This article was published on July 26, 2012

Anonymous hacks Australian ISP AAPT to demonstrate data retention problems


Anonymous hacks Australian ISP AAPT to demonstrate data retention problems

Australian ISP AAPT has been hacked in an effort to demonstrate the problems with proposed laws that would require telecommunications companies to store user data for two years. The file accessed by the intruder was a 40GB database containing user information.

SC Magazine says that a hacker contacted them to take responsibility, claiming to be a part of Anonymous.

They claimed the hack was not malicious in nature, but intended to demonstrate the real problems involved with storing so much information about users. Though the privacy problem is somewhat irrelevant to the security of ISP servers, it is an issue that plays a part.

The hacker said they would not release the personal information of any user in the database, but they were preparing to put out an edited sample file as proof.

That may not be entirely necessary. CEO David Yuile confirmed the breach in a statement to the Sydney Morning Herald, deputy technology editor Ben Grubb writes.

“Preliminary findings suggest it was two files that were compromised and the data is historic, with limited personal customer information,” said Yuile.

Australians have relatively free and private access to the Internet compared with some other countries. In particular, the Australian High Court ruled that ISPs will not be liable for policing user piracy or penalizing them at Hollywood’s request.

Despite that win, Australia has been plagued by a federal Labor government that seems incapable of grasping the issues involved with the Internet and cybersecurity and, instead of figuring out effective measures for combating cybercrime, has resorted to several policies that countries such as the US have generally labeled ineffective and intrusive.

In 2011, the Attorney-General’s office under Robert McClelland announced its intention to introduce data retention laws, which would force ISPs to store user web histories for at least 12 months. After that legislation fell through and McClelland was replaced by Nicola Roxon, the data retention proposal returned — with a two year stipulation instead of just one.

The first Labor government policy to cause controversy over Internet freedoms was Senator Conroy’s blacklist censorship plan, a system that the National Broadband Network will be able to deploy to more and more effect as its rollout slowly progresses. If you believed the senator himself, the intention of the blacklist was to prevent people from accessing things like child porn and other illegal material.

The plan had many problems. The blacklist could be circumvented with services such as Tor, which pedophiles are already using. It was prone to false positives, with one leaked blacklist (they are confidential, preventing recourse) containing the URLs of legitimate Australian businesses, such as a dentist.

Finally, the lack of a robust ratings system in the country meant that illegal content covered a broad area of content that should be accessible to Australians, since it was considered Refused Classification due to having no appropriate rating applicable. This forced the government to postpone the legislation last year, while they sought a solution for classifications. The outcome was an R18+ rating for video games in June. This does not apply to a great deal of Internet content, but now something has been done to appease the public, we may well see the censorship legislation rear its ugly head again.

Given Australia’s less-than-stellar record with sane Internet security policies in recent years, we can only hope that attacks like these are not in vain and prove to lawmakers that their efforts will be ineffective.

Get the TNW newsletter

Get the most important tech news in your inbox each week.