VideoNEW
Podcasts
Blogs
ANONYMOUS:
COMPUTERISED VOICE: Hello, citizens of the Internet, this is Anonymous. We are not a group of hackers. We are simply a group trying to change things for the better. We are the embodiment of chaos. Chaos means change. We seek change because when something is wrong it needs to change.
We fight where no‑one else dares to fight. We look in the lives of animal abusers and bring paedophiles to justice. We destroy the reputation of political and religious leaders alike.
It is true that Anonymous has committed what you would call cyber attacks in protest against several military contractor companies, law makers and governments.
We do not fear your tyranny. Lock down the way. Throw us in prison, take it all away from us. Anonymous will live on.
We are Anonymous, we are legion. We do not forgive. We do not forget. Expect us.
JENNY BROCKIE: Welcome, everybody, good to have you all here. We are about to meet a few hacktivists with unusual names and disguises that they have chosen themselves tonight. I'd like to introduce one of them to you, Bobby Tables, what is Anonymous?
BOBBY TABLES, HACKTIVIST: Well, the first thing Anonymous is not unanimous. Most of the video that we just saw was correct but we're not all ‑ Anonymous is not a group. We're a group of groups and there is no either ‑ anyone can join and no‑one can be kicked out and that's a double‑edged sword.
JENNY BROCKIE: You take part in Anonymous operations, what are you working on at the moment?
BOBBY TABLES: Right now there's a fairly small operation in San Francisco where a man, a homeless man was shot in the back by police and then the police tried to cover it up by confiscating or attempting to confiscate cell phones and then when a protest tried to get organised they cut down cell service. So for my part the censorship aspect of it pulled me into the operation.
JENNY BROCKIE: And how did you get involved, Bobby, and why did you get involved?
BOBBY TABLES: I get involved because of the censorship. I saw - I believe it was Julian York tweet about it the day after cell services cut and then I saw Jacob Appelbaum tweet about it and I tweeted for about five solid hours about the censorship attempts. I started making contacts on the ground in
JENNY BROCKIE: And on the street you mean online?
BOBBY TABLES: No, on the street. Like actually on the street.
JENNY BROCKIE: Okay, but using online to gather people, to organise people?
BOBBY TABLES: Right, mostly social media.
JENNY BROCKIE: Yep. Okay. Leto, I'd like to bring you in here because you're part of Anonymous too but you've chosen not to wear a mask tonight, why?
LETO, HACKTIVIST: Well, I'm not doing anything illegal, I'm don't breaking any law so I think I don't need a mask.
JENNY BROCKIE: What sort of things do you do?
LETO: Spreading informations, getting knowledge out and animating people to stand up for their rights basically.
JENNY BROCKIE: Do you agree with everything Anonymous does when it hacks websites? Are you a hacker?
LETO: I'm not a hacker. I can hack maybe a tree but I'm surely not a hacker of computer.
JENNY BROCKIE: Okay, so you say you're not a hacker but Anonymous does hack and does do that kind of thing. It doesn't bother you that you're associated with a group that doesn't do things that you don't want to do?
LETO: What other people do is their free choice. I don't see that people get physically hurt by hacking so this whole terrorist call is wrong in my eyes and I'm not breaking a law. If other people hack, if that's the only thing they see they can do it's in their eyes, okay, and I'm not the person to judge that.
JENNY BROCKIE: Corpse, I want to talk to you, you're attached to a group called Net Bashers, what targets have you hit, has your group hit?
CORPSE, HACKTIVIST: Specifically we go for government targets, we really have no other specific targets but governments in our eyes, it's just pathetic. They believe that it's alright to keep their citizens uninformed and just do whatever they want, murder civilians, murder innocents, go to war with countries that they have no right to, make up some just bull story and decide hey, let's go to war with this person and kill all the civilians just because, you know, we claim they did something to us. It's happened in so many other times that we have seen and the Government always covers it up.
JENNY BROCKIE: So when you say governments, what governments? How do you decide which governments to hit?
CORPSE: We hit any government we can find.
JENNY BROCKIE: Any Government at all?
CORPSE: Any government we can find, any website, any government website that we can find to exploit on we'll just hit it.
JENNY BROCKIE: And what do you do when you hit it?
CORPSE: Whenever we hit it we normally see ‑ first we check to see if there are any personal details of government officials on the website database. If so we leak it. Then we'll go after passwords. If we can get in we'll probably deface it. But if not we'll just post all the stuff that would be needed to other people and if they have a chance and they can do it themselves but it really doesn't matter to us. We could care less about defacing. Sure it's fun, sure, we like to do it but the most fun part for us on governments is exposing them.
JENNY BROCKIE: Which governments though? You said any governments, so all governments are bad?
