The way mainstream media is reporting it, you’d think that hackers wrought serious havoc last night. “Prime Minister’s website hacked,” screeched The Australian, quoting an AAP report that ran across News Ltd sites. “Rudd website hacked in filter protest,” says ABC News.
The anti-Scientology group Anonymous has supposedly branched out to fight internet censorship.
What really happened? Someone flooded the PM’s public website, and maybe others, with enough traffic to temporarily overload it. That’s it.
It’s called Denial of Service.
“A DoS attack is like those rolling power cuts in the height of summer because everyone’s turned their air conditioning on and exceeded the system’s capacity,” explains My Mate Who Cannot Be Identified Because He Does Sekrit Government IT Stuff.
“There’s a fixed amount of pipe [to the PM’s website], and it’s all being used, admittedly maliciously.”
As DoS attacks go, this one was a mosquito bite.
At the Internet Storm Centre, a global monitoring centre for internet security, duty handler Mark Hofman issued a warning and then monitored proceedings.
Update 1: Well the [attack] started at 7pm on the dot and has been going on for about an hour or so. www.pm.gov.au is being kept busy and over the hour it was unavailable from where I am for a few minutes at best… Once left alone by a few of the attackers the site is again more than happy. As far as impact goes the net result seems to be zilch.
Update 2: The attack is over. It achieved some publicity and managed to make the PM’s website unavailable for a few minutes. Otherwise there was no impact.
There was no hack. If the website was really hacked — that is, if security had been breached — the entire site would now be offline for forensic examination.
However, as an Attorney-General’s Department spokesperson confirmed to Crikey this morning, “There was no unauthorised access to the site’s infrastructure.” Following a brief period when some website visitors received a “service unavailable” message, “the site was fully operational again within minutes.”
One government systems administrator reported seeing traffic coming from around 3200 unique internet addresses, mostly just one hit each.
“That’s about US$15 worth of botnet,” scoffed MMWCBNBHDSGITS. As Crikey has reported previously, botnets can comprise half a million hacked computers, rented by the hour on the black market.
“One government department I know gets three million attacks a day. On the scale where securely-available websites play, you regularly defend and mitigate against attacks that are days and tens or hundreds of megabits per second long. These guys make amateur look bad,” says MMWCBNBHDSGITS.
The infosec specialist who spoke with ZDNet.com.au would agree. “The whole Anonymous thing is fanciful garbage. As a group it’s not to be taken seriously,” they said.
It’s unlikely the attacker or attackers were the “real” Anonymous, who put together professional-looking websites in Sydney, Adelaide and elsewhere, and who are distancing themselves from last night’s shenanigans.
The culprit would appear to be some loose-canon loser with centre-of-attention deficit disorder donning the V for Vendetta Guy Fawkes mask to get that teen-angst adrenalin buzz of stickin’ it to The Man.
His website, the shambolic Operation Didgeridie, is filled with childish bravado, confused information about the censorship plans, and low-grade advice for would-be cyber-vandals.
“Script kiddies”, they’re called in the infosec trade. They know enough to download other people’s malicious software and make minor changes, but there’s no real understanding of internet security. Or of politics.
“Such methods and demands suggest little understanding of how political policy is changed in Australia. Acts like this have the potential to unravel the hard work already done by many to try and end this policy,” says anti-censorship campaigner Michael Meloni.
For once, Senator Stephen Conroy and I agree. He has this morning called the events “juvenile.”
Conroy’s office has described the Anonymous campaign as “completely misinformed and erroneous”, repeating the party line that filtering is of Refused Classification material “such as child sexual abuse imagery, bestiality and s-xual violence” — without mentioning concerns about the other kinds of RC material — and saying that the filtering trials are expected to be completed “shortly”.
There’s further media stories now appearing as everyone gathers the facts. Fairfax has Hacked by hoons: how attack on PM’s website unravelled. The poor dears still don’t get that it wasn’t “hacked”. And ZDNet.com.au has Defence hauled in over PM website attack. “Hauled”? A short drive from Russell, I’d have thought.
Calling in the Department of Defence is standard procedure, as the Defence Signals Directorate oversees the security of all government networks — at the very least by setting policy standards and investigating “incidents” such as this one.
And Conroy gets handed an easy point in the debate. Thank you fake Anonymous.
Sorry, when I say “MMWCBNBHDSGITS” I do of course mean “MMWCBIBHDSGITS”. My mistake.
Conroy is forced to bullshit. In what kind of debate does that count as his easy point?
Juveniles mobilise when supercillious media gatekeepers fail to do their job by reporting and thoroughly analysing things like this:
http://www.wikileaks.org/wiki/Australia_secretly_censors_Wikileaks_press_release_and_Danish_Internet_censorship_list%2C_16_Mar_2009
@Simon: I daresay Sean’s point is that in real politics, like where governments can actually be persuaded to change policies, everything is based on what voters might think — especially swinging voters in marginal electorates.
Conroy’s “easy point” is that it’s easy to portray vandals as criminals — which they are — and discount everything they’ve got to say. And, while they’re at it, remind people that it’s dangerous online because, well, there’s evil hackers and vandals.
There are real parents with real concerns about their children’s safety online — uninformed concerns, perhaps, but that’s irrelevant. The government needs to be seen to be addressing those concerns. If mandatory internet filtering isn’t the answer — and it isn’t — then what’s the alternative? Bearing in mind, as I say, that there are real parents with these concerns. What do you have to say to them?
Any suggestions?
It’s odd that you think the Wikileaks exposure of the ACMA blacklist wasn’t covered. It was reported at length by both Fairfax and News Ltd outlets, in paper and online. Crikey‘s own stories included ACMA issues threats, meets the Streisand Effect, ACMA’s blacklist just got read all over, Yet another ACMA internet blacklist springs a leak, It certainly looks like the ACMA blacklist, eh Senator Conroy?, Two thirds of ACMA blacklist out of date and Conroy’s really bad week #347: Classification Board website hacked.
I don’t have a lot of time for script-kiddie cyber-vandals. Our infosec professionals have far more threatening attackers they could be spending their time on.