The problem with Anonymous is that it’s like a bloke with a hammer forever wandering around looking for nails. Last week’s hack of telco AAPT is a case in point.
Over the weekend persons unknown working under the Anonymous brand made good their promise to publish data they’d lifted from AAPT. The first batch — just part of some 40 gigabytes they claim to have obtained — appears to include a database of AAPT’s business customers, including staff contacts and the amount they spend.
AAPT’s response so far has been the usual PR hose-down, but they should be more than a bit embarrassed. Why was this internal business data on a server over at Melbourne IT?
Melbourne IT should be even more embarrassed. Anonymous’ point of entry seems to have been out-of-date software. That’s a beginner-level mistake. Anonymous’ job was easy.
Considered politically rather than technically, Anonymous’ actions are also a beginner-level mistake. This hack was part of Operation Australia, a campaign against what these members see as the deeply troubling “data retention” proposal being floated as part of the inquiry into potential reforms of National Security Legislation. Internet service providers would be required to keep logs of their customers’ internet use for two years for potential use by law enforcement.
Anonymous intended to illustrate that data retention would require ISPs to keep this vast honeypot of personal information secure, an impossible task. Well, they illustrated that this particular ISP could be hacked in this particular way.
Any repository for data retention would be purpose-built. The need to keep potential criminal evidence comparmentalised and under a proper chain of custody would see to that. But still, it’s an exceedingly difficult and expensive job. ISPs don’t want this burden, and they’ve already communicated this message to the government in less public forums.
It’s a little early for protest action. Data retention is only a proposal, albeit one with support from law enforcement agencies. Comments don’t even close until August 20.
All Anonymous has done is remind the world the internet is riddled with unknown criminals who must be stopped, creating more support for the very laws they want to stop.
There’s often a certain cluelessness about Anonymous’ actions. It’s inevitable. Anyone can do anything and claim they’re acting in the name of Anonymous, even the politically naive. Or even someone with completely different motives, such as an intelligence agency doing a bit of disinformation.
Operation Australia, for example, included a hack on some of Queensland government servers, and much was made of a database file named “dsdweb-tracking.mdb” that supposedly “gives us some insights on how the Australian government was monitoring its citizens activity”.
But given there’s a database field called “MemberID”, given that it’s Queensland, and given certain other details of the data after a brief look, my money is on “dsd” standing not for Defence Signals Directorate but Queensland’s Department of State Development, and this database being an ordinary web application log.
What does that have to do with ISP data retention? Nothing.
Israeli information security researcher Tal Be’ery, who’s been tracking online hacktivism — running counter-surveillance, if you like — has noted that hacktivists often select targets of opportunity.
“Most of the time there is a topic, something that the group wants to protect against … It seems like their is a bank of possible targets related to that cause, and really they are going against the easiest targets maybe because in hacktivism it’s all about the PR impact and it doesn’t matter to the press whether a really significant site was taken down and DDoSed or whatever,” he said.
The object of protest here was “the government”, so they attack whatever vulnerable government sites they could find. Commonwealth, Queensland, it’s all the same. AAPT was hit because anything ISP-related would have done the job.
“Sometimes, you know, it’s even more opportunistic than that. Sometimes you find the target first and then come up with the cause, or adjust the cause to be relevant,” Be’ery said.
Anonymous’ work has always been scattergun, but my gut feeling is that it’ll get worse as they lose significant parts of the core of cluefulness they had. There’s been FBI infiltration and arrests, and doubtless there’s more to come.
“The AnonOps [chat] server, for instance, is not what it was like a year ago, more than a year ago. It’s very different now in terms of who’s there, what they’re doing, if they care. It’s simply the nature of the beast. When you have a crowdsourced operation, just like a democracy, it’s only going to be as good as its participants.”
And then there’s the problem that a hacking group, however constituted, just wants to do hacking. The hammer of hacking isn’t always the best tactic.