Glyn Moody recently wrote about Australia reviving some troubling internet snooping policy, part of which includes an aggressive data retention policy for ISPs, in which they need to collect and maintain connection data from their users for up to two years. As Glyn notes, this policy mirrors what other nations throughout the world are attempting to put in as well, despite the serious pushback on security and privacy grounds from the technology community.
So perhaps it shouldn’t be all that surprising when famed hacktivist group Anonymous decides to make the concerns a reality to prove a point. Slashdot points us to news that Anonymous has breached one Australian ISP, AAPT, and lifted some 40GB of data using an un-patched Adobe Cold Fusion exploit. As Australian site ITnews reports, this hack appears to be yet another attempt at activism by Anonymous:
“Anonymous had threatened earlier this week to release the data but was reportedly working to minimise potential harm to individual customers.The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.
The threatened release of data appears to be in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years.
One hacker told iTnews' sister publication SC Magazine that the data was stolen “to prove a lack of security at ISPs and telcos to properly protect the information” that would be stored under the Federal Government's data retention draft policies.”
This is what happens when you ignore complaints by the very people who can bring about the unintended consequences of your unfortunate internet legislation. Pushing forward with data retention bills even as it is proven that customer data is accessable seems problematic. Perhaps Anonymous and other groups can use this as an ongoing example of why such retention policies are dangerous.