Anonymous' ISP dump won't kill data retention
It may well be that members of Anonymous have 40GB of AAPT data that they're ready to release at any moment now, but will the action actually achieve anything?
Over the last few days, we've seen the defacement of some minor Queensland Government websites using a vulnerability in Adobe's ColdFusion, and the dumping of files from those sites' web servers. A group of hackers, claiming to be from Anonymous, took responsibility for the attacks and said that it's part of Operation Australia — a protest against the Federal Government's data retention proposals.
ZDNet first broke the news back in 2010 that the government had been talking to ISPs about keeping information of their customers' communications.
Earlier this month, the government began an inquiry that asked for comments on a scheme which would see ISPs keeping communications information on every Australian for a period of two years, in case it was needed for law enforcement.
This is a big step that has landed the Federal Government a lot of criticism, for example, from Greens communications spokesperson Senator Scott Ludlam. Even Attoney-General Nicola Roxon doesn't seem sold on the proposal.
Yet, it doesn't seem that this kind of open debate is enough for Anonymous. The group wanted to do something more flashy.
Multiple news sites have talked to the hackers, who are claiming that they have infiltrated a major ISP (thought to be AAPT, which has admitted that it has been hacked via its provider Melbourne IT) and have stolen 40GB of customer data, which they are ready to dump. We've talked to some of them too, and have heard the same things. The group didn't release the data last night, as was anticipated, saying that it's taking them longer to strip personal data than expected, but ISPs seem to be taking the threat seriously.
The hackers are trying to make the point that they can get into ISPs' records and steal anything stored there, which would mean that if the government kept a whole lot of information about the communications of every Australian, that information would be at risk.
We've known for a long time that if data retention was put into place, the retained data would be at a high risk of being stolen. The ISPs have also publicly said so. After all, isn't a big safe with lots of gold a tempting target? So I don't think that Anonymous is raising anything new here.
The discussions are also at a very early stage. At this point, the idea is just a proposal, not law. Now is the time for measured discussion, not unconsidered acts.
Because it's acts like this that will make the Australian Federal Police, who wants the data to be able to do their job, even more certain that they need to track us all. And politicians can't look like they're backing down in the face of what some might consider to be cyberterrorism, making it more likely that the proposal goes through.
So, although I applaud the concept of illustrating that large dumps of data are tempting targets and easy to break into — and I even applaud the care that the group seems to be taking in not releasing personal data — I don't think that the tactics are appropriate at this stage of the debate, or even, perhaps, at all.