CORPSE: As far as, I don't know, a lot of people still have faith in the governments but in our eyes every single government has been bad. They've all made a mistake and have all lied to the citizens at one point or another and they still try and cover it up.
JENNY BROCKIE: Charrie, what about you, you're from a group called The Wongz, are you a hacker, a hacktivist or both?
CHARRIE WONG, HACKTIVIST: I don't know. I'm just kind of in it for the laughs. It's quite fun.
JENNY BROCKIE: In it for the laughs, yeah?
CHARRIE WONG: Yes, pretty much.
JENNY BROCKIE: So how do you decide what to do then?
CHARRIE WONG: I don't, I just do it. I don't really think. I just do stuff.
JENNY BROCKIE: Who are some of your targets, Charrie?
CHARRIE WONG: Ranging from the
JENNY BROCKIE: What did you do to the
CHARRIE WONG: Brought his website down for three days.
JENNY BROCKIE: And why do you do it?
CHARRIE WONG: Because I don't particularly like him.
JENNY BROCKIE: How old are you, Charrie?
CHARRIE WONG: 15.
JENNY BROCKIE: Commander Grant Edwards, you manage cyber crime operations for the AFP here in
COMMANDER GRANT EDWARDS, CYBERCRIME OPERATIONS, AFP: Anyone that has unauthorised access or modification of a computer system is a threat.
JENNY BROCKIE: And do you regard people who hack, that do this kind of hacktivism as criminals?
COMMANDER GRANT EDWARDS: Well it's everybody's right in a democratic society to protest but there are societal norms that we operate within that element of protest. Once you move outside that, and for this instance in terms of hacktivism, if you again hack into a system without the authority of the individual or the group involved, well then you commit an offence and you potentially be prosecuted.
JENNY BROCKIE: Okay. Leto, what do you think about this? I mean how do you ‑ where do you draw a line about things like releasing personal information?
LETO: Personal information is exactly that area where I wouldn't go. I mean leaking confidential information about governments and organisations I'm totally okay with that but private numbers of people who have a family released on the Internet for prank calls, I don't want that to happen to me so I could never do that to another person and that's the basic problem I always have is that people put private data of other people into the Internet while not wanting their private data in the Internet. So that's a bit of hypocritic actually.
JENNY BROCKIE: Okay, Corpse, is that true of you with the disguise over your face, that you're happy to release personal information about other people but not about yourself?
CORPSE: I'll take this mask off right now if you want me to.
JENNY BROCKIE: Okay, but what about the point about releasing personal information? Obviously there are differences between you about where to draw these sort of lines?
CORPSE: Right, with people's information I would not release, I really wouldn't because I find that to be worthless. Why would you put something like that? But if someone's not so innocent and they've done something to you or several other people which would not happen to other people, they would not like it happening to them, of course, why not just give them a taste of their own medicine?
But when it comes to innocent people that you know of have not done anything, why would you leak it? Government, would you really classify them as innocent? I mean after how many of the military members went over there and killed innocents, the presidents and prime ministers and all that have just turned around and lied to their people about everything that's been going on. Why would you count them as innocent? Why wouldn't you release their information?
JENNY BROCKIE: Patrick Gray, you report on information security, you're a bit dismissive of hacktivists, why?
PATRICK GRAY, RISKY BUSINESS SECURITY PODCAST: I wouldn't say I'm necessarily dismissive of hacktivists. First of all I've got to say that I don't quite like the term hacktivism, I think there's online activism and I think there's hacking and there's criminally motivated hacking and maybe even politically motivated hacking but for some reason every time I hear that term it just makes me cringe because you've got people who are out there doing everything from raising awareness online to organising protests to doing DDoS attacks against sites and just to sort of lump them in as hacker doesn't seem quite right.
JENNY BROCKIE: What do you think about the range of what we've heard just now?
PATRICK GRAY: This is the whole thing, right, it's sort of presented in often in the press as being a unified movement but I think what we've just seen is that it's quite scatter gun, anti‑establishment stuff. There's no really ‑ there's no manifesto, there's no clearly defined goals or objectives. You know, and as Mr Bobby Tables over there told us, Anonymous isn't a group. You know, I've often compared Anonymous to being like pirate of the high seas hundreds of years ago, they all wave the same flag but they weren't a group. There was no leader of the pirates and I think a lot of people in media, and even in law enforcement, are confusing things like ‑ they're confusing influence for structure. There are people within who identify themselves as Anonymous who are probably more influential and can rally the troops a little bit better than other people but it doesn't make them leaders and it doesn't make Anonymous an organisation. So this idea that these hacktivists are coming to sort of topple governments and, you know, cause havoc, it just seems a little overcooked to me.
