By Mark A Gregory, RMIT University
About 10am this morning, Anonymous used Twitter to announce an attack on the Australian Security Intelligence Organisation (ASIO) website. Anonymous claimed the ASIO website would be unavailable for the rest of the day.
The ASIO website was down for about 30 minutes after the attack and is now operating slowly or not at all. It appears the attack may be ongoing, but ASIO’s technical staff are recovering the situation.
Anonymous has been claiming attacks would occur on ASIO and on the Defence Signals Directorate (DSD) website via the Anonymous Operation Australia Twitter account.
The Anonymous attacks are part of an ongoing campaign against the government proposal to introduce a data retention scheme that would require carriers and ISPs to store the web history of every Australian for one to two years.
Anonymous has been using distributed denial of service (DDoS) attacks for some time now as part of this campaign. Late last month Anonymous used DDoS or website defacing attacks on ten goverment websites.
The question that every Australian should be asking the government and the Australian Federal Police (AFP) is what are they doing about the Anonymous attacks?
Anonymous has now launched attacks on a range of government websites, broken into an AAPT server and stolen customer data which was recently partially released on the web.
When is the AFP going to declare the Anonymous attacks a major crime and dedicate resources to finding the perpetrators? Can the AFP stop the Anonymous attacks?
The answer is “no” if today’s events are any indicator. What makes the situation even worse is that Anonymous gave the AFP and ASIO plenty of warning – yet the attack succeeded.
Is Anonymous correct in its assertion the government proposal to implement a two-year data retention scheme will put all Australians at risk of far worse outcomes than the current Anonymous campaign?
It is time for the AFP to demonstrate to all Australian’s that their internet history can be protected by government authorities.
What hope have the companies that would be forced to implement the data retention scheme got of combating internet criminals if the government and AFP are powerless to stop Anonymous?
A good way for the AFP to demonstrate their capability to stop internet crime would be to identify and arrest the members of Anonymous who are participating in Operation Australia.
Another possible approach similar, to that employed by US authorities, would be for the AFP to offer the Anonymous members jobs?
Electronic Frontiers Australia (EFA) stated on July 13 that:
EFA is deeply concerned about the proposed changes to National Security legislation foreshadowed in the discussion paper issued this week by the Attorney-General’s Department.
These proposed changes, if implemented in their entirety, would appear to amount to a massive expansion of surveillance activity across the entire community, accompanied by a corresponding reduction in accountability for that surveillance activity, and are therefore a potentially significant threat to the civil liberties and privacy of all Australians.
In the USA earlier this month a bill that would establish security standards to prevent cyberattacks on the US critical infrastructure failed to pass the Senate. Clearly, the US government is struggling to regulate the internet and to protect their vital infrastructure.
Key reasons for the failure of the US bill were the financial burden that would be placed on private companies, a view that government intervention was not necessary, and the provision for sharing cyberthreat data between government and industry. The data retention and sharing worried many people about potential privacy and security breaches.
A recommended first step for the Australian government is to invest in research that would enhanced privacy and security and provide real outcomes that can be implemented here.
For me a litmus test of the government’s intentions is whether or not it will mandate the use of Secure Socket Layer (SSL) certificates for email. In my view SSL should be mandatory from the customer’s device to the Simple Mail Transfer Protocol (SMTP) server and between SMTP servers. This simple step would greatly improve privacy and security.
The internet is a critical piece of infrastructure that is being used in ways beyond its original design. Authorities should not try to use the internet in ways that will jeopardise the security and privacy of Australians.
They should be able to provide people with a guarantee their security and privacy will be protected.
Further reading
- Why is Anonymous hacking Australia?
- Anonymous, child porn and the wild, wild web
- The internet is insecure - let’s build a better one, fast
Mark A Gregory does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.
This article was originally published at The Conversation. Read the original article.