Level Nine Sports, where families ski and ride...
The Kernel

 advertise with indeep media

Telstra Warns Data Storage Plan Will Attract Hackers

Posted: February 6th, 2015 | Author: | Filed under: Hack!, ONLINE SECURITY, Technoid Computer News, Technoid Internet Security | Tags: , , , , , , , , , , , | Comments Off on Telstra Warns Data Storage Plan Will Attract Hackers

Telstra Warns Data Storage Plan Will Attract HackersAustralia’s biggest telco, Telstra, has sounded a warning about the Government’s mandatory metadata retention scheme.

Telstra said an unintended consequence of the plan would be the creation of many highly attractive targets for hackers.

The Federal Government has cited national security as one of the reasons for its plan to force telcos and internet companies to store customer metadata for two years.

A parliamentary committee investigating the bills also heard concerns from Australia’s intelligence agency watchdog that ASIO could keep metadata indefinitely.

Under the metadata retention scheme, Telstra, and all other national telcos and internet companies, would be forced to store customer metadata for two years.

Telstra said the data would be kept in a database, ready to be given to law enforcement on request ::::

Telstra is the largest telecommunications company in Australia, serving customers who use more than 32 million telephone, internet and email connections. As such, it regularly works closely with law enforcement, who have long requested access to the metadata the telco already keeps.

Last year, there were about 85,000 metadata requests from law enforcement agencies to Telstra, a figure that is growing each year.

Shadow Attorney-General Mark Dreyfus was interested in how Telstra received requests for accessing customer data.

“And what actually happens? I’m assuming for illustration, let’s say it starts with an email from the Australian Federal Police,” Mr Dreyfus said.

A spokesperson for Telstra said requests were largely received by fax rather than email.

“If only we were that electronic,” the spokesperson said. “We live in the dark ages unfortunately.”

But it is the technology of the 21st century that has Telstra worried.

Under the metadata retention scheme, Telstra, and all other national telcos and internet companies, would be forced to store customer metadata for two years.

Telstra said the data would be kept in a database, ready to be given to law enforcement on request.

Telstra’s chief information security officer said customer information would be very attractive to hackers.

“The issue here is now we’re advertising that for a customer of Telstra, there’s a whole range of data, depending on what services they have, that we made available, or [which] can be made available upon lawful request for two years,” Mike Burgess said. “If you were that way inclined as a hacker, you would go for that system because it would give you the pot of gold, as opposed to working your way through our multitude of systems today to try and extract some data.”

Telstra said it already kept a certain amount of customer data for business purposes, but the mandatory data retention scheme would require it to keep more data than it currently does.

The telco would have to create a new information system to store, process and send out data to law enforcement, and that would come with risks.

“We would have to put extra measures in place to make sure that data was safe from those who should not have access to it,” Mr Burgess said.

There were also concerns raised about how Australia’s spy agencies used the metadata that was already available to them.

The intelligence community’s watchdog, the Inspector-General of Intelligence and Security Vivienne Thom, said the spy agency ASIO was keeping metadata for longer than it should.

“My concern is not so much [the] material that is actively used in an investigation, but the material that is lawfully collected and found later to be not of security interest, or no longer of security interest,” Ms Thom said.

When asked by Mr Dreyfus, she acknowledged she did not know if this information had been destroyed.

Ms Thom said she believed ASIO could keep information deemed useful to the agencies indefinitely, but suggested Mr Dreyfus should check that with ASIO.

“Well, we’ll of course check that,” Mr Dreyfus said. “So that could mean you’ve got this ever-growing database that ASIO could be cross referencing on an ongoing basis. So in a sense, they are storing metadata at ASIO.”

The hearings continue with the committee due to hear from state and federal police, along with the Attorney-General’s department and ASIO.

Labor Politician, Ed Husic Warns Metadata Laws Could Result in a ‘Digital Fingerprint’

The Labor frontbencher has warned about the unpopularity of delving into people’s phone and internet records, as his party prepares to vote for the Government’s contentious metadata laws.

Parliament has begun debating the laws which would force telecommunications providers to store records of phone calls and internet use for two years.

The Labor caucus voted to support the laws yesterday after the Government agreed to an amendment extending “limited” protection to journalists. However, a number of Opposition MPs have expressed reservations about the overall regime.

Labor parliamentary secretary Ed Husic has told Parliament he is concerned that a “digital fingerprint” will be taken of every Australian.”Who you spoke to, when you spoke to them, how long you spoke to them for, how often you speak to them,” Mr Husic said.

“It will create a digital fingerprint of every single person in the nation.”

