ABC hack attack rings alarm bells: “Things are going to get worse”
Thursday, February 28, 2013/
There’s nothing special about this week’s hack of an ABC website. But that’s precisely why it heralds a future where any organisation can be a target, along with any individuals connected with it. Things are going to get worse.
What we have here is a routine random hacktivist strike against a target of opportunity vaguely connected with the cause of his or her ire, with the exposure of innocent bystanders’ personal data as collateral damage. It just got more media coverage because it happened on the journalists’ own patch.
The random hacktivist was Phr0zenMyst, who claimed responsibility via Twitter. The cause of Phr0zenMyst’s ire was Lateline‘s interview with Dutch ultra-nationalist politician Geert Wilders. While Phr0zenMyst’s tweets use the hashtag #OpWilders, which is Anonymous’ label for its ongoing protest against Wilders, the operators of Twitter accounts usually associated with Anonymous are distancing themselves from this one.
The target was the website for the ABC TV series Making Australia Happy. The hacker stole its core database with information on nearly 50,000 audience members who’d registered to comment, and published it online. The data included user ID, nickname as displayed on the site, a hashed version of passwords, age, gender, email address, postcode and the internet (IP) address of the computer at the time users registered.
One key issue here is the hashed passwords. Password hashing is meant to help prevent the actual password being discovered following data breaches like this. But as Microsoft security researcher Troy Hunt soon discovered, the password hashing was done badly. He was able to crack 53% of the passwords in just 45 seconds.
Criminals can and doubtlessly will do the same, and they’ll try using the same password to access any other accounts associated with the same user ID or email address.
But again, this is nothing new. So let’s step back.
“The problem with Anonymous is that it’s like a bloke with a hammer forever wandering around looking for nails,” I wrote last July. At the time, Anonymous had hacked random Queensland government websites in protest against the federal government’s plans for ISP data retention.
Since then, things have gotten worse. We’ve got more people like Phr0zenMyst joining the bandwagon without necessarily bothering to understand the subtleties of political activism. Hacking a website is one thing, but immediately dumping the stolen data into a public website to make victims of 50,000 people completely unrelated to your cause is quite another.
The tools used for these hacks are easily obtained, just like anyone can go to a hardware store and buy a crowbar to jemmy open a window, and they’re getting easier to use. Anonymous, with the mystique of secrecy and Guy Fawkes masks – well, Warner Bros Guy Fawkes masks, there’s an irony! – has made hacktivism cool. And web developers don’t seem to be getting any better at security.
Yes, things are going to get worse.
This article first appeared on Crikey.
The art of business drinking: How to make deals, networks and friends Ian Whitworth Scene Change co-founder
Bridging the gap: Why regular customer surveys are key to good business Sonia Majkic 3 Phase Marketing co-founder
Six reasons every workplace should have a resident dog Michael Tiyce Tiyce & Lawyers principal
How we created an engaging online course with a 91% completion rate Emma Green Your CEO Mentor co-founder
Five things to consider before you launch a family business Monique Bolland Nuzest co-founder
Why Australian businesses are the new owned media moguls Jonathan Hopkins Marketing