AusCERT Facebook photo hack may be a test case

Powered by SC Magazine
 

A brute force attack which guessed Facebook URLs may be a breach of Commonwealth and State computer crime laws.

An incident at the AusCERT conference where Facebook photos were taken from a user profile without authorisation and published may be a test case for Commonwealth and state computer crime laws, according to Queensland Police.

In a presentation at the BSidesAu conference held in tandem with AusCERT, an IT security expert siphoned personal photographs from a private Facebook account of the wife of another IT security professional.

Police responded to a complaint of an “alleged hacking incident that saw private material obtain” and arrested Fairfax journalist Ben Grubb at the AusCERT conference. 

Police also seized the journalist’s iPad.

Responding to questions by SC Magazine today, Detective Superintendent Brian Hay said that the incident could be considered a test case for computer crimes laws.

“We are investigating issues of that nature,” Hay said. “Some aspects of it can most certainly be a test case. It is fair to say that jurisdictions are coming to grips with cyber based investigations.”

The exploit presentation was designed to demonstrate a well-known vulnerability in Facebook in which URL addresses linking to photographs in a profile set to private were obtained in a brute force style attack.

While the attack did not crack usernames or passwords, it may have contravened Commonwealth and State computer crime laws which outlaw unauthorised access to electronic files, police said.

The Commonwealth Criminal Code Act states that “access to data held in a computer… by a person is unauthorised if the person is not entitled to cause that access, modification or impairment.”

Other laws also prevent use of a telecommunications carriage service to harass or menace.

The accessed photos may be considered a proceed of crime.

Speaking of the avenues of investigation, Hay said “other actions have been put in place”.

 “We may have people out there that think it is their right to do this. The reality is the online environment is an extension of the community.”

Copyright © SC Magazine, Australia


AusCERT Facebook photo hack may be a test case
 
 
 
Top Stories
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 954

Vote