Queensland Rugby moves to Wind-Up Brisbane Roar [updated]

Posted on by

In definitive proof that Rugby is the game for Lawyers, Queensland Rugby Union (QRU) have moved to have the A-League’s Brisbane Roar placed into Liquidation.

QRU has obtained the consent of a liquidator and the matter will be heard on the 19 August unless full payment is received by that date, from the Indonesian owners, the Bakrie Group. To reach the point of a winding-up Creditor’s Petition usually means that a Statutory Demand has gone unpaid. Once the 21 day period for the Statutory Demand lapses there is a presumption of insolvency which the Brisbane Roar must displace at the very least to avoid insolvency and liquidation.

The Roar apparently owes 12 months of rent over its use of Ballymore Stadium. This is on top of allegations of financial distress over unpaid dues to players and officials, and the financial plunge handed to them of late (latte?) by the dropping of major sponsor the Coffee Club.

Given the success of the Roar, now is probably a prime time for some ailing mining giant to step in, assume the debts and take the Bakrie Group up on their months long effort to offload the twice-champions.

[update] The winding up application has been dismissed after a settlement was apparently reached between the parties. The settlement is confidential but the inside word is that the Brisbane Roar’s financial woes are far from over with players and staff still awaiting payment.

Leak Reveals “Evilest Technology on Earth” Used by Australian Authorities

Posted on by

Earlier this month a deluge of emails was uploaded to Wikileaks via, as always, an anonymous source. This leak is particularly noteworthy as the “victim” is one of the internets most notorious surveillance providers and proliferators of hacking technology. Gigabytes of emails and source code revealed an insight into one of the world’s shadiest organisations, unapologetically called, the Hacking Team and their clientele includes top Australian agencies.

Who are the Hacking Team?

The Hacking Team produce and facilitate the use of malware to exploit gaps in security and sell their wares to law enforcement and security agencies all over the world. Their services are billed as offensive security services meaning proactive monitoring and data collection. The Hacking Team’s specialty is zero-day flaws; finding flaws which companies have missed, or spent zero-days fixing. This is a much cheaper and efficient way of accessing devices as it is exploiting flaws the producer is unaware of as opposed to known weaknesses. A popular product they provide is Remote Control Systems which they describe as “A Stealth, Spyware-Based System for Attacking, Infecting and Monitoring Computers and Smartphones. Full intelligence on target users even for encrypted communications (Skype, PGP, secure web mail, etc.)”. RCS allows the infiltrator to completely clone a device and engage in live monitoring through hosting a live version of the device on a server.

The Hacking Team are based in Italy and were founded in 2003 and have offices in Milan, Washington DC and Singapore. They are a surprisingly lean operation with only a handful of employees operating under the philosophy that interesting data doesn’t make it to the internet, and stays on the device requiring stealth, untraceable access. They purchase the codes for the flaws and market their services to law enforcement and security agencies through a range of systems including some more outlandish ones such as developing the ability to hack systems from a wi-fi emitting drone.

The leaker could have made a tonne of money from the codes but instead uploaded it, indicating that it was probably someone looking to expose the activities of the organisation and the reach of their technology all over the world. The current theory is that it is an ex-employee was responsible prompting Italian prosecutors to begin an investigation.

“you say terrorist, I say freedom fighter, nothing matters lol.”

Gleamed from the leak was information about the company’s clients, revealing that The Hacking Team peddle powerful surveillance technology to some of the words most repressive regimes to an extent that would usually be enough to have a company awarded a seat at the SPECTRE table in a Bond flick.

Human Rights Watch describes Bahrain’s record on human rights as “Dismal” including a violent crackdown on democracy protestors in 2011…but they’re good enough for the Hacking Team.

The US State Department considers Mongolia major violators of human rights including police abuse of detainees, wide-spread corruption and a lack of transparency, particularly in the legislative and judicial branches….but they’re good enough for the Hacking Team.

Ethiopia just wanted to do their bit in the war on terror for the good of all man-kind. The only problem is that Ethiopia considers journalists to be terrorists...but they’re good enough for the Hacking Team.

On selling to Libya, the Hacking Team debated the ethics briefly. The CEO wrote I’m skeptical, it’s a failed state, we can ask for authorization but I really don’t know if it is a blacklisted country.”

Perhaps most egregiously, the Hacking Team was forced to halt sales to Sudan after pressure from the UN over concerns that the sale appeared to violate a UN ban on selling weapons to the Government which extended to digital weapons.

The Hacking Team apparently wanted to make sure it hit all the number one tourist destinations including Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, Azerbaijan, Turkey.

“Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)”

Boy, talk about foreshadowing.

Just for good measure the Hacking Team also sold its wares to several US agencies including the FBI, NSA and Department of Defence. As well as other powerhouses like Israeli law enforcement annnnddddd Australian law enforcement and private companies.

There’s no adequate narrative I can provide in this format to highlight the extent of the Australian involvement so let’s just resort to our old friend known as dotpoints:

  • Australian company Miltect sought their services for its clients including the Indonesian National Police, Bureau National Intelligence, Bureau National Narcotics and Military.
  • The Australian Federal Police canned them for not responding quickly enough to their urgent servicing enquiries prompting the Hacking Team to improve its service capabilities for Australian and Asian customers.
  • On behalf of the ADF Special Forces, security intelligence company Providence, which specialises in UAVs and Robotics sought the services of the Hacking Team.
  • Criterion Solutions from Kingston in Canberra desired their services claiming to hold amongst its clients “a number of government agencies”.
  • IBAC, the Victorian Independent Broad-Based Anti-Corruption Commission, used services they provided to seek to access private devices including enquiring about hosting Virtual Private Systems, used to run their own copy of a mirror operating system remotely. Mirror operating systems can provide live access to how any device is being used, key-stroke by key-stroke.

