Wednesday, 21 October 2009

Australia may have played role in seizure of ship

as posted here

Public Safety Minister Peter van Loan says it was information from "security partners" that enabled the navy, Border Service Agency officers and the RCMP to ambush the Ocean Lady off Port Renfrew on Saturday and detain the 76 men on board suspected of being would-be migrants and refugees.
The most likely explanation is that American surveillance operations spotted the rusty old Ocean Lady behaving oddly as it approached across the Pacific and alerted Canadian authorities.
But Sri Lankans from among 255 men, women and children on a boat detained by the Indonesian navy on Oct. 11 on its way to Australia say they were offered passage to Canada on the Ocean Lady. They say the Ocean Lady, like the boat in which they travelled, is operated by convicted human-trafficker Abraham Lauhenapessy, known as Captain Bram. That may bring into play the long-standing network of intelligence-sharing between Canada and Australia as part of a security alliance that includes Britain, the United States and New Zealand.
This alliance grew out of cooperative work during the Second World War. It has flowered into a global partnership which sees intelligence-gathering tasks assigned on the basis of geography and expertise, and the product freely distributed among the five security establishments.
Even the official Canadian government description of relations with Australia notes they are so mutually supportive that there are regular temporary secondments of security and intelligence officials to each other's agencies.
Indeed, when the Canadian Security Intelligence Service (CSIS) was being created in the early 1980s, one of the models that influenced its design was the Australian Security Intelligence Organization, which was established in 1949.
These organizations are essentially counter-espionage bodies designed to protect the homelands against threats, including terrorists and criminal operations such as human traffickers.
But unlike Canada, Australia, which lives in a far more unpredictable neighbourhood, also has an overseas spy agency, the Australian Secret Intelligence Service.
This group is especially active in South and Southeast Asia, from where most of the threats to Australia are likely to come.
Through overseas intelligence-gathering, Australia has got very good at gaining advanced knowledge of human-trafficking ships coming its way. This year, 32 have been intercepted and 1,700 would-be refugees detained.
It is quite possible that in the course of this trawling for information, Australian spies got wind of the Ocean Lady and passed on the information to CSIS.
Another possibility is the network that first established confidence in intelligence-sharing among the U.S., Canada, Australia, Britain and New Zealand and which until surprisingly recently was the most secret network of all.
This flows from what used to be called the UK-USA Security Agreement, which dates back to the sharing of code-breaking and intercepted Axis power radio messages in the Second World War.
This evolved during the Cold War, and with Canada, Australia and New Zealand joining the partnership, into a huge capacity for electronic surveillance of the Soviet Union and its allies that became known as signals intelligence, or SIGINT for short.
Ottawa's part of this network is the Communication Security Establishment Canada, which is part of the defence department and whose existence was not admitted until 1980, 34 years after its creation.
The Australian counterpart is the Defence Signals Directorate, New Zealand has the Government Communications Security Bureau, Britain has the Government Communications Headquarters and America the National Security Agency.
This alliance runs at least two dozen listening posts around the world with a formidable capacity to intercept all manner of radio, microwave, telephone, computer and other communications, as well as the ability to automatically extract and decode messages of interest.
Australia's assigned territory in the alliance is Southeast Asia and southwestern China. Any electronic communications by "Captain Bram" and his gang, or, for example, phone calls from the would-be migrants to friends or relatives in Canada are likely to have been gathered in this net.
jmanthorpe@vancouversun.com

as posted here

Revealed: How paranoia helped bring down the PM's web site

as posted here

By Ben Grubb
Oct 21, 2009 3:08 PM
Tags: Prime | Minister | attack | censorship | filtering
Key lessons from DDoS attack on Kevin07's site.
A Senate Estimates hearing has revealed that countermeasures put in place by secuirty professionals charged with protecting Prime Minister Kevin Rudd's web site contributed to the site's failure in early September.
The attack, which saw the site become unavailable for 30 minutes and sluggish for several hours afterwards on September 9, was publicised in advance by the 'Anonymous' hacker group, to protest against the Government's proposed web filter.
Mike Rothery, first assistant secretary of the National Security Resilience Policy Division within the Australian Government told a Senate Estimates committee on Monday that "a number of measures put in place to prepare for the attack actually contributed to the site being unavailable."

