Struggle to pin charges on Anonymous member may see Heartbleed pentest criminalized

On March 11, Adam Bennett -- known by most as the radio voice of Anonymous, LoraxLive, who was arrested last year for alleged computer crimes -- will finally learn what he's being charged with.

This had been expected to happen this week. Instead, at the last minute, Australian Commonwealth prosecutors -- for the third time since the case began 10 months ago -- requested another delay to change its lineup of accusations against him.

Maddeningly, the prosecution also indicated it will be dropping its initial charges against Bennett, and adding a slew of new ones.

One charge the prosecution will be keeping is what amounts to criminal charges for a proof-of-concept penetration test of the Heartbleed vulnerability Bennett performed to check his employer's security.

Adam John Bennett was arrested and raided by Australian Federal Police on May 22nd, 2014 for allegedly hacking into AAPT Telecommunications and Indonesian government websites in 2012 as part of actions claimed by hacktivist entity Anonymous.

AAPT confirmed it was breached in July 2012, following claims by an Australian sect of Anonymous that it snatched 40GB of data from the major Australian internet service provider (ISP).

After stripping out personally identifiable information from the data (which included members of the Australian government), Anonymous released the data to raise awareness around expectations of data security: To demonstrate that if an ISP as large and trusted as AAPT can't keep its own data secure, it will be unable to keep Australians' data safe under the proposed laws.

At the time of the incident, Anonymous stated that breaching the ISP's systems was "not a one-man task" and that several people worked on the attack.

Soon to become law, the Australian government's controversial security expansion proposals state that ISPs would be required to store user activity online for a period of two years, including social networking and emails, and that intelligence agencies would be given increased access to sites such as Facebook and Twitter.

The proposal paper was released by the Attorney-General's Department for consideration by Parliament's joint houses Committee on Intelligence and National Security "to protect the nation."

It was announced this week that this globally controversial data retention scheme is currently before Parliament and is expected to pass. Perhaps the Anonymous incident is what inspired the legislators to recently add security requirements for Australian telcos to provide notification in the event of a security breach of its data stores, which will be mandated to be encrypted.

Criminal activity: Linking, Heartbleed pentesting

In its December 2014 court appearance, the prosecution said it still needed more time because the work to complete the report was "quite large" and involved "vast amounts of digital data and telephone intercepts," including 9000 Facebook messages, that still needed to be considered by federal authorities. The judge moved Bennett's hearing date to March 4, 2014.

This week's delay, and Commonwealth's shell-game switchup of charges against Bennett, isn't the first time. The Commonwealth's prosecution has delayed the charging of Mr. Bennett, and its charges against him, three separate times -- and the prosecution appears to have a head Magistrate who's giving them everything they ask for.

Maria-Elena Cheshire (Adam's solicitor) "this is outrageous and a breach of due process" #FreeLorax Magistrate says "these things happen"

-- Gemma (@g_advocat) March 4, 2015

Today in court we were blind sighted and ambushed - prosecution asked for one week adjournment until 11/03/15 to come up with new charges.

-- Gemma (@g_advocat) March 4, 2015

On Friday before the March 4 court date, at the end of business hours Commonwealth prosecutors dumped 20G of its evidence files on Bennett's counsel -- and revealed that the primary charges against Bennett (hacking Indonesian government web servers and the AAPT hack by Anonymous) will most likely be dropped.

It is believed that Bennett was under full investigation since 2010 -- long before the AAPT and Indonesian hacking incidents, the very charges that supported the warrant -- among which included an undercover operative.

One of the charges Bennett's counsel expect to be in the final lineup is "Heartbleed Vulnerability Testing for Cancer Support W.A. 2014." This is in regard to a Heartbleed vulnerability test created by Bennett to test his employer's servers (Cancer Support W.A.) for Heartbleed vulns, which would have put the CRM that Bennett was involved in building for the organization at significant risk.

A source familiar with the matter told ZDNet, "In building the POC, some sample data was used from an EDU as positive results along with some addresses from his bookmarks for test data to run the program. No malicious reasoning was involved to run those tests, and no results were stored."

Upon his arrest, Bennett lost his job as Fundraising Manager at cancer wellness and support organization Cancer Support W.A.. He's currently out under bail conditions that he only use the internet for banking, employment or legal advice. In his spare time, Bennett volunteers as Life-Saving Director for Scarboro Surf Lifesaving Club and a dedicated lifesaver, having successfully completed the first lifesaving rescue of 2015 this January.

A number of people go by "Lorax" online, but Bennett as LoraxLive didn't attempt to hide his work or social media presence. His popular weekly online radio show LoraxLive covered topics around privacy, human rights, peaceful activism, hacking, surveillance, legal issues around the globe, and strove to feature underrepresented voices from all walks of life.

The extensive LoraxLive show list includes Barrett Brown and Alexa O'Brien covering the Manning trial, Christine Assange (mother of Wikileaks' Julian Assange), lawyers Jay Leiderman and Jesselyn Radack, the EFF's Jillian York and Parker Higgins, writers like Dr. Jack Heinemann and myself (disclosure: I was on the show a few times), Jeremy Hammond's "second mum" Sue Crabtree, whistleblowers including Thomas Drake and ex-CIA operative Karen Hudes, and many more.

Show producer Pamela Drew, who works closely with Lorax on the LoraxLive show, tells ZDNet that advocates for his release are expressing support and information using the #FreeLorax hashtag.

Drew informed ZDNet that the majority of LoraxLive shows are held by Australian Federal Police and have not been placed in the public domain, and the show has been off the air since Bennett's arrest. Those not held by police are here, and there are two LoraxLive Archives at Archive.org (Archive 1, Archive 2).

Drew explained, "The Anonymous radio host of Lorax Live has been blocked from producing new shows with charges of hacking leveled against him. Lorax is a life-long supporter of human rights and a passionate believer in open information who has given generously of his time and talents to help educate others."

She added,

The Lorax Live show he hosts was inspired by Nelson Mandela's Radio Freedom, which broadcast in defiance of South Africa's apartheid policy and carried a jail sentence of 8 years for anyone who dared to listen.

With well over 100 interviews done by Lorax, he was well aware that he was a growing target for a corrupt covert empire and like many of his guests, has always been willing to pay a high personal price for speaking truth to power and fighting for a more just world and peaceful future.