Australian Federal MPs' computer network hacked

[JackoBoy987]

The Australian Parliament network was compromised in the latest hack. This comes weeks after the Australian Government passed an anti encryption bill and shows how useless the Australian Government is when it comes to technology. 

 

News link: https://www.smh.com.au/politics/federal/federal-mps-computer-network-hacked-forcing-passwords-to-be-changed-20190208-p50wgm.html

 

"Federal MPs' emails and data may have been compromised by a cyber attack on Parliament that is being described as "sophisticated", suggesting the involvement of a foreign government"

 

""There is no evidence that any data has been accessed or taken at this time, however this will remain subject to ongoing investigation."

[Froody129]

If only there was a way in which you could make sure that your messages couldn't be read. If I were to make such a system, I think I would use something called a "key" that no one else has access to. 

[ZacoAttaco]

Wait, aren't these the same guys that wanted to ban encryption?

 

[ZacoAttaco]

Also @JackoBoy987, you might want to add some final thoughts and quote tags to your post so that it won't get moved from the Tech News section, as per The Posting Guidelines.

 

[Guest]

2 minutes ago, Froody129 said:

If only there was a way in which you could make sure that your messages couldn't be read. If I were to make such a system, I think I would use something called a "key" that no one else has access to. 

They sure aren't good at cybersecurity. 

 

Spoiler

 

[ZacoAttaco]

Just now, RorzNZ said:

They sure aren't good at cybersecurity. 

 

  Reveal hidden contents

 

Ironically they are pushing people to study it. It's a priority course at most vocational colleges, priority meaning it's free. I'm definitely taking advantage of this offer. 

[Fnige]

5 minutes ago, VegetableStu said:

"wait, it runs on maths?! that's nonsense, make the maths conform to our laws!"

 

jayz2cents_thought_butterfly.wav

"wait... It protects these big racks from these foreigners. WHAT KIND OF SORCERY IS THIS?"

 

surprised_pikachu.raw 

[Guest]

20 minutes ago, ZacoAttaco said:

Ironically they are pushing people to study it. It's a priority course at most vocational colleges, priority meaning it's free. I'm definitely taking advantage of this offer. 

Thats a pretty good incentive. 

[mr moose]

2 hours ago, ZacoAttaco said:

Ironically they are pushing people to study it. It's a priority course at most vocational colleges, priority meaning it's free. I'm definitely taking advantage of this offer. 

Not really ironic, the new laws are grossly misunderstood and have become another one of those internet narratives that every just believes. Our government is actually interested in good privacy, what they are not interested in is having legitimate evidence thrown out of court because current laws don't adequately cover obtaining digital evidence.   

[Arika]

2 hours ago, JackoBoy987 said:

suggesting the involvement of a foreign government

ah, the well known tactic of "diverting the blame" (most likely to Russia, because they are the current favourite go-to scapegoat) because there is no way the australian people could be upset at you for such a stupid system after making comments saying that "the laws of mathematics dont apply in Australia"

[RejZoR]

2 hours ago, ZacoAttaco said:

Wait, aren't these the same guys that wanted to ban encryption?

 

Feeling the irony yet? XD Thinking of it now, if they held the encryption keys, all attackers had to do is just attack idiot gov servers storing them and gain access to MANY services. Which is why everyone cried how bad idea this law was. And still is. And always will be.

[LAwLz]

1 hour ago, mr moose said:

Not really ironic, the new laws are grossly misunderstood and have become another one of those internet narratives that every just believes. Our government is actually interested in good privacy, what they are not interested in is having legitimate evidence thrown out of court because current laws don't adequately cover obtaining digital evidence.    

No, you're the one who misunderstands the law.

What the law demands is that companies, or maybe even individuals at companies, could be strong-armed and gag ordered to implement security vulnerabilities.

 

The Australian government wanted (and maybe got?) the power to, if first granted by a court, go to an individual at a company, tell them that they must implement a way for them to spy on someone, and if that individual tells anyone else, including their boss or someone else at the company, they can be sent to prison.

 

There are some extremely vague and bullshit parts in the law such as "it can't be a systemic weakness" but since it has not been defined what that is, it's up to some (probably) technologically illiterate law person to make judgements about how certain backdoors could or couldn't be used in a systemic way (spoiler: any weakness which achieves the goal of spying on a single individual can be used in a systemic way).

 

 

I don't think a single non-partial security researcher or software developer has said that the law is a good idea. If they have then they are quite frankly morons. In fact, the only people educated in the subject I have seen have been against it. The only people I have seen which agrees with this are those who don't understand how software and security works, or potentially have vested interests.

