Last week’s Operation Titstorm attacks by Anonymous brought down the Parliament House website for three days, yet they seem to have been organised by teenagers using basic tools.
As Crikey reported in September a Denial of Service attack (DoS) took the PM’s website offline for about 10 minutes. The inconvenience was minimal.
This time, the attacks were more effective, with aph.gov.au being hit by up to 7.5 million incoming inquiries every second, completely overloading it. While that sounds a lot, today’s fast computers and broadband links mean it can be accomplished with a few hundred computers.
The attack also included a flood of pornographic emails and faxes to parliamentary staffers.
In an interview for today’s Patch Monday podcast at ZDNet.com.au, a young-sounding organiser using the handle “c0ld blood” told me that about 400-500 people had taken part.
“Lots of them are kids and teenagers, and the main reason that they take part in these attacks is because kids and teenagers don’t really get the chance to voice their opinions,” he told me.
c0ld blood acknowledges that DoS attacks are illegal, but was dismissive of conventional political processes.
“It would just be falling on deaf ears. By DoSing the sites it’s giving … it’s forcing the hand of the Australian government because they’re going to have to take notice,” he says. “We need to send a message across that governments can not just mess with the internet and not expect any backlash.”
c0ld blood wasn’t sure how the Parliament House website ended up being a target.
“There was a long list of ones which were going to be targeted and I think that one just fell down the easiest so people carried on doing it,” he says.
While c0ld blood considers the attack “quite successful”, other groups opposed to internet filtering are distancing themselves — even other sections of “Anonymous”.
“AnonSA does not endorse or support the recent attempts by Anonymous hackers to attack government websites,” the South Australian chapter said in a statement.
“Whilst we agree that the government’s proposed internet censorship legislation is an ill-conceived idea, we do not condone the methods taken by the individuals responsible for the DDoS attacks as an appropriate way to engage with the government.”
According to Electronic Frontiers Australia: “Not only are [the attacks] illegal, but they damage the cause by playing to stereotypes of filter opponents as juveniles motivated by a desire to keep the internet safe for p-rn. They serve no purpose but to give the government the moral high ground.’
Alan Thompson, secretary of the Department of Parliamentary Services, would agree. He personally received more than 8000 p-rnographic emails, and his inbound fax machine “just jammed up”.
“It gives little credit to the people who organised it,” he told Crikey. “It diminishes their cause enormously.”
The Parliament House website isn’t particularly modern, something Thompson is happy to admit. It currently appears to be run from a commodity-grade hosting service.
“We acknowledge that the service to the external world has been badly affected, we acknowledge and apologise for that,” he says.
Nevertheless, the website isn’t a mission-critical system (shoosh, Bernard Keane). It’s separate from the core Parliament House network. One can safely assume the PM and other key players have their own secure, high-reliability network provisioned in … other ways.
A new aph.gov.au website is expected to be built in the next 12 months. While it could be built to withstand attacks such as that from Anonymous — an attack from 500 computers is small beer compared with the vast botnets run by organised criminals — it would also be expensive.
“There’s no need to spend the million dollars which would be required to build the right infrastructure protection on a system which isn’t mission critical,” security consultant Crispin Harris told Crikey.
“Financially, is there any reason for them to spend any more money than they’ve done? My opinion is no.”
Wait a second, the web site that lets Australia’s citizens know what’s going on in their parliament isn’t mission critical? But the one that lets the politicians know this _is_ mission critical?
In the research for this article, I was the first to suggestion that the website isn’t mission-critical. Perhaps I should have used “time-critical” or a similar term?
My point is that the national doesn’t crumble into anarchy if the website isn’t available for a few days. The government has other ways of staying in touch with what’s happening. The website itself is primarily for the communication of parliamentary business to the citizens. While that’s vitally important in a democracy, in general it doesn’t matter if it’s delayed a little. There are other ways of seeing what legislation is being discussed etc.
It’s not like, say, defence systems or baking or emergency services or Centrelink payments.
I probably meant “banking” rather than “baking” in the last sentence, though bakers may disagree.
I felt a little insulted that MY parliament got DDoSed – they would do better focusing their direct actions on the actual players (ie Rudd and Conroy).
(And no, I do NOT condone or support illegal acts – though I agree with some of what this “group” is saying)
That said, it’s pretty easy to get the info:
Google’s cached images and web-archives such as WayBack Machine are places to start.
I believe they still answer phone calls also….
As a member of Melbanon (Melbourne Anonymous), the melbourne ‘branch’ (so to speak) of Anonymous currently focusing mainly on protesting against the crimes and the organisation of the Church of Scientology, I would like to make a statement regarding our group’s views on Operation Titstorm.
Melbourne Anonymous does not endorse the actions taken by those who participated in Operation Titstorm. None of our members were involved in the DDoS attacks and we would like to make it clear that Melbanon believes in change through legal and peaceful forms of protest.
We have put up an official statement on the main page of our website http://www.melbanon.com/
Thank you,
Kenji
–
Melbanon Organiser