February 2010 Australian cyberattacks

The February 2010 Australian cyberattacks were a series of denial-of-service attacks conducted by the Anonymous online community against the Australian government in response to proposed web censorship regulations. Operation Titstorm was the name given to the cyber attacks by the perpetrators. They resulted in lapses of access to government websites on 10 and 11 February 2010. This was accompanied by emails, faxes, and phone calls harassing government offices. The actual size of the attack and number of perpetrators involved is unknown but it was estimated that the number of systems involved ranged from the hundreds to the thousands. The amount of traffic caused disruption on multiple government websites.

Australian Telecommunications Minister Stephen Conroy proposed the regulations that would mainly filter sites with pornographic content. Various groups advocating uncensored access to the Internet, along with companies like Google and Yahoo!, object to the proposed filter. A spokesperson for Conroy said that the actions were not a legitimate form of protest and called it irresponsible. The attacks also drew criticism from other filter protest groups. The initial stage was followed by small in-person protests on 20 February that were called "Project Freeweb".

Background
The attack began as a protest responding to a plan by Australian Telecommunications Minister Stephen Conroy that would require internet service providers to block Australian users from accessing illegal and what the government deemed as "unwanted" content. Websites to be blocked feature pornography showing rape, bestiality, child sex abuse, small-breasted women (who may appear under the legal age), and female ejaculation. Drawn depictions of such acts are included in the proposal. The proposed filter also includes gambling sites along with others showing drug use. A leaked version of the proposed blacklist (also referred to as the "refused classification" or "RC" list) also showed sites that did not include adult content. The name "Operation Titstorm" was in reference to the material that would be censored.

Google has questioned the proposal, saying the prohibitions would be too broad. It is strongly opposed by free speech groups. A poll conducted by McNair Ingenuity Research for the Hungry Beast television program found that 80% of their 1,000 respondents were in favour of the concept of the plan. The survey also found that 91% were concerned about the government's intent to keep the list of filtered websites a secret.

The Department of Defence's Cyber Security Operations Centre discovered the attack was coming on 5 February. A statement released by Anonymous to the press two days before the attack said, "No government should have the right to refuse its citizens access to information solely because they perceive it to be 'unwanted'." It went on to read, "The Australian Government will learn that one does not mess with our porn. No one messes with our access to perfectly legal (or illegal) content for any reason". Anonymous had previously garnered media attention with protests against Church of Scientology (Project Chanology) and the Iranian government. In September 2009, Prime Minister Kevin Rudd's website was hacked in a similar protest to proposed web censorship reforms.

Attacks
Flyers distributed to recruit participants said the attack was to begin at 8 pm AEST on 10 February. On that day, government websites were targeted by denial-of-service attacks. The Communications Department said the hackers had not infiltrated government security, but had instead swamped government computer servers. Sites were left unavailable for sporadic periods throughout the attack. At one point, the Australian Parliament's website was offline for about two days due to the high volume of requests. Rudd's government site was also inaccessible for some time. As a primary target, the Communications Department also received a large amount of traffic. Government offices were also flooded with e-mail spam, junk faxes, and prank phone calls. The Prime Minister's homepage was vandalized with pornographic images. The flyer released before the attack called for the faxes to focus on cartoon pornography, female ejaculation, and small-breasted pornography.

Reports of the actual size of the attack have varied. One cyber security expert described the attacks as "the equivalent of parking a truck across the driveway of a shopping centre". A firm marketing security technology said that the peak of the attack was a relatively low 16.84 megabits per second. One writer described the 7.5 million requests per second that initially brought down the Parliament website as "massive". The site usually only receives a few hundred per second. It appears that botnets made up of compromised computers were not used. Estimates of the number of attacking systems involved have ranged from hundreds to thousands.

Response
A spokeswoman for Conroy said such attacks were not a legitimate political protest. According to her, they were "totally irresponsible and potentially deny services to the Australian public". The Systems Administrators Guild of Australia said that it "condemned DDoS attacks as the wrong way to express disagreement with the proposed law". Anti-censorship groups criticised the attacks, saying they hurt their cause. A purported spokesperson for the attackers recommended that the wider Australian public protest the filter by signing the petition of Electronic Frontiers Australia.

Anonymous coordinated a second phase with small protests outside the Parliament House in Canberra and in major cities throughout Australia on 20 February. Additional demonstrations were held at some of the country's embassies overseas. The organizers called the follow-up protests "Project Freeweb" to differentiate them from the criticised cyber attacks.

Several supporters of the attack later said on a messageboard that taking down websites was not enough to convince the government to back down on the web filtering policy and called for violence. Others disagreed with such actions and proposed launching an additional attack on a popular government site. A spokesman for Electronic Frontiers Australia said he believed there was no real intention or capacity to follow through with any of the violent threats.

The attack also resulted in criticism of Australia's terrorism laws from The University of New South Wales Law Journal. One writer wrote that the provisions leave "no place for legitimate acts of online protest, or at least sets the penalty far too high for relatively minor cyber-vandalism".

An Australian teenager was charged with four counts of inciting other hackers to impair electronic communications and two of unauthorised access to restricted data for his role in the attack. He was ordered to pay a bond instead of being convicted after pleading guilty and showing good behaviour.

In July 2010, Conroy delayed implementing the plan pending a 12-month review into how refused classification content was rated. The proposal is not expected to go forward due to the opposition from The Coalition and the Greens. Internet service providers Telstra and Optus have both agreed to voluntarily block some content.