JENNY BROCKIE: Alana, you study hackers, what's the difference between a hacker and a hacktivist, even though Patrick doesn't like the term, we've got to call them something, what do we call them?
ALANA MAURUSHAT, CYBERCRIME LAW CENTRE, UNSW: I don't know if I have a much better term but I've always looked at it as security activist versus vigilantes versus I don't know, your ‑ I don't see some of the actions of the characters that we see on screen as being any different from the 15‑year‑olds who would go out and necessarily spray graffiti on the weekend.
JENNY BROCKIE: No different at all?
ALANA MAURUSHAT: Well different in terms of if the claims the type of information they're getting at the end of the day might be different but that would be no different than doing graffiti and breaking into a place and retrieving information.
JENNY BROCKIE: But it's different if you hack into something and release a whole lot of information that's otherwise protected. That's not like spraying graffiti on the wall.
ALANA MAURUSHAT: Well we were just saying ‑ that isn't but at the same time it's interesting to see that, you know, secure systems, or what we tend to think and trust to be secure, can be broken by someone, you know, in high school still.
JENNY BROCKIE: Is that something that worries you, Grant?
COMMANDER GRANT EDWARDS: Look, anything of this nature worries me because as Patrick said, our ‑ the exponential growth of the digital world is highlighting to us that our lives are being controlled by the Internet, if you like. So our personal information, our daily activities, a lot of our life is involved on the Internet and if people have the ability and the desire to want to hack in and obtain that information or nefariously use your computer, for instance, a DDoSing, well that's a problem.
JENNY BROCKIE: We'll explain DDoSing in a minute because a lot of people won't know what that means. Suelette, you wrote the first book on Australian hackers with research help from Julian Assange. Are hacktivists much different to traditional protestors? I mean is it different because of the breadth of information they can have and the way that they can spread it?
SUELETTE DREYFUS, AUTHOR, ‘UNDERGROUND’: I think there are a few differences, so one element is the element of perhaps a feeling of being slightly detached because you're there with your keyboard late at night in front of your computer and that's quite removed from a sit in, you know, or a rally in person. But I think that there are ‑ and I would jump in and say that I agree that the view Anonymous is not one entity and indeed online activists are not one uniform entity as we've seen here tonight, but I would say for that subgroup that is politically motivated, in a sense of, you know, motivated by a cause there seems to be some recurring themes and probably the most important of those is a sense that information should be free and people should be free to protest, people should be free to speak out, should be free to publish, that that right of free speech has been infringed and the right to free information has been infringed by government's increasing desire to censor the Internet, to censor our ability to get information and that is potentially, I see, the only possible unifying thing really between them but yes, so I think that's quite important.
JENNY BROCKIE: Tonight we are talking to hacktivists. One way that they attack websites is through the distributed denial of service known as DDoS, here's how it can work.
LOIC:
VOICEOVER: LOIC is an Anonymous application. You can download it in a couple of clicks to your PC or Mac. Once it's there you can take part in distributed denial of service attacks, even if you have no clue how to hack.
With LOIC running your computer can flood any given server with garbage requests to access the website. Used en masse the traffic from legitimate users cannot get through. The site is then effectively inoperable. That's denial of service.
Last year LOIC acquired a new feature, the hive mind mode. This new feature turns your computer into a voluntary Botnet or Internet robot. A Botnet allows a single machine called the Bot herder to take control of all the computers running LOIC. The Bot herder can then orchestrate the attack. So not only do you not need to know how to hack to take part in a DDoS attack but now you don't even have to know the time or the attack target. Your computer is doing it for you, silently.
JENNY BROCKIE: Grant, is DDoSing a crime?
COMMANDER GRANT EDWARDS: Under the Australian legislation, yes, it is.
JENNY BROCKIE: Okay, and how do you view it? I mean how do our authorities view DDoSing?
COMMANDER GRANT EDWARDS: Well certainly the Australian Government websites have been DDoSed and a number of other businesses have been DDoSed as well. That's tantamount, if you like, to taking away either an individual or an organisation's ability to undertake their business or depending upon the type of DDoSing an individual ‑ its computer is involved without their knowledge.
JENNY BROCKIE: And how widespread is it?
COMMANDER GRANT EDWARDS: Well certainly according to the Internet industry it's quite wide, yes, it's quite prevalent.
JENNY BROCKIE: Okay, Suelette, how do you view DDoSing?
SUELETTE DREYFUS: Well, um, it can cause damage but the damage tends to be very short term. So it might have a system that's down for an hour or a day. Obviously it's not a good thing that a business would not be able to conduct its business but it's hardly a crime worthy of a capital punishment. And it's certainly something that I would put in the realm often, depending on the motivations of the people behind it, as potentially being something of civil disobedience. So, for example, someone goes and, you know, has a protest out the front of Nike and stops people from going in the store because there is a picket line out the front, it's akin to that but it's online.
