Tag Archives: updates

Queensland Rugby moves to Wind-Up Brisbane Roar [updated]

Posted on by

In definitive proof that Rugby is the game for Lawyers, Queensland Rugby Union (QRU) have moved to have the A-League’s Brisbane Roar placed into Liquidation.

QRU has obtained the consent of a liquidator and the matter will be heard on the 19 August unless full payment is received by that date, from the Indonesian owners, the Bakrie Group. To reach the point of a winding-up Creditor’s Petition usually means that a Statutory Demand has gone unpaid. Once the 21 day period for the Statutory Demand lapses there is a presumption of insolvency which the Brisbane Roar must displace at the very least to avoid insolvency and liquidation.

The Roar apparently owes 12 months of rent over its use of Ballymore Stadium. This is on top of allegations of financial distress over unpaid dues to players and officials, and the financial plunge handed to them of late (latte?) by the dropping of major sponsor the Coffee Club.

Given the success of the Roar, now is probably a prime time for some ailing mining giant to step in, assume the debts and take the Bakrie Group up on their months long effort to offload the twice-champions.

[update] The winding up application has been dismissed after a settlement was apparently reached between the parties. The settlement is confidential but the inside word is that the Brisbane Roar’s financial woes are far from over with players and staff still awaiting payment.

Leak Reveals “Evilest Technology on Earth” Used by Australian Authorities

Posted on by

Earlier this month a deluge of emails was uploaded to Wikileaks via, as always, an anonymous source. This leak is particularly noteworthy as the “victim” is one of the internets most notorious surveillance providers and proliferators of hacking technology. Gigabytes of emails and source code revealed an insight into one of the world’s shadiest organisations, unapologetically called, the Hacking Team and their clientele includes top Australian agencies.

Who are the Hacking Team?

The Hacking Team produce and facilitate the use of malware to exploit gaps in security and sell their wares to law enforcement and security agencies all over the world. Their services are billed as offensive security services meaning proactive monitoring and data collection. The Hacking Team’s specialty is zero-day flaws; finding flaws which companies have missed, or spent zero-days fixing. This is a much cheaper and efficient way of accessing devices as it is exploiting flaws the producer is unaware of as opposed to known weaknesses. A popular product they provide is Remote Control Systems which they describe as “A Stealth, Spyware-Based System for Attacking, Infecting and Monitoring Computers and Smartphones. Full intelligence on target users even for encrypted communications (Skype, PGP, secure web mail, etc.)”. RCS allows the infiltrator to completely clone a device and engage in live monitoring through hosting a live version of the device on a server.

The Hacking Team are based in Italy and were founded in 2003 and have offices in Milan, Washington DC and Singapore. They are a surprisingly lean operation with only a handful of employees operating under the philosophy that interesting data doesn’t make it to the internet, and stays on the device requiring stealth, untraceable access. They purchase the codes for the flaws and market their services to law enforcement and security agencies through a range of systems including some more outlandish ones such as developing the ability to hack systems from a wi-fi emitting drone.

The leaker could have made a tonne of money from the codes but instead uploaded it, indicating that it was probably someone looking to expose the activities of the organisation and the reach of their technology all over the world. The current theory is that it is an ex-employee was responsible prompting Italian prosecutors to begin an investigation.

“you say terrorist, I say freedom fighter, nothing matters lol.”

Gleamed from the leak was information about the company’s clients, revealing that The Hacking Team peddle powerful surveillance technology to some of the words most repressive regimes to an extent that would usually be enough to have a company awarded a seat at the SPECTRE table in a Bond flick.

Human Rights Watch describes Bahrain’s record on human rights as “Dismal” including a violent crackdown on democracy protestors in 2011…but they’re good enough for the Hacking Team.

The US State Department considers Mongolia major violators of human rights including police abuse of detainees, wide-spread corruption and a lack of transparency, particularly in the legislative and judicial branches….but they’re good enough for the Hacking Team.

Ethiopia just wanted to do their bit in the war on terror for the good of all man-kind. The only problem is that Ethiopia considers journalists to be terrorists...but they’re good enough for the Hacking Team.

On selling to Libya, the Hacking Team debated the ethics briefly. The CEO wrote I’m skeptical, it’s a failed state, we can ask for authorization but I really don’t know if it is a blacklisted country.”