[leadeater]

4 hours ago, JackoBoy987 said:

This comes weeks after the Australian Government passed an anti encryption bill and shows how useless the Australian Government is when it comes to technology. 

Obviously the network wasn't encrypted........ 

[mr moose]

29 minutes ago, LAwLz said:

No, you're the one who misunderstands the law.

What the law demands is that companies, or maybe even individuals at companies, could be strong-armed and gag ordered to implement security vulnerabilities.

 

The Australian government wanted (and maybe got?) the power to, if first granted by a court, go to an individual at a company, tell them that they must implement a way for them to spy on someone, and if that individual tells anyone else, including their boss or someone else at the company, they can be sent to prison.

 

There are some extremely vague and bullshit parts in the law such as "it can't be a systemic weakness" but since it has not been defined what that is, it's up to some (probably) technologically illiterate law person to make judgements about how certain backdoors could or couldn't be used in a systemic way (spoiler: any weakness which achieves the goal of spying on a single individual can be used in a systemic way).

 

 

I don't think a single non-partial security researcher or software developer has said that the law is a good idea. If they have then they are quite frankly morons. In fact, the only people educated in the subject I have seen have been against it. The only people I have seen which agrees with this are those who don't understand how software and security works, or potentially have vested interests.

 

 

We've been over this ad nausea, I have posted all the bills verbatim and the limitation attached to them.   I am not even going to bother reading what you have to say.

[LAwLz]

1 hour ago, mr moose said:

I am not even going to bother reading what you have to say.

Just like the Australian government did when people in the computer security industry advised them not to go forward with their proposal.

[TechyBen]

Quote

Australia just passed tough new legislation that requires tech companies to hand over user data when requested by law enforcement, even if that means building a backdoor into their encryption.

https://www.theverge.com/2018/12/7/18130806/australia-access-and-assistance-encryption-bill-2018-facebook-google-apple-respond

 

So, yeah. There are two parts. Stupid part "make a backdoor", not stupid part "hand over existing data".

41 minutes ago, mr moose said:

 

 

We've been over this ad nausea, I have posted all the bills verbatim and the limitation attached to them.   I am not even going to bother reading what you have to say.

Not seen your posts. Are you honestly saying the law does not require backdoors?

 

(Because, I know how this is gonna play out, extra link for sanity checking: https://www.bbc.co.uk/news/world-australia-46463029 )

[mr moose]

1 minute ago, TechyBen said:

https://www.theverge.com/2018/12/7/18130806/australia-access-and-assistance-encryption-bill-2018-facebook-google-apple-respond

 

So, yeah. There are two parts. Stupid part "make a backdoor", not stupid part "hand over existing data".

Not seen your posts. Are you honestly saying the law does not require backdoors?

There were two very large threads dedicated to these laws.  They are pages long and I linked directly to the laws and quoted all the relevant bits.  The news media are just doing what they normally do,  put a bit of spin to maintain the readership.   The bill specifically disallows the requesting of anything that will introduce a security or privacy weakness into any system.   They cannot make a backdoor and that was specifically ruled out, when the media tell you they can request a backdoor they are either lying or being very creative with very cherry picked sources of information.

 

Any way as I said before, we have been over this in great detail and this thread is not about those laws, so I suggest if people want to discuss them they can search for the original threads and read them.

 

 

 

 

[leadeater]

3 minutes ago, TechyBen said:

Are you honestly saying the law does not require backdoors?

Yes, because unlike media hyperbole the actual legislation as written states that building a systemic weakness in to the system cannot be asked for nor be required to comply to. Now be warned that will start it's own entire debate about the fine specifics of it, to death, but there is zero case law to inform us of anything of how it will be applied etc so it's only ever a circular debate destined to never end.

 

As written now it forbids such a thing, in practice that's a wait and see.

[mr moose]

20 minutes ago, leadeater said:

Yes, because unlike media hyperbole the actual legislation as written states that building a systemic weakness in to the system cannot be asked for nor be required to comply to. Now be warned that will start it's own entire debate about the fine specifics of it, to death, but there is zero case law to inform us of anything of how it will be applied etc so it's only ever a circular debate destined to never end.

 

As written now it forbids such a thing, in practice that's a wait and see.

I can see it now, faceboook or some other equally as evil enterprise is going to use this law as an excuse to spy on everyone's data and put backdoors in everything.  Then all we'll have is a barrage of people crying "I told you so".

[LAwLz]

42 minutes ago, leadeater said:

Yes, because unlike media hyperbole the actual legislation as written states that building a systemic weakness in to the system cannot be asked for nor be required to comply to. Now be warned that will start it's own entire debate about the fine specifics of it, to death, but there is zero case law to inform us of anything of how it will be applied etc so it's only ever a circular debate destined to never end.