And Mr Husic has warned that it is a move against the “general groundswell of opinion” to instead endeavour to protect privacy.

“The next generation of voters, the next generation of Australians will value more and more their privacy and that’s why there’s such concern on this,” Mr Husic said.

It echoed concerns from West Australian Labor MP Melissa Parke who said she is worried the information will be misused.

“The sweeping scope of the data retention scheme, together with the permissive nature of the access regime, present very real risks to the rights and freedoms Australians are entitled to expect,” Ms Parke said.

Overnight, another frontbencher Alannah McTiernan said the whole debate had been rushed.

“We should have had a sophisticated discussion in the community about the legitimate needs for law enforcement and national security agencies and the countervailing requirements for privacy protection before this bill was ever initiated,” Ms Mctiernan said in a statement.

Labor has steadfastly supported a raft of national security legislation that has passed parliament in the last few months, including to better tackle the problem of so-called “foreign fighters”.

The Government wants this legislation passed by the end of next week, when parliament will rise for a six week break.

Abbott Defends ‘Limited Exemption’ For Journalists

Prime Minister Tony Abbott defended the new “limited exemption” for journalists by harking back to his days as a writer for The Bulletin in the 1980s.

“When I was a journalist there were no metadata protections for journalists and if any agency, including the RSPCA or the local council had wanted my metadata they could’ve just gone and got it on authorisation,” Mr Abbott said. “So I was perfectly comfortable as a journalist.”

The PM said the new measure – which will force agencies to get a warrant to access journalists’ metadata – was an “unprecedented additional level of protection”. The Australian Federal Police has responded to concerns from the journalists’ union, saying “requests for accessing a journalist’s metadata are rare”.

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Introduced to parliament on October 30 and redrafted on the advice of the Joint Committee on Intelligence and Security (which tabled its report on February 27). The legislation will:

  • Require telecommunications companies to retain customer’s phone and computer meta-data for 2 years
  • Define which types of data must be retained, such as phone numbers, length of phone calls, email addresses and the time a message was sent, but not the content of phone calls or emails and explicity exclude internet browsing
  • Detail which agencies are able to access the data
    Give securtiy agencies access to the data when they can make a case that it is “reasonably necessary” to an investigation
  • Still require security agencies to obtain a warrant before accessing the actual content of messages or conversations
  • Introduce an independent oversight mechanism, allowing the Commonwealth Ombudsman access to agency records, in a bid to boost privacy protections
  • Give the Parliamentary Joint Committee on Intelligence and Security oversight of the use of metadata by the AFP and ASIO
  • The Government is negotiating with telcos about who will pay for the new system

Criminals Will Be Able to Get Around Metadata Laws

Australia’s Attorney-General George Brandis said he was “allowing for the possibility” that “smart criminals” may be able to get around the Government’s new data retention laws.

The legislation, which will force phone and internet companies to hold onto their customers’ data for two years, passed the Senate yesterday. Senator Brandis said access to so-called “metadata” was essential for authorities.

“Metadata is the basic building block in nearly every counter-terrorism, counter-espionage and organised crime investigation,” Senator Brandis said after the bill had passed.

However, Mr Brandis says some criminals may be able to evade the laws.

“Smart criminals will devise ways to get around the law, I mean that’s been the case with the criminal law for as long as the criminal law has existed,” Mr Brandis said. “In investigations you have to pursue every source and this is a very important source of criminal data and just because smart criminals might be able to find ways around it, doesn’t mean that it ceases to be a useful or important source of investigative data. I’m not saying it’s easy to get around, I’m allowing for the possibility that it may be got around.”

The Opposition agreed to support the legislation after the Government offered to amend it, inserting better protection for journalists’ sources.

“No comparable nations will have greater pre-authorisation approval and post-authorisation oversight requirements for journalists,” Senator Brandis said.

He said the legislation struck the right balance.

“It does contain safeguards that were not there before, it is in the Government’s view, shared I’m pleased to say by the Opposition, a measured and proportionate response,” he told the Senate.

The legislation passed the Senate in a 43 to 16 vote, with Labor’s support. Greens have said they will fight to repeal the “surveillance tax”, warning it will have unintended consequences. Palmer United Party senator Dio Wang voted with the major parties, while Nick Xenophon, Glenn Lazarus, Jacqui Lambie, John Madigan and Ricky Muir voted against the legislation.

Greens communications spokesman Scott Ludlam warned the laws will have unintended consequences.

