EvoMan
  • Derp

    Investigators do not need to retain terabytes of data to "stop hackers". All organisations need to take security far more seriously than they do today to "stop hackers".

    "Catching hackers" is all well and good, but the damage is already done the moment they release the data they have stolen, when they place it online, where it will live forever.
    mwyres