ZDNet.com.au
news editor
Renai LeMay
commentary The Australian Federal Police's High Tech Crime Centre (HTCC) should be embarrassed.
The unit — one of Australia's peak cybercrime-fighting bodies — appears to have been on a mission in recent times to raise its profile and community awareness in general about internet security issues.
Just yesterday, for example, HTCC national manager, Commander Neil Gaughan took the opportunity to tell the Federal Parliament in Canberra that the nation needed a national advertising campaign to educate Australia's apparently befuddled internet users about online security.
"We need people to become aware that they are at risk and we need them to change their behaviour," he said.
Laudable words ... the only problem was that Gaughan didn't appear to be taking his own advice.
At the very same instant the good commander was delivering his sermon from the mount, nefarious online forces were preparing to make a mockery of the Australian Federal Police's (AFP) ability to protect even the government's own infrastructure.
A loose-knit alliance of hackers who describe themselves only as "Anonymous", were finalising widespread plans to attack federal government websites, email addresses and fax machines, particularly those belonging to Prime Minister Kevin Rudd, Communications Minister Stephen Conroy and the Australian Communications and Media Authority (ACMA).
A scant half-dozen hours later, at least some of the attacks had succeeded. The websites of the Prime Minister and reportedly ACMA went down, or were taken down by their administrators, after Australia's telcos witnessed a massive tsunami of traffic surging through their networks and breaking on the government's infrastructure.
Now you might be asking ... how could the AFP have known this was going to happen, and taken steps to prevent it?
It's a good question.
No less than one month ago, "Anonymous" issued a public threat to do so, complete with a YouTube video and pamphlets distributed over the internet. Furthermore, they outlined their plans in a detailed website, which contained the exact timing of the attack.
"Anonymous" is well-known to law enforcement authorities for its past actions. This week's attacks were spurred by the group's objection to the internet filter initiative that Conroy's department is spearheading.
But the hackers have previously conducted a running battle with the Church of Scientology. They've even been featured on Fox News in the United States.
Given the widespread availability of information pertaining to the attack, at the very least, the AFP could have been expected to have taken action to shut down websites and IRC channels belonging to the group, even if it couldn't arrest its leaders.
Prior evidence suggests content sites such as YouTube haven't hesitated to cooperate with reasonable law enforcement requests. The fact that Anonymous' video threats are still available suggests Australia's police didn't even ask.
Now I'm not suggesting the AFP's HTCC is the only group that could have taken action in this case; certainly state police forces, other federal agencies and even telcos and public sector network and systems administrators could have done, and probably did do, much to block the attacks.
Nobody should be able to threaten Australia a month in advance with an electronic attack and get away with it.
The Federal Attorney-General's office told ZDNet.com.au this morning that the Cyber Security Operations Centre in the Department of Defence's Signals Directorate was providing targeted agencies with assistance in mitigating the issue, and agencies were also briefed in advance about the threats.
But the irony of the events yesterday is inescapable.
There have also been other worrying signs emanating from the HTCC in recent times. Last week the AFP confirmed it had still not made any arrests more than three weeks after it carried out an extremely high-profile raid on a Melbourne resident who was suspected of attempting to obtain credit card details via an online forum.
Footage of the raid was broadcast on ABC's Four Corners days after it was carried out, as part of a wide-ranging report on e-crime in Australia. It's not only the fact that the AFP has not made any arrests from the raid that is concerning. There is also the fact that the report had law enforcement and computer forensics circles buzzing about the manner in which the AFP gathered evidence.
Some have even muttered that the whole raid could simply have been a public relations stunt designed to scare online fraudsters into stopping their illegal activities, with no arrests even intended.
As police officers would say, all of this is circumstantial evidence. The HTCC has successfully carried out joint operations in recent times with state police that have resulted in arrests. And as Communications Minister Stephen Conroy said this morning, the attack by "Anonymous" was juvenile in nature ... serious hackers don't broadcast their activities in advance or use brute force denial-of-service attacks.
But the fact remains that there are questions being raised as to the efficacy of the nation's response to electronic crime.
Nobody should be able to threaten Australia a month in advance with an electronic attack and get away with it.
3%
2%
The AFP do not have the jurisdiction to take down websites and IRC channels on a whim unless they're hosted locally (which they are not, you can see for yourself if you perform a traceroute). Just because the website and IRC channel are able to be freely accessed does not mean they can just as easily be taken down - thepiratebay.org is a good example of this. However, I do agree that they should have at least tried to take down the YouTube videos though it wouldn't have achieved much, the video would just be continually reuploaded by anon (in fact, there are already several copies of the video on YouTube and vimeo available).
I'd be happy to be corrected on this, but it's my understanding that there is not a great deal that can be done to defend against a DDoS attack even with advance notice, apart from simply upgrading the relevant network infrastructure so that the site/server can handle the increased load (which is probably quite costly). Was that your expectation, or are you able to explain exactly what the AFP should have done?
By the way, I'm no fan of the AFP (I'm completely apathetic), I just think your expectations of the AFP are unrealistic (and once again, I'm happy to be corrected if I'm wrong!)