Why is Anonymous hacking Australia?

7

This article is by Mark Gregory, a senior lecturer in Electrical and Computer Engineering at RMIT University. It was first published on The Conversation and is re-published here with permission.

analysis A few days ago, Anonymous activists hacked into AAPT, stole 40GB of data including customer information and forced offline ten Australian government websites. Anonymous members stated in an online internet relay chat (IRQ) interview with the ABC that the hacking attacks were part of an ongoing campaign against the government’s proposed changes to privacy laws.

Privacy changes
One of the proposed changes being discussed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in an inquiry into potential reforms of national security legislation is a requirement for internet service providers (ISPs) to store user online activity for two years. This means that everything you do, from social networking, emails, web browsing, chat sessions, Skype sessions and so on would be monitored, stored and made available to government intelligence agencies as and when needed.

Last week, it was reported on the website Slashdot that Microsoft had made Skype easier to monitor. Lauren Weinstein, co-founder of People for Internet Responsibility, a privacy advocacy group, was quoted in The Washington Post as saying: “The issue is, to what extent are our communications being purpose-built to make surveillance easy? When you make it easy to do, law enforcement is going to want to use it more and more. If you build it, they will come.”

During the ABC IRQ interview, Anonymous representatives made the following statement against increased government surveillance of the online world: “Whilst our own rights to privacy dwindle, corporate rights to commercial confidentiality and intellectual property skyrocket. Whilst we no longer know about many of the activities of our governments, our governments have the means to accumulate unprecedented vast banks of data about us […] The attacks are a way to draw attention to the msg we wish to deliver to the ppl of au.”

The hacking attacks by Anonymous on government websites and AAPT were designed to highlight to the Australian public the difficulty of keeping stored data private. By carrying out hacking attacks and then making public pronouncements Anonymous hopes to convince Australians not to support changes to the current privacy laws.

Data retention policies vary around the world. The European Union has had a data retention directive since 2006 that specifies types of data that are to be retained for periods of between six months and two years. In recent weeks, the United Kingdom government has begun debating a draft Communications Data Bill that includes compulsory data retention for a wide range of information, such as websites visited, for a period of one year.

Spy games
So why are governments around the world increasing internet surveillance? Four reasons spring to mind:

1. Terrorism. The threat of terrorists using the internet to plan, support and carry out terrorist acts has prompted the Attorney-General’s Department to discuss the need to increase the powers of organisations such as the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS) and the Defence Signals Directorate (DSD).

2. Cyber warfare. On July 19, in the first public address by a head of ASIS, Nick Warner, identified cyber warfare as a major threat: The field of cyber operations is one of the most rapidly evolving and potentially serious threats to our national security in the coming decade. Government departments and agencies, together with corporate Australia, have been subject to concerted efforts by external actors seeking to infiltrate sensitive computer networks. Developments in cyber are a two-edged sword for an agency like ASIS. They offer new ways of collecting information, but the digital fingerprints and footprints which we all now leave behind complicate the task of operating covertly.

3. Cybercrime. Criminals use the internet for their everyday activities much as any modern business does. In 2011 Symantec, a provider of internet security software, estimated the cost of cybercrime to Australians had reached about A$4.6 billion annually.

4. Hacking. Copyright and intellectual property theft over the internet has become endemic. Much of the hacking remains unreported and business has become decidedly worried about the effects of competitors gaining access to intellectual property.

Control
Governments around the world are slowly regulating the internet. Failure to do so will come at an unbearable cost to the nation, business and to individuals. There is nothing Anonymous can do to stop this inevitable process – so why can’t they get on board? The group could highlight weaknesses in the internet, websites and business systems so that appropriate action can be taken.

To put it simply, there’s no need for Anonymous to steal data from a company and then post this data on a public website. This action is counterproductive and strengthens the government’s argument for greater regulation.

But the point Anonymous is trying to make, that Australian companies and the government cannot be trusted to securely implement a data retention scheme, is probably very true. In the past two years, many large Australian companies have been hacked and customer information stolen including credit card details. The penalties to companies for a data breach are minor and therefore very little effort is expended by business to adequately protect customer information.

Governments around the world are stumbling forward with data retention policies without adequate plans for how the data is to be secured, how the data retention process is to be audited and by whom, and what the penalties will be for failure to ensure the data remains secure. We are in a new phase online where the blind are leading the blind, trying to find a path towards a more secure and regulated internet that enshrines our right to privacy.

Further Reading:

Mark Gregory does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published at The Conversation. Read the original article. Image credit: Luciano Castillo, Creative Commons

The Conversation

7 COMMENTS

  1. well, Governments might have to regulate the net, but they’re also going to have to foster new ways of thinking about their own activities, and new ways to handle the breakdown between public and private speech. And new ways of thinking about ownership of ideas too.

  2. As much as I hate the idea of governments and their spy agencies sticking their nose in everyone’s business and hanging on to info obtained, I must admit that all of the four reasons given in the article above are, in fact, relevant. It is a truth that a lot of people are not freedom loving, forthright, honest, decent people; many are psychopathic, evil-minded, hostile, angry, stirrers who delight in causing harm.

    If I may use the roads as a comparison, the roads must be regulated to give both safety and equity to all users, or else the bullies will dominate the rest, and there would be much less safety.

    However, a further road comparison can be made when governments over-legislate to raise revenue, as the change (in past days) from the police having to prove dangerous driving or following for a quarter mile to establish speed over the posted limit, to the present situation of a fraction of a radar-second for being a very few k over an artificially low limit.

    Likewise governments like the taste of power, especially the permanent officials, and an aspect of human nature is that exploitation is always done if people can get away with it without consequences; it’s only fear that causes people to exercise restraint of immoral conduct. Governments will misuse collected data if they can do so without penalty, so very strong safeguards and firewalls must be developed concurrently with any increase in surveillance and data retention. I don’t expect this to happen; power without responsibility is the human dream.

    • Terrorists, Cyber Warriors (god that sound bad), hackers (real hackers, not the ones that participate in DDOS attacks) all know how to cover their tracks and none of the proposed laws will help a single bit.

      Only your traditional criminal idiot is going to be even slightly inconvenienced by this law, and even they are more likely to get caught without the aid of the logs they are planning to keep on everyone.

      The *real* target of these laws; is file sharers. I for one am glad we are allowing ourselves to be monitored 24/7 for the sake of the american copyright industry.

  3. Those four reasons you state are the excuses. The real reason, as always, is control.

    Terrorism? Ooh, let’s have a “war on terror”. Be “alert, not alarmed”. Focus the mind, pass some restrictive laws.

    Cyber warfare? Lock down your systems guys – why not actually prosecute people and companies who lose sensitive data, rather than persecute the individuals whose data is being “lost”?

    Cyber crime? Same again. And don’t forget that with more data being stored about internet users there’s more to steal.

    Hacking? I don’t even get why this is a separate item, but again – prosecute the owners and creators of hackable systems.

    Governments are regulating the internet because they don’t like anything they don’t control. It doesn’t matter whether they’re “democratic” or not – if you control the message you win the election.

    I saw someone on another forum say “I’ve got nothing to hide because I’ve done nothing wrong”. Of course, they don’t realise (for instance) that they happened to park across the street from a house that later got bombed two years ago, and last week had a job interview where the interviewer is a suspected terrorist. Putting those two entirely innocent things together could lead to some lengthy explaining – while distracting law enforcement agencies from actually enforcing existing laws.

    More data does not = more crime-solving. It most definitely does = more misuse of data. So the good points of collecting this stuff and holding it for two years “just in case”? Absolutely none for anyone the data relates to.

Comments are closed.