Rothery said the Defence Signals Directorate knew about the possibility of an attack more than a week in advance and informed security personnel within the Department of Prime Minister and Cabinet accordingly.
To prepare for the attack, IT security professionals working for the Department of Prime Minister and Cabinet "reduced the number of concurrent users that could connect to the website," Rothery said. They had also "sought support from their internet service provider to manage an anticipated increase in demand."
"That capacity was met very early, because the attack continued for about another 20 hours," he explained. "In fact, the attack was less than anticipated and some of the protective measures had been probably unnecessarily strict."
Over time, he said, the security professionals realised that the restrictions on concurrent users was causing the site to appear offline. "They turned that capacity up and were able to maintain the website despite the attack," he said.
Rothery said the attack peaked at "a few thousand concurrent inquiries" on the Prime Minister's web site.
Liberal Senator Guy Barnett said that "this did not seem like that many."
"Surely a website can be appropriately protected from a few thousand hackers," the Senator asked.
But Rothery defended the Government's response, explaining to Senator Barnett that all websites are provisioned with capacity based on "what you would expect the normal traffic to be".
"Otherwise you are paying for capacity that you are not using," he said. "A normal practice for any organisation, be it private sector or public sector is: if you assess that the normal peak demand is perhaps 200 concurrent users, you might buy the capacity for a few hundred more than that so that normal users would not notice any significant degradation should they all be on at the same time."
Centrelink, he said by way of further example, would anticipate far more hits than the Prime Minister's site, and would thus have "redundant capacity in excess of that" and a larger attack would be required to take its site down.
"The issue is that we do not allocate extremely large amounts of bandwidth, which government departments have to pay for on an ongoing lease basis, without there being a legitimate or identified business need for it," he said.
Two phases
Rothery explained how the Distributed Denial of Service attack came in two surges.

“The first was at 7pm on Wednesday [September 9] that week and there was another surge at 10 am [September 10] on the next day,” Rothery said.

He said that the second surge was “slightly more severe” but said adjustments - made prior to it - had prevented the site from being inaccessible.

“There was a better balancing of the arrangements the next morning and, whilst the site became slower, it did not become unavailable,” Rothery said.
Prime Minister briefed
It was also revealed that Prime Minister Kevin Rudd had personally been briefed through a report from the Attorney General’s Department as to why his website was inaccessible on the night of September 9.

“The Attorney-General’s Department coordinated a report on behalf of all of the agencies that were involved in managing the incident, with special emphasis on those arrangements around the protective measures and the mitigation measures," Rothery said. “The report went to the Prime Minister.”
The report came to the Minister the week following the incident, he said.
Prevention of future attacks
Rothery explained advice that had been given to government agencies in how they should deal with future attacks.
"The advice that we give to agencies ... is for them to have relationships with their internet service providers to be able to increase, for a short period, the amount of bandwidth allocated to a particular site until such time as either the attack can be disrupted or the attack wraps up for its own reasons," Rothery said.
The attacks are believed to have been initiated by a group of protesters calling themselves Anonymous who launched the attack to protest against the Government's proposed web filter, which the group describes as "draconian internet censorship".
Charges were yet to be made and "inquiries" by the Australian Federal Police were still being looked into, Rothery said.

as posted here

Hackers gave notice before striking PM's website

as posted here

Karen Dearne | October 21, 2009
HACKERS with an online protest group dubbed Anonymous took down the Prime Minister's website for around half-an-hour in early September, despite giving more than a week's notice of their intentions, Mike Rothery, head of the new National Security Resilience Policy Division, has confirmed.
Tasmanian Liberal senator Guy Barnett said it "beggared belief" that measures were not in place to protect the website when the Attorney-General's Department and security personnel within the Prime Minister's office had pre-warning of the denial of service attack.

It's understood Anonymous members were protesting against the government's mandatory internet filtering plans; they had sought publicity for their actions, including appearing on Sky News several weeks earlier.

Mr Rothery said the attack - peaking at "a few thousand concurrent inquiries to the website" - continued for more than 20 hours, and occurred in two surges.

"The first was at 7pm on Wednesday (September 9), and my understanding is that the website went down for roughly 30 minutes between 7 and 7.30pm," he told the Senate Legal and Constitutional estimates inquiry in Canberra this week.

"The second surge (at 10am on Thursday), which was probably a slightly more severe threat, did not (succeed) in making the site unavailable. Whilst the site became slower, the adjustments that had been made overnight were able to successfully manage (the situation)."

Mr Rothery said the newly created Cyber Security Operations Centre (CSOC), located within the Defence Signals Directorate, had provided advice to several federal agencies experiencing increased traffic associated with the hackers ahead of the attack, and support from internet service providers was sought.

"We understand a number of measures put in place actually contributed to the site being unavailable," he said. "At one point they reduced the number of concurrent users that could connect, and that capacity was met very early. Over time, they turned that capacity up and were able to maintain the website despite the attack.

"In fact, the attack was less than anticipated, and some of the measures had been probably unnecessarily strict."

The Attorney-General's Department - which is responsible for cyber-security matters - co-ordinated a report to ministers on behalf of all agencies involved in managing the incident, he said, and federal police were making inquiries.

Mr Rothery said the CSOC, which became active in July, had given the government a new 24x7 capability for handling electronic threats and would also contribute to Defence capabilities.

Meanwhile, the new government-run Computer Emergency Response Team (CERT) would be online in January, and would absorb the "current activities of the Attorney-General's GovCERT unit", he said.

"The national CERT will co-ordinate the communication of information about both cyber-threats and vulnerabilities between different parts of the government and different parts of the business community, and through the business community to the broader Australian community," he said.

"An example would be by passing information to ISPs so that they can then provide better information and services to subscribers."

Mr Rothery said GovCERT had generally performed a CERT function for industry sectors like banking, telecommunications, energy and utilities.

"We also do work with other sectors of the economy that may be targeted for computer-based espionage," he said. "In that work, we share information about the characteristics of the attack."

as posted here