JENNY BROCKIE: Jody, what do you think? You're a white hacker, you test security systems by hacking into them, what do you think of DDoSing?
JODY MELBOURNE, HACKLABS: Well I think the LOIC DDoSs have been pretty laughably ineffective in the past. I don't think any of the Anonymous operations have really been all that successful. There's one coming up against Facebook in the near future where they expect that if they can convince a few thousand people to download this LOIC tool and point it at Facebook that they will be able to knock Facebook off the Internet. But even if they were to convince a couple hundred of thousand to people to download and run this tool the amount of traffic that could generate with that tool would be a drop in the ocean of the amount of traffic that Facebook gets at any given moment on a day‑to‑day operation. So I think that the denial of service attacks that Anonymous have been able to carry out with this voluntary Botnet have been ridiculously ineffective compared to the capabilities of the Botnets that the real criminals such as the Russian black hat hackers have access to.
JENNY BROCKIE: Black hat hackers mean people doing it….
JODY MELBOURNE: The real bad guys. The real bad guys out there who have access to DDos capabilities and real Botnets. They're not interested in taking down Mastercard or Visa or Facebook, they're interested in making money. They don't want to take Facebook down, they want to make money off the people that are using Facebook right now. So they've got more important things to do than petty little political protests.
JENNY BROCKIE: Do you think it's a legitimate form of protest to do this kind of thing?
JODY MELBOURNE: No, I think it's distributed denial of service attack. There may be some legal grey area, whether the user is actually voluntarily participating in it as opposed to getting infected with a virus and the virus makes them part of an attack. But the way that a lot of these Anonymous operations explain their attacks is to try to trick their users into thinking that they're just participating in direct action democracy, that they're just exercising their free speech rights. You download this tool, you run it and you're exercising your free speech rights by doing a virtual sit in of a website when in fact you are participating in a criminal attack.
JENNY BROCKIE: So people being conned is effectively what you're saying?
JODY MELBOURNE: The majority of the people participating in these attacks are naive kids who don't know that they're actually committing a crime and then they're getting busted for it.
JENNY BROCKIE: Okay, Corpse, is that right? The majority of people are naive kids don't know they're committing a crime with DDoSing? Corpse, can you hear me?
CORPSE: A lot of people are getting involved in it that aren't really activists. A lot of them are just doing it for the laughs just to say I tangoed down this, I took down this, blah, blah, and they always put like "I'm laughing", they're always just try to say I'm laughing at it. They do it for no specific person or no specific purpose or anything. It's just pathetic.
JENNY BROCKIE: Leto, what do you think? I mean Anonymous was mentioned here as being ineffectively, what do you think about that?
LETO: Ineffective I definitely wouldn't say. I mean we saw it with Mastercard, Visa and other companies, government sites and everything, also this often used phrase of little kids not doing what they do, I think that's pretty wrong, actually. There are several people under the age of 18, of course, it's the Internet, it's the Internet generation but there are always people in my age, people over 40, they know exactly what they do, they have a cause behind it and they, as me, in fact, don't see DDoS as a criminal attack. It's a sit in. If I go to a shop and stand in front of the door and block it, it's the same for me.
JENNY BROCKIE: Bobby, what do you think of DDoSing?
BOBBY TABLES: I first want to say it's ridiculous that people who participated in the PayPal DDoSing in the United States got slapped with ‑ or they potentially face felonies which is I think is proceeding as a capital offence. If we're to agree that it's a crime then when we need to look at the punishment and I don't think the punishment fits. People in the
JENNY BROCKIE: Charrie, what do you think about DDoSing and what do you think about the description that a lot of the people are young people who don't really know what they're doing?
CHARRIE WONG: Who was the lady who said about Anonymous bringing down Mastercard and Visa?
JENNY BROCKIE: Leto from Anonymous.
CHARRIE WONG: Oh, Leto. Yeah, Leto, I singlehandedly brought down Mastercard and Visa on my own for over an hour each.
LETO: I'm sorry?
JENNY BROCKIE: Charrie is claiming that he singlehandedly brought down Mastercard and Visa on his own for an hour each.
CHARRIE WONG: And you can ask Corpse about that because he was there as well.
LETO: Congrats.
JENNY BROCKIE: Why is that such a good thing though, Charrie? Why do you think that that's such a good thing if you did do that?
CHARRIE WONG: Because it proves a point.
JENNY BROCKIE: What's the point?
CHARRIE WONG: That corporations aren't secure as think they think they are and they think they're untouchable when they're really not.
JENNY BROCKIE: Patrick, you wanted to say something.
