Anonymous' ISP dump won't kill data retention

Anonymous' ISP dump won't kill data retention

Summary: Is stealing 40GB data from a major company like AAPT, and then threatening to release it, the right way to change government policy?

SHARE:

It may well be that members of Anonymous have 40GB of AAPT data that they're ready to release at any moment now, but will the action actually achieve anything?

Over the last few days, we've seen the defacement of some minor Queensland Government websites using a vulnerability in Adobe's ColdFusion, and the dumping of files from those sites' web servers. A group of hackers, claiming to be from Anonymous, took responsibility for the attacks and said that it's part of Operation Australia — a protest against the Federal Government's data retention proposals.

ZDNet first broke the news back in 2010 that the government had been talking to ISPs about keeping information of their customers' communications.

Earlier this month, the government began an inquiry that asked for comments on a scheme which would see ISPs keeping communications information on every Australian for a period of two years, in case it was needed for law enforcement.

This is a big step that has landed the Federal Government a lot of criticism, for example, from Greens communications spokesperson Senator Scott Ludlam. Even Attoney-General Nicola Roxon doesn't seem sold on the proposal.

Yet, it doesn't seem that this kind of open debate is enough for Anonymous. The group wanted to do something more flashy.

Multiple news sites have talked to the hackers, who are claiming that they have infiltrated a major ISP (thought to be AAPT, which has admitted that it has been hacked via its provider Melbourne IT) and have stolen 40GB of customer data, which they are ready to dump. We've talked to some of them too, and have heard the same things. The group didn't release the data last night, as was anticipated, saying that it's taking them longer to strip personal data than expected, but ISPs seem to be taking the threat seriously.

The hackers are trying to make the point that they can get into ISPs' records and steal anything stored there, which would mean that if the government kept a whole lot of information about the communications of every Australian, that information would be at risk.

We've known for a long time that if data retention was put into place, the retained data would be at a high risk of being stolen. The ISPs have also publicly said so. After all, isn't a big safe with lots of gold a tempting target? So I don't think that Anonymous is raising anything new here.

The discussions are also at a very early stage. At this point, the idea is just a proposal, not law. Now is the time for measured discussion, not unconsidered acts.

Because it's acts like this that will make the Australian Federal Police, who wants the data to be able to do their job, even more certain that they need to track us all. And politicians can't look like they're backing down in the face of what some might consider to be cyberterrorism, making it more likely that the proposal goes through.

So, although I applaud the concept of illustrating that large dumps of data are tempting targets and easy to break into — and I even applaud the care that the group seems to be taking in not releasing personal data — I don't think that the tactics are appropriate at this stage of the debate, or even, perhaps, at all.

Topics: Government, Government AU, Security

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Anonymous must be grateful

    Anonymous must be grateful that data retention is done openly and publicly and whoever is caught with its help is due to be taken to court. There are plenty of alternatives on this planet...
    gak@...
  • Personally...

    I'm getting more than a little tired of these self proclaimed arrogant gods deciding what of someone else's information they're going to release allegedly for the good of us all. On the hack of the US Sentencing Commission (or whatever) for government sentencing reform I agree, change the guidelines to include much heavier sentences for aholes that think because they can break into someone else' property with impunity that that makes them super humans.

    Doing some reading of late on the US Military taking a stronger proactive posture in attacking the attackers in China and elsewhere this would be a good place to test the abilities they have no doubt spent billions of our tax dollars on and track these 'untraceable' Anonymous clowns and others, arrest them, give them a trial, give them about 25 years irregardless of the severity of the damage to be served in their own country of origin and give the CIA some practice with their water boarding skills to flush out and prosecute the rest. And if our own US Government doesn't get with it protecting our electronic boarders rather than gathering endless information on its citizens it should be made a campaign issue and throw someone like Senator Frankin out for wasting time to get more camera time at hearings where he beats up on companies doing more good than not.
    Whatever happening to protecting our borders?
    business@...