There’s nothing special about this week’s hack of an ABC website. But that’s precisely why it heralds a future where any organisation can be a target, along with any individuals connected with it. Things are going to get worse.
What we have here is a routine random hacktivist strike against a target of opportunity vaguely connected with the cause of his or her ire, with the exposure of innocent bystanders’ personal data as collateral damage. It just got more media coverage because it happened on the journalists’ own patch.
The random hacktivist was Phr0zenMyst, who claimed responsibility via Twitter. The cause of Phr0zenMyst’s ire was Lateline‘s interview with Dutch ultra-nationalist politician Geert Wilders. While Phr0zenMyst’s tweets use the hashtag #OpWilders, which is Anonymous’ label for its ongoing protest against Wilders, the operators of Twitter accounts usually associated with Anonymous are distancing themselves from this one.
The target was the website for the ABC TV series Making Australia Happy. The hacker stole its core database with information on nearly 50,000 audience members who’d registered to comment, and published it online. The data included user ID, nickname as displayed on the site, a hashed version of passwords, age, gender, email address, postcode and the internet (IP) address of the computer at the time users registered.
One key issue here is the hashed passwords. Password hashing is meant to help prevent the actual password being discovered following data breaches like this. But as Microsoft security researcher Troy Hunt soon discovered, the password hashing was done badly. He was able to crack 53% of the passwords in just 45 seconds.
Criminals can and doubtlessly will do the same, and they’ll try using the same password to access any other accounts associated with the same user ID or email address.
But again, this is nothing new. So let’s step back.
“The problem with Anonymous is that it’s like a bloke with a hammer forever wandering around looking for nails,” I wrote last July. At the time, Anonymous had hacked random Queensland government websites in protest against the federal government’s plans for ISP data retention.
Since then, things have gotten worse. We’ve got more people like Phr0zenMyst joining the bandwagon without necessarily bothering to understand the subtleties of political activism. Hacking a website is one thing, but immediately dumping the stolen data into a public website to make victims of 50,000 people completely unrelated to your cause is quite another.
The tools used for these hacks are easily obtained, just like anyone can go to a hardware store and buy a crowbar to jemmy open a window, and they’re getting easier to use. Anonymous, with the mystique of secrecy and Guy Fawkes masks – well, Warner Bros Guy Fawkes masks, there’s an irony! – has made hacktivism cool. And web developers don’t seem to be getting any better at security.
Yes, things are going to get worse.
This article first appeared on Crikey.
You can help keep SmartCompany free for everyone to read
Small and medium businesses and startups have never needed credible, independent journalism and information more than now.
That’s our job at SmartCompany: to keep you informed with the news, interviews and analysis you need to manage your way through this unprecedented crisis.
Now, there’s a way you can help us keep doing this: by becoming a SmartCompany Supporter.
Even a small contribution will help us to keep doing the journalism that keeps Australia’s entrepreneurs informed.
And it’s not all one-way traffic either. SmartCompany Super Supporters get to dial into our monthly editor’s meeting and attend a monthly, invite-only webinar with a big-name entrepreneur.