PATRICK GRAY: Yeah, what these guys are referring to too is that 14 people in the
So I believe all that PayPal did was gave the FBI a list of the 1,000 originating computers or the IP addresses of the top 1,000 attacking computers and the FBI just processed, you know, batch processed a bunch of warrants and then scooped all of these people up and now they could be in serious trouble. And of course, you know, the Department of Justice in the United States are putting out big bold press releases saying they're rounding up members of Anonymous and it was really seen as ‑ they were trying to play it like they were striking back against all of this sort of activity.
JENNY BROCKIE: But you wouldn't expect them to do nothing?
PATRICK GRAY: No, and indeed I mean sending that message too it's quite effective. I think it's an effective strategy in the sense that people are starting to cotton on to the fact that if you participate in these sorts of attacks there could be consequences.
JENNY BROCKIE: So is that a good or a bad thing? Is that a good thing?
PATRICK GRAY: If you're law enforcement that's a great thing but I think what we've got to work out is whether or not ‑ there's a lot of discussion here tonight about whether or not participating in a denial of service attack is a civil right, whether or not it's, you know, civil disobedience or whether or not it's going to be remain a seriously punishable offence so I think that's something for law makers to worry about.
JODY MELBOURNE: For the little kid who was tricked into downloading and running a program on his parent's computer who now faces 10 years jail because he was just trying to participate in some little thing he saw on an Internet website, he didn't understand what he was doing and now he's facing 10 years jail. The new version of LOIC actually promises to work entirely within a web browser so there's no downloading or anything necessary. So if you could convince a million people to visit a certain web page on a certain day they can participate in an attack.
JENNY BROCKIE: And what do you think of that though, Jody, as a concept of protest?
JODY MELBOURNE: I think they will be able to convince a lot more people in attacks if all they need to do is click on a link on a web page.
JENNY BROCKIE: But what do you think of the idea of those attacks?
JODY MELBOURNE: Um, I think the ‑ I think the whole idea of these anonymous attacks could be very easily subverted to any cause because anybody can claim to be Anonymous. It's a double‑edged sword. Anyone could create an Anonymous operation. Anyone could go on to these Anonymous forums and say I'm creating operation attack SBS Insight and on this particular day …..
JENNY BROCKIE: Do not suggest such a thing.
JODY MELBOURNE: On this particular day we're all going to download this LOIC and we're all going to point it at SBS Insight and we're going to take them down singlehandedly for one hour to send a message to the corporation that …
PATRICK GRAY: They did that to Frontline on CBS in the
JODY MELBOURNE: And it all gets grouped in with Anonymous and it's just me and my friends and a few useful idiots that I've convinced to run this tool.
JENNY BROCKIE: Okay, so there are dangers in subversion is what you're saying?
JODY MELBOURNE: Yeah, but it's the concept that any single one of us can be Anonymous. There is no leader. Anyone can attack anybody as Anonymous and it gets ascribed to the entire group as a whole and you can see just with the four members on the screen that all four of them have completely different ideals about what it is they're actually trying to achieve and they don't all agree with each other and they don't all agree with each other's methods.
JENNY BROCKIE: There are two things I want to pick up here. One is the question of the punishment and people getting scooped up in this, Grant, and I just wonder what your view as a law enforcement officer is of that. I mean I know we're talking about an American situation here but I mean how do you decide where culpability lies with these sorts of things when you're dealing with something like DDoSing where, you know, heaps of people can be involved and can you see dangers in the way that that's approached, that there are, you know, potentially naive people who get involved who weren't at the heart of the operation anyway?
COMMANDER GRANT EDWARDS: Absolutely. There are a couple of points. First of all in terms of the punishment fitting the crime I mean that's where a court determines it. I mean in terms of the actual criminal offence, in terms of say, for instance, whether it be a hacking or a DDoS, a crime has been committed, well then we investigate that, we charge, it's the courts that determine the level of punishment in terms of the criminality that's taken place.
But I think what's often overlooked is the downstream effect on individuals and businesses when, for instance, you know, someone undertakes a DDoS for the laugh of it. What happens is, is a lot of innocent people that are going about their business on a day‑to‑day business that are either affected or impacted, whether it be for an hour or in some cases forever where their websites or their businesses are lost and what that does is that impacts on the confidence of the community and that's where we get the situation of loss of confidence in the use of the Internet to do our daily activities.
JENNY BROCKIE: Bobby, what did you want to say?
