Anonymous DDoS charges too weak: AFP

Anonymous DDoS charges too weak: AFP

Summary: Reticent judges and slow legal frameworks are passing out soft and unbalanced charges to online criminals including members of the Anonymous collective, a move that is frustrating the Australian Federal Police.


Reticent judges and slow legal frameworks are passing out soft and unbalanced charges to online criminals including members of the Anonymous collective, a move that is frustrating the Australian Federal Police (AFP).

Anonymous arrest

(Credit: Darren Pauli/ZDNet Australia)

Australian members of Anonymous — a loose online activist collective responsible for a string of devastating cracking and denial-of-service attacks — were caught last year after they helped bring down the Prime Minister's website under Operation Titstorm.

The operation was a response to the Federal Government's mandatory internet content filtering plan which the collective fiercely opposes.

The AFP launched an operation called Whisk to look into the online attacks and netted two Anonymous participants using intelligence from the Defence Department's Cyber Security Operations Centre.

Both men, Melbourne resident Steve Slayo and Newcastle resident Matthew Gordon George, faced 10 years imprisonment for "causing unauthorised impairment of electronic communication to or from a Commonwealth computer" but received a good behaviour order and a $550 fine with a recorded conviction respectively.

Those penalties are not enough, according to one AFP officer involved with the case.

"Judges are not willing to hand out tough sentences," AFP High Tech Collection and Capability manager Grant Edwards said. "They don't understand the threat."

Catching Anonymous members is not the problem because Internet Protocol addresses can be traced, Edwards said, but rather the lack of understanding of the severity of the crime.

"It is difficult to create laws against cybercrime," Edwards said, citing problems of tracking perpetrators overseas.

"Unless we understand the impact, we can't create the laws. The issue is also the speed to create these laws," he added.

The AFP's High Tech Crime Investigations unit is charged with investigating and prosecuting individuals for attacks against Australia's critical infrastructure and information systems. It works in collaboration with the Cyber Security Operations Centre and the newly fledged CERT Australia.

Judges are also handing weak and unbalanced sentences to paedophiles charged with holding online child pornography, Edwards said.

To illustrate the problem, Edwards said one paedophile charged with holding 200,000 child pornography was sentenced to 14 months in jail, while another caught with 100,000 images was sentenced to four years.

The AFP said in a statement that "activities such as hacking, creating or propagating malicious viruses or participating in DDoS attacks are not harmless fun [and] can result in serious long-term consequences for individuals, such as criminal convictions or jail time".

Topics: Security, Government AU

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is where the law, as well as organisations like CERT Australia, should band together and compile lists of cybercrime and agree on a degree of severity or impact based on what the crime is.

    For example, defacing a website home page. This can range from replacing business images, logos or even chunks of text, to changing scripts, website redirection and installing malware on visiting systems. It is easy enough to agree that changing the face of a site (pasting "YOU SUCK!!!" over their corporate logo, for example) is minor compared to changing back-end processes (redirecting visitors to an illicit website).

    And it goes on. There should be a lower and upper limit to what punishments these guys should receive, as based on the crimes they commit. Defacing a website would be minor, so perhaps a 3 month sentence per offence, up to 2 years, ranging up to identity theft, hacking (or more to the point, data theft or corruption), and child pornography (which I feel should be listed as a major crime) which should see sentences of 3 years (data theft, hacking) to 15 years (child pornography) per offence, up to 30-60 years.

    This is a rough guess, I will admit. And I will admit some leniency on my behalf towards hackers (If they were properly guided, their titles would instead be "Network Security Professionals"). But something to think about.
  • Play with fire and you get burned. If the government wants to treat us like children, we'll retaliate - with "illegal" methods if need be (let's face it, "legal" methods simply aren't getting anywhere).
  • Understand the threat? Of two people who probably downloaded a tool someone else wrote and ran it from their own Ip? Doesn't sound like much of a threat to me....
  • The hacking sentences sound about right. No one was harmed. It should have the same sentencing as Graffiti artists or less. Graffiti is a lot harder to clean up. Fixing a defaced website would take a minute to fix. DDos is an irritant.
  • The AFP aren't supposed to be creating laws, just enforcing the ones we have. Commenting on the judiciary isn't really their scope, either.
  • Interesting article. Cyber crimes are not looked at seriously by our courts. The AFP waste the tax payers money bringing the criminals to justice as nothing results out of the cases as 99% of them are not 'money or extortion related'.

    Trust me I know...