ABC hack attack rings alarm bells: “Things are going to get worse”
Thursday, February 28, 2013/
There’s nothing special about this week’s hack of an ABC website. But that’s precisely why it heralds a future where any organisation can be a target, along with any individuals connected with it. Things are going to get worse.
What we have here is a routine random hacktivist strike against a target of opportunity vaguely connected with the cause of his or her ire, with the exposure of innocent bystanders’ personal data as collateral damage. It just got more media coverage because it happened on the journalists’ own patch.
The random hacktivist was Phr0zenMyst, who claimed responsibility via Twitter. The cause of Phr0zenMyst’s ire was Lateline‘s interview with Dutch ultra-nationalist politician Geert Wilders. While Phr0zenMyst’s tweets use the hashtag #OpWilders, which is Anonymous’ label for its ongoing protest against Wilders, the operators of Twitter accounts usually associated with Anonymous are distancing themselves from this one.
The target was the website for the ABC TV series Making Australia Happy. The hacker stole its core database with information on nearly 50,000 audience members who’d registered to comment, and published it online. The data included user ID, nickname as displayed on the site, a hashed version of passwords, age, gender, email address, postcode and the internet (IP) address of the computer at the time users registered.
One key issue here is the hashed passwords. Password hashing is meant to help prevent the actual password being discovered following data breaches like this. But as Microsoft security researcher Troy Hunt soon discovered, the password hashing was done badly. He was able to crack 53% of the passwords in just 45 seconds.
Criminals can and doubtlessly will do the same, and they’ll try using the same password to access any other accounts associated with the same user ID or email address.
But again, this is nothing new. So let’s step back.
“The problem with Anonymous is that it’s like a bloke with a hammer forever wandering around looking for nails,” I wrote last July. At the time, Anonymous had hacked random Queensland government websites in protest against the federal government’s plans for ISP data retention.
Since then, things have gotten worse. We’ve got more people like Phr0zenMyst joining the bandwagon without necessarily bothering to understand the subtleties of political activism. Hacking a website is one thing, but immediately dumping the stolen data into a public website to make victims of 50,000 people completely unrelated to your cause is quite another.
The tools used for these hacks are easily obtained, just like anyone can go to a hardware store and buy a crowbar to jemmy open a window, and they’re getting easier to use. Anonymous, with the mystique of secrecy and Guy Fawkes masks – well, Warner Bros Guy Fawkes masks, there’s an irony! – has made hacktivism cool. And web developers don’t seem to be getting any better at security.
Yes, things are going to get worse.
This article first appeared on Crikey.
All that glitters is not gold: The upsurge of paid followers and engagement on LinkedIn Sue Parker DARE Group founder
Bin juice bingers: How to avoid the sinister clutches of the procurement department and its cold benchmarking Ian Whitworth Scene Change co-founder
Locked and uploaded: How to take bricks-and-mortar stores digital with video Michael Langdon Levity director
Why retailers have no idea about the future Dean Salakas The Party People chief
There's only one way to attract and retain millennial talent — but it'll cost you a few bricks Lauren Lowe Future Fitouts co-founder
Advice for going green, from one chief executive to another James Chin Moody Sendle co-founder