Anonymous #op_Australia, data breach and reflections on utopian privacy

This time target of attacks of the Anonymous group is the Australian government,  at least 10  websites were taken down to protest proposed changes to privacy laws.

The government want to force national ISP to spy on users make available their information to law enforcement and security agencies.

The Anonymous Australia collective in a mail to website news.com.au declared:

“The Australian Government is attempting to strip away its citizens’ internet rights by forcing them to surrender passwords and internet usage data.

“Unless the Government starts acting in the best interest of its people, [Anonymous] will continue to bring the noise.”

“We no longer know about many of the activities of our governments while our governments have the means to accumulate unprecedented vast banks of data about us.

“Whilst our own rights to privacy dwindle, corporate rights to commercial confidentiality and intellectual property skyrocket.”

The Aussie branch  of the group has announced that the attacks will continue up to the bitter end to a rethinking of the competent authorities, the on line protest has been also accompanied by demonstrations in which masquerade supporters of the group protested against the law.

The changes proposed to privacy law open the door to a massive surveillance of user’s profile on social networks and also to the monitoring of private email, all the collected data being stored for up to two years.

In a first time the Queensland Premier’s office confirmed that attackers had hacked a range of government websites.

AAPT , Australia’s third largest land line telecommunications company,  has admitted that it has been hacked by Anonymous that has penetrated its network stolen 40GB of data (600k+” of customer data) from the internet service provider (ISP).

Despite the confirmation of the breach by AATP CEO Davis Yuile, Anonymous hasn’t yet released the data stolen during an unauthorized access to AAPT’s business customer data stored in the servers of Melbourne IT.

Representatives of Anonymous announced the leak of stolen data on next Sunday noting that they will disclose personal data.

The company has quickly replied to the event starting an investigation to discover how the hackers gained access and shutting down the compromised servers.

On the first results of investigations Yuile declared:

“Preliminary findings suggest it was two files that were compromised, and the data is historic, with limited personal customer information. Further, the servers on which the files were stored have not been used or connected to AAPT for at least 12 months,”

“AAPT is extremely concerned about this incident, and is treating this matter with the utmost seriousness. AAPT will be contacting any impacted customers as soon as possible.”

According ZDNet removing personal data from leaked data it’s dimension will be reduced from 40GB to around 35GB.

The intent of the group is to demonstrate that also the major ISPs of the country is unable to keep its own data secure, it would be unable to keep user’s information secure.

The group of Anonymous is condemning the changes to privacy law proposed by governments demonstrating the inability of private companies to respond to the responsibilities assigned by new regulations.

According ZDNet Australia Anonymous group is planning a new operations against members of parliament, the hypothesis is based on the discovery of a document containing detailed info on the private life of politicians.

The group is also considering making its own submission to the Parliamentary Joint Committee on Intelligence and Security over the committee’s inquiry into a potential reform of Australia’s national security legislation, which contains the data-retention proposal. Anonymous will have up to 20 August to make a submission.

Events like this deserve some careful thought:

• Given that such attacks are illegal and can cause serious damage to private companies, I want to say a few words on legislation like that in question. We live in the digital age in which one of the biggest threats is the continued and repeated violations of privacy. Attempts to regulate privacy motivated by a reasonable  and growing need for security pose an obstacle to the concept on which it bases the net, freedom of expression and aggregation without other influences. Government interference can be detrimental towards the dynamics of a network created to be free.
• Another consideration is right on the result of the attack. In a scenario where you accept the monitoring of communications, companies involved have repeatedly demonstrated the inability to safely handle the information with dire consequences. These regulations are likely to foster the development of pseudo-government interception centers still too  vulnerable to hacker attacks. Of particular concern is the vulnerability of these providers to cyber espionage attacks by foreign governments, the truth is that similar regulations are ineligible, they are not able  to fulfill the function of data keeper.
• Last thought … While understanding the intent of Anonymous, please note that fact for years ISPs, telephone companies and governmental organizations (sometimes the same operators of social networks) daily collect information to pass to the security agencies.

Then why we wonder?

Why do we believe that by making an attack Anonymous can change the normal course of events?

The truth is that should be searched for alternative models of communication completely out of control, but this of course would open in safe security issues.

The question we must ask ourselves is:

In the compromise “network freedom” / “homeland security” how much do we lean to one or the other option?

Are we ready to sacrifice’s privacy in the name of national security?

Pierluigi Paganini