BOBBY TABLES: I was just going to say that, you know, these people who participated in DDoS against PayPal are facing some dangerous rhetoric from officials in this country. Are we coming to the point where we call a 16‑year‑old girl at her computer in
JENNY BROCKIE: I want to talk about a few other activities that are a little different to this and Leto, I wanted to ask you what you did in what was called Operation
LETO: Well Operation Egypt, yes, was in the beginning of this year in the so‑called Arab spring which is still going on so maybe it's sort of Arab year, I don't know, which was basically starting with real people demonstrating on the streets of Cairo and other Egypt cities and they got punished for trying to speak up, trying to use their freedom of speech and trying to gather informations. So yeah, basically some parts of Anonymous attacked government websites. I didn't take part in that, as I said I'm not a hacker or DDoSer, but we also spread informations of how people could get into the Internet from Egypt, how they could get informations out, how they could get videos out. We all know this picture of the people holding up their mobile phones making videos and pictures and we basically spread that informations so media eventually will take it and make reports about it. The first days there was nothing in media.
JENNY BROCKIE: Was DDoSing done during Operation
LETO: Exactly they took down Egypt Government websites.
JENNY BROCKIE: Okay, Grant Edwards, I just wonder what you think of that because that's an interesting form of protest at a time when, you know, much of the world was behind what was happening in Egypt and that democracy movement, I mean can you see in that context would you condone something like that?
COMMANDER GRANT EDWARDS: Well, certainly in that context it's not within the Australian realm but what I see there ‑ clearly.
JENNY BROCKIE: But it's an interesting point, isn't it? Because it can still be about attacking websites and it can be about circumventing censorship or doing all those sorts of things but it might be for something that's actually, you know, got very broad support in the democratic world. I mean is that a different case?
COMMANDER GRANT EDWARDS: Well I see there's two issues there. One issue is bringing to light issues lawfully in the sense of wanting to have information past about what is occurring. But secondly, what I see from that description is when you attack a government website well then, and again I can only apply this to the Australian perspective, then you commit an offence, so there's a difference in terms of you're wanting to be, if you like, lawfully undertaking a protest and then encompassing with that, then attacking a website which is, again in the Australian context, an unlawful act. As soon as you access to that website you've committed an offence in
JENNY BROCKIE: We are talking about hacktivism and I'd like to talk about some other consequences and what happens when people get caught in some of the cross‑fire with this. Josh, Sony emailed you to say that your account details, Sony PlayStation account details may have been compromised this year, what happened?
JOSH MOULDS: That email that they sent was in response to the PSN network having been shut down as a result of, what I'm aware of, was a hacking of their PSN servers. From memory what happened was the network went down with no real explanation as to why towards late April and that there was about a 6‑day gap between certain PlayStation network services not being available and the reasons behind that being made known to users of the service. I received an email from Sony to the email account attached to my PSN account but was also aware of that particular hack through other means as well like websites like Kotaku and NeoGAF and just being an active gamer and member of the community there. It wasn't until that information was made available that people had realised that their personal details may have been compromised.
JENNY BROCKIE: Patrick, tell us what it was about. Tell us what the hacking of Sony about?
PATRICK GRAY: I don't think anyone knows - I mean that's the thing. The PlayStation network event - no‑one's ever claimed credit for that. Sony believes that information on 77 million of its PlayStation network users was walked out the door. Someone spotted something fishy, freaked out and pulled the pin on the whole network and the network was down for about three weeks. They understand that the information went out but, you know, it's not like this credit card information popped up in underground forums being traded, you know, for use in fraudulent activity and it's not like, you know, it was just put out there in a torrent or, you know, put out there and made publicly available so that everyone could laugh at Sony. So it is actually a little bit difficult to tie the PlayStation network event.
JENNY BROCKIE: Yeah, but let's ‑ yes, that’s very clear and we're not trying to tie them together but I'm just trying to make the point of how people feel about this idea of information being compromised in that way, of a hack being done and personal information being compromised?
PATRICK GRAY: I would be thrilled to have people under the banner of Anonymous steal my information from an insecure service rather than have a bunch of Russian cyber criminals steal it and then really use it for fraudulent purposes.
JENNY BROCKIE: Are they the only two choices?
PATRICK GRAY: No, you've got plenty of others. You've got all sorts of casual attackers - there's many people that could obtain this sort of information and really these guys are obtaining it and putting it out in the public. I mean if they're getting access to it chances are somebody else has already stolen it and probably using it for much more….
JENNY BROCKIE: Charrie, what do you think of the Sony hack?
CHARRIE WONG: It was quite funny. How do I send you a picture by the way to the studio?
JENNY BROCKIE: What is it?
CHARRIE WONG: It's of someone I just hacked.
JENNY BROCKIE: What have you hacked, Charrie?
CHARRIE WONG: Well I've done two sites in the last about 10 minutes. The techgame.com again and sbs.com.au.
JENNY BROCKIE: Okay, and again, what is the point of doing this, Charrie?
