Floods, tropical storms, hackers… sometimes Queensland just can't take a trick!
Over the past few days, a self-proclaimed splinter group of Anonymous has defaced ten Queensland government-focussed websites as a means of protesting Federal Government proposals in relation to web access data retention - why Queensland sites and not Federal sites is entirely unknown.
Sources provided the following list of websites as having been defaced, although at the time of writing, a handful automatically redirected to different Queensland Government URLs and two (smartawards and createitmakeitliveit) currently fail to load. None showed evidence of defacement - they have clearly been restored to their previous pristine glory.
Of course, the Defense Signals Directorate (DSD) is investigating.
Our lizard-like cats have plundered this booty because whoever is responsible for securing the government servers of Queensland, Australia did a bad job. No 0day, obviously, it was a simple authetification [sic] bypass via LFI [Local File Inclusion], shame on you.
Further, the poster claims that the data retention regime currently under discussion via the Parliamentary Joint Committee on Intelligence and Security (Terms of Reference are here) is actually already underway, pointing readers to a 27Mb data file and a simple data format schema to understand the information. However, the sample record provided to illustrate the schema could not be reconciled by this writer with any Queensland Government employee, despite the apparent connection.
After three tweets to @JuliaGillard the seemingly related group OperationAustralia has warned, "Be Prepared #Australia! Something #BIG is heading your way! #anonymous #OpAustralia." However, in the Government's defence, they have appeared to back away from public support of the data retention proposal over the past few days, if Attorney General Nicola Roxon's words are to be believed.
It seems that the attacks started soon after Prime Minister Julia Gillard engaged in a question-and-answer session via webcam in an online Google+ Hangout session on Saturday.
Anonymous Australia is reported to have said that the attacks were brought forward to coincide with Gillard's online Q and A session after the Twitter requests for a dialog went unanswered.