 

As written now it forbids such a thing, in practice that's a wait and see.

Worth noting that what is and isn't a "systemic weakness" is not defined in the bill and will be left up to someone working for or in the government to decide, not software developers who actually know the implications of the changes on a technical level. 

 

It is also worth noting that the law makes it legal for the government to target and demand changes to systems from an individual, as well as forbid the individual from mentioning it to for example their boss or colleagues. Breaking that silence is illegal and punishable by jail time. 

 

 

Look, you can claim that the media are just spreading bullshit all you want, but when the EFF are also saying "stop, this is a terrible idea and very dangerous" then you should actually stop and listen.

 

 

 

20 minutes ago, mr moose said:

I can see it now, faceboook or some other equally as evil enterprise is going to use this law as an excuse to spy on everyone's data and put backdoors in everything.  Then all we'll have is a barrage of people crying "I told you so".

I can see it now, because of this law several people will have their data compromised because of governmental backdoors and weaknesses in software. Then the people who like having their privacy and security violated by their governments will band together and just say it's a conspiracy.

Because clearly, nothing bad has ever happened because government toolkits has leaked *cough* Wannacry *cough*. Nope, never happened. And no government data has ever been leaked either...

[TempestCatto]

It's weird this happened when it did. Around the same time, the city I live outside of (and my dad works in) also had their govt. center hacked, and all employee info compromised. I wonder if these are related in anyway? Or just coincidental.

[mr moose]

12 minutes ago, LAwLz said:

Worth noting that what is and isn't a "systemic weakness" is not defined in the bill and will be left up to someone working for or in the government to decide, not software developers who actually know the implications of the changes on a technical level. 

 

It is also worth noting that the law makes it legal for the government to target and demand changes to systems from an individual, as well as forbid the individual from mentioning it to for example their boss or colleagues. Breaking that silence is illegal and punishable by jail time. 

 

 

Look, you can claim that the media are just spreading bullshit all you want, but when the EFF are also saying "stop, this is a terrible idea and very dangerous" then you should actually stop and listen.

 

 

 

I can see it now, because of this law several people will have their data compromised because of governmental backdoors and weaknesses in software. Then the people who like having their privacy and security violated by their governments will band together and just say it's a conspiracy.

Because clearly, nothing bad has ever happened because government toolkits has leaked *cough* Wannacry *cough*. Nope, never happened. And no government data has ever been leaked either...

No, it won't because you didn't define "compromised",   oh you also didn't define "backdoors" either so clearly you must be saying something different and we can't rust that you don't mean something completely different than what you actually said. 

 

This tired old argument is just a tired old argument.

 

[leadeater]

16 minutes ago, LAwLz said:

Look, you can claim that the media are just spreading bullshit all you want

If they specifically say "Australia law requires backdoors" or something similar then they absolutely are. Terrible law or not, if I support it or not, that is media hyperbole. That sort of thing is only a problem because news is no longer news and is filled with opinion pieces or discussions that does not belong in news. Programs need better labeling, opinion programs should not follow directly after the news presented by the exact same people. Basic stuff like that, the way it used to be. Not exactly saying there should be an end to news opinion programs but better distinction of what is and is not news would go a long way.

 

The law can still be a bad idea and the media can still be spreading misinformation about it, both can be true.

[RuffRuffmcgruff]

 

Absolutely bloody hysterical

[LAwLz]

6 minutes ago, mr moose said:

No, it won't because you didn't define "compromised"

To be exposed or make vulnerable to danger.

For example, someone having their personal data at risk.

 

7 minutes ago, mr moose said:

oh you also didn't define "backdoors" either

A feature or defect of a computer system that allows surreptitious unauthorized access to data.

For example, someone being able to read the messages of another person without their knowledge or consent.

 

 

8 minutes ago, leadeater said:

If they specifically say "Australia law requires backdoors" or something similar then they absolutely are. Terrible law or not, if I support it or not, that is media hyperbole.

The Australian law requires companies to under some circumstances implement a method for the Australian government or people working for the government to gain access to data on individuals, possibly without their consent or knowledge. That is a backdoor.

The law (flimsily and with a ton of loopholes) forbids "systemic weaknesses", but not all backdoors are systemic. It is therefore 100% correct to say that the Australian government can require backdoors. Although it might be a bit misleading because a lot of people think of systemic backdoors when they think of backdoors.

 

But I'd also argue that any weakness can be applied as a systemic weakness, but that's something the Australian government refuses to acknowledge. They refuse to listen to feedback from researchers, developers civil liberties organizations and tech companies.