CHARRIE WONG: Just to prove a point.
JENNY BROCKIE: But what is the point again?
CHARRIE WONG: And for the laughs of course.
JENNY BROCKIE: It's just that you can, yeah?
CHARRIE WONG: Yeah, pretty much.
JENNY BROCKIE: Can I get back to the question I asked you which is what you think of the Sony hack?
CHARRIE WONG: I think Sony deserved it in the end. It was pretty much in response to Geohot getting arrested.
JENNY BROCKIE: Okay, Michael, you had your information compromised as well. How do you feel about it and how do you feel listening to this?
MICHAEL BOSCARINI: Well quite frankly I don't see any reason to hack the database to release personal information. Sony did something wrong, fair enough, you know, if that's what they're after. But like two months before the last hack which shut down the network completely Anonymous stopped their hack and then, you know, basically said on a blog that they did not want to actually affect the users whatsoever, they were only after Sony, but then they went ahead two months later and, you know, destroyed our lives for a while. I was scared.
AMANDA: No, Anon never took credit ‑ like the thing about being anonymous is that you actually don't do anything for personal benefit. You're anonymous, you don't get any accreditation for it.
MICHAEL BOSCARINI: Exactly but the fact is still that my data and hundreds of thousands of people in Australia and plenty more out in the rest of the world was compromised due to this same type of hacking.
JENNY BROCKIE: Well Anonymous ‑ Bobby, Anonymous didn't take credit for this, did it?
BOBBY TABLES: Not that I know of.
JENNY BROCKIE: Leto?
LETO: Initially the website of the PSN network was DDoSed, yes, that was stopped one day or two days after because people were jumping in to our channels and were, sorry, bitching around, it's looking good in the newspaper, this mask and oh my god the bad terrorists of Anonymous hacked Sony so gamers please hate them but we didn't hack Sony.
JENNY BROCKIE: Okay, but Michael, the point that you're making is just at a purely personal level that experience made you feel vulnerable?
MICHAEL BOSCARINI: Yeah, if my personal information could be used out there in the world for someone to say, you know, get a mortgage out from a bank, you know, and not pay that bank then I've got a bad credit rating. So if that happens I'm basically I've got no leg to stand on.
JENNY BROCKIE: Suelette.
SUELETTE DREYFUS: I should just, you know, like to jump in here and point out that there are lots of different categories of hackers and we've talked about hackers who do it for laughs, we've talked about hackers or just social online social activists who do it for a higher cause. There are also hackers who just hack because they're curious or because they want to or because they can.
Certainly from the hackers that I've interviewed from my research a lot of those hackers are very silent and they just go in and they get a piece of information, they get out. Now they can be motivated by profit, they can be hackers for hire, involved in corporate espionage or they can just be hackers who want to because they can but they're never really going to see information. I don't think it's a good thing that private information is stolen that way. I think there's no point targeting individuals - we should all be entitled to a higher level of individual privacy. But at the same time there's every likelihood, that that sort of private information will just never appear in public because the hacker has gone in, climbed his mountain and left.
JENNY BROCKIE: Okay, Matt, you're a security specialist with a big company, what you think about what you've heard tonight and you won't use your last name because you're concerned about some of this stuff, yeah?
MATT J, SECURITY SPECIALIST: No, that's just the way I'm going to call myself, just ‑ but I think a lot of the attacks we're talking about are extremely opportunistic. They're very ‑ the easy targets or it requires a very low investment to make these successful and I think they're pointing out a much bigger problem with the state of security and the way it's being applied in organisations in the industry. So I think while we're talking about all this and there are a lot of political and social conversation points, it's bringing up a much bigger issue and awareness to security issues which are out there which I think is important as well.
JENNY BROCKIE: So what do you think the quality of protection and security is like in
MATT J: Well, I don't have a perspective on
JENNY BROCKIE: Who would you hire to protect things?
MATT J: There are a lot of really good people in the industry and research is, as I said, it's a lot ‑ this is extremely opportunistic what we're talking about.
JENNY BROCKIE: But would you hire hackers, would you hire somebody like Charrie?
MATT J: No. I think …
JENNY BROCKIE: Would you hire other hackers? I mean we hear that happens a lot. He just made a peace sign, apparently.
MATT J: Well it depends. You know, a lot of people who are in security have had all sorts of interesting backgrounds and Suelette has written about this and it's fascinating but…..
PATRICK GRAY: So maybe in 10 years if he behaves?
JENNY BROCKIE: When he's 25 as opposed to 15.
