Australian Government Prosecuting Anonymous Member Who Allegedly Exposed The Major Flaw In Its Data Retention Demands

from the prison-is-for-useful-people dept

AAPT confirmed it was breached in July 2012, following claims by an Australian sect of Anonymous that it snatched 40GB of data from the major Australian internet service provider (ISP).



After stripping out personally identifiable information from the data (which included members of the Australian government), Anonymous released the data to raise awareness around expectations of data security: To demonstrate that if an ISP as large and trusted as AAPT can't keep its own data secure, it will be unable to keep Australians' data safe under the proposed laws.

On March 11, Adam Bennett -- known by most as the radio voice of Anonymous, LoraxLive, who was arrested last year for alleged computer crimes -- will finally learn what he's being charged with.



This had been expected to happen this week. Instead, at the last minute, Australian Commonwealth prosecutors -- for the third time since the case began 10 months ago -- requested another delay to change its lineup of accusations against him.



Maddeningly, the prosecution also indicated it will be dropping its initial charges against Bennett, and adding a slew of new ones.

One of the charges Bennett's counsel expect to be in the final lineup is "Heartbleed Vulnerability Testing for Cancer Support W.A. 2014." This is in regard to a Heartbleed vulnerability test created by Bennett to test his employer's servers (Cancer Support W.A.) for Heartbleed vulns, which would have put the CRM that Bennett was involved in building for the organization at significant risk.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Find a security flaw, go to jail . That's the general attitude of government entities around the world . Over in Australia, an Anonymous member and fundraising manager for a cancer support group is facing an ever-shifting number of charges for finding and testing security holes Adam John Bennett is a rather un-anonymous member of Anonymous. He also acts as an unofficial mouthpiece for Anonymous via his LoraxLive online radio show. His supposed participation in a large-scale hack saw him raided by Australian Federal Police in May of 2014. Since then, he's been awaiting prosecution for a variety of charges -- charges government prosecutors seem unable to pin down.The data breach leading to Bennett's arrest involved a target of Australia's controversial data retention law , which requires ISPs to hold onto subscribers' internet activity (including social network use and emails) for two years and grant extensive access to a variety of government agencies.Rather than consider this a point well taken, the government went after Bennett. As for the prosecution itself, it's been a complete shambles.Not only can't the government decide what to charge Bennett with, but it's also been instrumental in hamstringing his defense counsel. It's hard enough to structure a defense when charges remain largely unknown. It's even harder when the prosecution shows up late on the Friday before the next court date and dumps 20 GB of "evidence" into the defense's lap.Even more irritating is the fact that the prosecution apparently hopes to add Bennett's vulnerability testing of his own employer to list of charges.This addition of complete BS suggests the prosecution can't find much about the Anonymous ISP hack it can wrap charges around. Instead, it seems to be operating purely on bluster. Constant delays followed by last-minute data dumps aren't the sort of actions that indicate prosecutorial confidence. Instead, it gives the impression that the government hopes to obfuscate its way into a guilty verdict.Meanwhile, Bennett is still living under restrictive bail conditions that prevent him from using the internet for anything other than banking, employment (he lost his job at the cancer support group after his arrest) or legal advice.While the government may be right to complain about the unauthorized use of an ISP's data, it seems to be more concerned with making an example out of someone whohave had something to do with providing a practical demonstration of the stupidity of data retention laws. The fact that it's going after him for testing his own employer's defense against vulnerabilities suggests there will be some prosecutorial "piling on" when it finally gets around to enumerating its criminal charges -- presumably in hopes of deterring future exposures of flaws in its lawmaking logic.This is what happens when governments try to "protect" citizens with little more than expansions of surveillance and law enforcement powers. Retained data is just as apt to be misused by cybercriminals as it is by law enforcement/security agencies. Any time you ask a third party to hold onto data it normally doesn't, it increases the risk of serious breaches involving plenty of normally private information. There are no exceptions . Anonymous exposed the short-sightedness of data retention laws. In response, the government has decided to shoot as many messengers as it can get its hands on.

Filed Under: adam bennett, adam john bennett, anonymous, australia, data retention, hacking, loraxlive

Companies: aapt