We even barely missed a couple of their reps in Canberra trawling for business at a security intelligence event at the QT hotel in May 2015.

So What’s the Big Deal?

Well frankly, I’m not sure there is a big deal. On the face of it this is a legal company selling its capabilities to law enforcement agencies and private providers. Government agencies constantly align with private companies to provide capabilities they are not able to provide themselves for whatever reason.

For me though, the issues this revelation raises are four-fold.

What capabilities does the Hacking Team have that Australian Government agencies don’t have that they need? Organisations like the AFP and IBAC can already access information held on private systems and phones through warrants. Presumably then the issue is a technological one. This implies that there is a shortfall in our technological capabilities that requires us to hire an Italian company to assist them in hacking private devices. Telecommunication companies complying with warrants are not usually able to provide access to exchanges that occur on secure web-based networks such as Viber, Facebook Messenger, Skype or even my pun-eriffic favourite Snapchat. Warrants have the power to provide this information but that doesn’t necessarily address the tech or practical shortfall, given that these companies are all based overseas. With all the legal power in the world, even more so thanks to the panicked legislative response to the Sydney siege, our agencies still apparently don’t have the capabilities without outsourcing. Whether this means that our agencies need more powers or more funding…or less is a conclusion I’ll leave to the reader.

Is there an inherent security risk? Once again, not necessarily. The Hacking Team supply capabilities to tens of law enforcement agencies and from the material leaked appear to have no interest in breaching their commitment to their clients. But the emails display a concerning amount of interest in providing services to 5-eyes nations; a reference to the powerful intelligence sharing agreement between Australia, Canada, the US, Great Britain and New Zealand.

Thirdly, I take issue with these capabilities being provided to private companies and not just law enforcement agencies. It is apparent from the emails that the Hacking Team have no qualms about servicing private companies. The obvious question here is why do private companies need access to the same capabilities as our govt agencies, even if they are claiming to on-sell these services. Our systems of law-enforcement apparently need to access intrusive “offensive intelligence gathering capabilities” via two degrees of private companies to be able to provide the defences we expect and require of them.

Lastly and for me the most important. Let me start with a story. Last year the ANU was forced by student action and the resulting negative public sentiment to divest itself of holdings in companies that negatively affected the environment such as coal and fracking companies. You know where I’m going with this. In the wake of the Snowden, Assange, Schwartz, Greenwald, Manning etc. why are taxpayer dollars supporting a company that supplies capabilities to such nefarious regimes…see above.

If my computer and phone are hacked as a result of this please forgive any late responses…ladies.

None of the companies mentioned were approached for comment and all of the information in this article is compiled from publicly and widely available information.

A Brief History of…Caveats

Posted on by

You’ll have to bear with me on this one and certainly forgive me because there is one long bow I draw within this exercise but now that I’ve given you my caveat lector it’s time to explore the origin of caveats.

The caveat in its most common legal usage exists as Caveat Emptor which literally translates into “buyer beware”. Caveats are most commonly used today as temporary warnings on real property and although they do not necessarily prevent the sale of any real property, good luck obtaining finance if there is a caveat in place, or finding a half-decent lawyer or realtor that feels comfortable telling you to go ahead with the purchase without holding comprehensive professional liability insurance.

Less common usages are Caveat Lector (Reader Beware”…you’ve been warned), Caveat Venditor (“Seller Beware”) and Cavere ab aliquo, which is definitely out of use but old judgments will still turn out this gem as a verb for “making yourself secure” or to secure bail or a surety.

Cavea first appeared as Latin for “hollow” or “cave”. The obvious evolutions of this are “cavern”, “cavity”, “excavate” and even “grave” as a type of hollow opening. Later the Latins and Romans used it specifically for “eye sockets” and your “palate” and as a root for “theatre seats” (No Idea! Maybe a small opening for an individual in a crowd?!), as well as “birdcage” and “beehive”.

As a side note Cumulus, from the same root, in early Latin was a swelling, heap or opening that built on itself, such as a series of caves, which gives us today the French, became old English origin of “cumulative”. As in “Does your Honour intend to impose the sentences concurrently or cumulatively?”.

Old Norman gaiole, from French jaole, from Latin gabiola, from Late Latin caveola from Early Latin cavea…gives us….“gaol” or “jail” both originating from this word originally meaning an opening. At some stage, or maybe always, an opening included an opening you could be trapped or contained in (hence “birdcage” and “beehive” being literal translations for the Romans).

Further modern “cage” is a short leap from cavea becoming cagea in Old French.

Now this is where I make my jump. At some stage we know that a Caveat evolved to mean a warning, cavea existed as the accusative verb of caveas, which could be to accuse one of being hollow or attempting to trap.

Therefore a Caveat Emptor might also be read as “the buyer should beware of being trapped”.

This may not necessarily help you in practice, but when you come across a Caveat or are imposing one remember that it exists as a temporary warning to a party not to be trapped into something that already exists, like an outstanding liability, personal guarantee, a bankrupt estate or for the sake of neat endings: an actual cave.