MATT J: Well, here's the thing ‑ I don't believe in the people who are innocently affected and I don't really have an opinion on the cause. Like I'm not really concerned about that but from a technical merit if they have the skills then great, and that's where a lot of people are self‑taught, they're creative, they've got good sense of humours and so on and that's important but it's different. Like I'm concerned that accessibility of this is too high and it's too easy. People are going to get into it and law enforcement are going to make an example of a lot of these people because it's having, it's showing where we are in the Internet and technology that it affects more people and it has a much bigger consequence.
JENNY BROCKIE: Okay, Grant, do you want to comment on any of this?
COMMANDER GRANT EDWARDS: There are a couple of points. First of all with security, it doesn't matter how robust your security system is, it's only as good as the weakest link and it takes, for instance, in a business an employee with a fairly innocuous password to open a gateway for people to get access. Similarly, many businesses don't even map their own systems. These people are quite expert at getting in and mapping systems on their behalf and identifying where the vulnerabilities are like our 15‑year‑old friend there who's allegedly already hacked into the SBS site.
JENNY BROCKIE: Might not be hard.
COMMANDER GRANT EDWARDS: Well, possibly not. Again I'm stating the obvious. But what we have to realise is that the Internet is so vast and so great and it's running at such an exponential pace that it's up to not only the individuals but also businesses to take ownership and responsibility for their own protection online.
JENNY BROCKIE: Tell us about the new laws that are being proposed around retaining of information, holding of information?
COMMANDER GRANT EDWARDS: Well certainly there's a piece of legislation before Parliament at the moment which ostensibly will strengthen the current cyber laws and one of those which will definitely assist law enforcement is for us to be able to request orders for preservation of information. Currently many of the ISPs and associated entities are not obliged to maintain information. So what this piece of legislation will do, if it passes, it will give us the opportunity to request preservation order whilst we go through our normal processes of obtaining warrants to lawfully access that information. Should we not be successful in obtaining a warrant well then of course that information will be expunged.
Secondly, it will allow us to work collectively with our international law enforcement partners because this is a borderless crime and we have to work with our foreign counterparts. It will give us the opportunity at their request to be able to undertake the same opportunity and thirdly, it will ‑ by strengthening these laws it will help us in terms of signing the European convention on cyber crime which is very important because what that does again it brings in a global community of law enforcement to be able to collectively address cyber crime.
JENNY BROCKIE: Okay, response, Suelette?
SUELETTE DREYFUS: I have very serious concerns about this proposed legislation. One of the most important of these is it's effectively the thin end of wedge to wire tapping without warrant. For the period of time that there is no warrant it is effectively wire tapping.
COMMANDER GRANT EDWARDS: No, it's not.
SUELETTE DREYFUS: Well, and the other thing that I have very serious concerns with is the fact that it effectively allows overseas law enforcement to say "Oh, we want information on this Australian, pass this information over to us now." That information has very few, if any, limits on what it can be used for. It can be handed to countries that have the death penalty, you can see a repeat of the
JENNY BROCKIE: Okay, to be fair to Grant he's not a politician, so I think this debate is best had ‑ and maybe we can have it online because we're running out of time and we can get keep it going online but I think to question him about what's happened to the legislation probably isn't fair given that he hasn't drawn it up.
What ‑ I would like to just wrap up because we are talking about hacktivists and we are talking about protest and I'd like to just go back to the people we started with and ask you all what you feel you've achieved. I know Corpse has had to go and apparently had to go to school so that's why he's left us. But Charrie, what do you think you've achieved with what you do?
CHARRIE WONG: I don't know. Just general anarchy, mayhem and destruction pretty much.
JENNY BROCKIE: Bobby, what do you think you've achieved?
BOBBY TABLES: I don't know, not too much today but I would like to make a point on that last bit about the laws. I hate to say this but when laws are proposed that would help to benefit international partners I'm glad to see that diplomacy fail in certain countries because we would use that to exploit our message. I would tunnel all traffic to that country first and then out to the Internet. So unless all governments work together you're not going to stop it.
JENNY BROCKIE: Leto, what do you think you've achieved?
LETO: Good feeling for me first of all, so being active and fight for freedom of speech is something that gives me a good feeling. Second of all, well we saw it in Egypt, we saw it in Tunisia, all the countries, Libya, that it comes into the press and to media all these videos we saw first of people being killed and demonstrations, families being killed in attacks, bringing that to knowledge, getting people to see that, to really see that and to experience that it's not somewhere far away but that it's actually happening. That is, in my eyes, a very great achievement.
JENNY BROCKIE: Okay, I'd like to thank you all very much for joining us tonight. Charrie, take it easy on the SBS website, we're nice people, and thank you all very much for joining us tonight, too. You can keep talking to guests on our live chat. If you're in the eastern States just hop on to our website and click on the link. And join our Facebook page to keep talking about this and other topics throughout the week.