“The Labor Party caved into the Abbott Government and as a result, all 23 million of us here in Australia are now effectively under surveillance,” Senator Ludlam said. “We will be building the case, from today, for the repeal of this legislation. We will not let people forget come the 2016 election, the day the Labor Party sold out to Tony Abbott on one of the most important measures to have passed this Parliament in some time.”

But Labor senator Jacinta Collins rejected the assertion.

“The Labor Party has not caved in on this matter,” she said, adding that the Opposition was also mindful of investigators’ pleas for greater metadata access.” Ms Collins said. “We are the alternative Government and we do have to be responsible about issues related to national security.”

Questions over cost and usage

Senator Ludlam also warned the cost of implementing the scheme, which he dubbed “the surveillance tax”, would be passed on.

“Ultimately it will be paid by all of us, either through taxes or in your phone bill and your data bill,” Senator Ludlam said. “I can’t recall a bill of this magnitude passing the Parliament without the Government explaining what it was going to cost.”

South Australian independent senator Nick Xenophon said the legislation would mean Australians would pay higher telephone and internet charges.

“Of course there’ll be a cost involved,” said Senator Xenophon, who had tried unsuccessfully to have the bill amended. “This will be a great big internet tax without necessarily making Australians safer.”

Senator Brandis said cost arrangements had not been finalised.

“There was a report done by PriceWaterhouseCoopers that assessed what the set-up cost of this system was likely to be,” Senator Brandis said. “It assessed… the likely range was between $188 million and $319 million, so the midpoint of that is around about $250 million to which the Government has said that we will make a substantial contribution,” he said.

Although the Government had agreed to cut the number of organisations with access to the information from over 80 down to 21, Liberal Democratic senator David Leyonhjelm said he feared peoples’ metadata would become a “honeypot” for authorities.

“I do not look forward to saying ‘I told you so’ when this law is used to pursue illegal dumping, unpaid rates, petrol stations comparing fuel prices,” Mr Leyonhjelm said. “Mark my words however, that is what will happen.”

The Government has set up an industry working group designed to help it implement the new law. Questions remain over where the data will be stored, with some expressing concern about its vulnerability to hackers if kept overseas.

It is understood that the Government aims to have the regime fully operational within two years.


RELATED! Australian Telco Fined For Privacy Breach

Telstra, Australia's Largest Telco Fined For Privacy BreachAustralia’s largest telecomunications company ‘Telstra’ has been fined $10,200 and warned about privacy after a data breach saw the information of more than 15,000 customers made available online.

Last year a Fairfax journalist discovered that the telco had published the names, phone numbers and addresses of customers. The journalist alerted the telco to the breach, and also informed the – OAIC – Office of the Australian Information Commissioner.

The OAIC launched a year-long investigation with the Australian Communications and Media Authority – ACMA – and the agencies have now handed down their reports.

They have found Telstra made the information of 15,775 customers available for 15 months during 2012 and 2013. The information included more than 1,257 customers with silent line numbers, and related to customer data from 2009 and earlier. There were at least 166 unique downloads of the records :: Read the full article »»»»

RELATED! Scammers Use Malaysia Airlines MH370 As Bait

Scammers Use Malysia Airlines MH370 As Bait

Scammers are a lowly bunch, they’ll use almost anything as bait to lure in the unsuspecting, the latest scam doing the rounds is targeting people searching for news about the missing Malaysia Airlines plane, steering them to a fake Facebook page which is designed to generate money for scammers.

According to a blog-post by Websense’s Carl Leonard, the faux Facebook page looks completely legitimate at first glance. “The lure websites have been configured to appear like a legitimate Facebook page, complete with sharing button, suitable graphics, and relevant links.” :: Read the full article »»»»

RELATED! Optus Australia Offers-up Throttle Free Unlimited Broadband

Optus Unlimited BroadbandOptus customers can get unlimited broadband data for $115 under new bundle plans announced last week according to the company. Optus runs a really solid service – I’m perhaps biased, I have Optus cable and swear it’s the best – this unlimited offer is their top tier.

The unlimited plans are available across Optus’ copper, HFC and NBN fixed networks, Optus is Australia’s second largest telco. There are no hidden fees or conditions, the ” …only condition is our acceptable use policy, which applies to all plans,” an Optus spokesperson said.

The company announced a number of new plans, with a variety of inclusions. The new plans range from a base plan at $55 month to $115 for the top tier unlimited plan. A clever bonus the company is also offering – for customers not on unlimited plans – is “Double Data’ 2 months each year customers can double their monthly data allowance, for a $10 fee :: Read the full article »»»»


source: telstra
source: abcnews
image source: indeepmedia

Comments are closed.