Perhaps most egregiously, the Hacking Team was forced to halt sales to Sudan after pressure from the UN over concerns that the sale appeared to violate a UN ban on selling weapons to the Government which extended to digital weapons.

The Hacking Team apparently wanted to make sure it hit all the number one tourist destinations including Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, Azerbaijan, Turkey.

“Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)”

Boy, talk about foreshadowing.

Just for good measure the Hacking Team also sold its wares to several US agencies including the FBI, NSA and Department of Defence. As well as other powerhouses like Israeli law enforcement annnnddddd Australian law enforcement and private companies.

There’s no adequate narrative I can provide in this format to highlight the extent of the Australian involvement so let’s just resort to our old friend known as dotpoints:

  • Australian company Miltect sought their services for its clients including the Indonesian National Police, Bureau National Intelligence, Bureau National Narcotics and Military.
  • The Australian Federal Police canned them for not responding quickly enough to their urgent servicing enquiries prompting the Hacking Team to improve its service capabilities for Australian and Asian customers.
  • On behalf of the ADF Special Forces, security intelligence company Providence, which specialises in UAVs and Robotics sought the services of the Hacking Team.
  • Criterion Solutions from Kingston in Canberra desired their services claiming to hold amongst its clients “a number of government agencies”.
  • IBAC, the Victorian Independent Broad-Based Anti-Corruption Commission, used services they provided to seek to access private devices including enquiring about hosting Virtual Private Systems, used to run their own copy of a mirror operating system remotely. Mirror operating systems can provide live access to how any device is being used, key-stroke by key-stroke.

We even barely missed a couple of their reps in Canberra trawling for business at a security intelligence event at the QT hotel in May 2015.

So What’s the Big Deal?

Well frankly, I’m not sure there is a big deal. On the face of it this is a legal company selling its capabilities to law enforcement agencies and private providers. Government agencies constantly align with private companies to provide capabilities they are not able to provide themselves for whatever reason.

For me though, the issues this revelation raises are four-fold.

What capabilities does the Hacking Team have that Australian Government agencies don’t have that they need? Organisations like the AFP and IBAC can already access information held on private systems and phones through warrants. Presumably then the issue is a technological one. This implies that there is a shortfall in our technological capabilities that requires us to hire an Italian company to assist them in hacking private devices. Telecommunication companies complying with warrants are not usually able to provide access to exchanges that occur on secure web-based networks such as Viber, Facebook Messenger, Skype or even my pun-eriffic favourite Snapchat. Warrants have the power to provide this information but that doesn’t necessarily address the tech or practical shortfall, given that these companies are all based overseas. With all the legal power in the world, even more so thanks to the panicked legislative response to the Sydney siege, our agencies still apparently don’t have the capabilities without outsourcing. Whether this means that our agencies need more powers or more funding…or less is a conclusion I’ll leave to the reader.

Is there an inherent security risk? Once again, not necessarily. The Hacking Team supply capabilities to tens of law enforcement agencies and from the material leaked appear to have no interest in breaching their commitment to their clients. But the emails display a concerning amount of interest in providing services to 5-eyes nations; a reference to the powerful intelligence sharing agreement between Australia, Canada, the US, Great Britain and New Zealand.

Thirdly, I take issue with these capabilities being provided to private companies and not just law enforcement agencies. It is apparent from the emails that the Hacking Team have no qualms about servicing private companies. The obvious question here is why do private companies need access to the same capabilities as our govt agencies, even if they are claiming to on-sell these services. Our systems of law-enforcement apparently need to access intrusive “offensive intelligence gathering capabilities” via two degrees of private companies to be able to provide the defences we expect and require of them.

Lastly and for me the most important. Let me start with a story. Last year the ANU was forced by student action and the resulting negative public sentiment to divest itself of holdings in companies that negatively affected the environment such as coal and fracking companies. You know where I’m going with this. In the wake of the Snowden, Assange, Schwartz, Greenwald, Manning etc. why are taxpayer dollars supporting a company that supplies capabilities to such nefarious regimes…see above.

If my computer and phone are hacked as a result of this please forgive any late responses…ladies.

None of the companies mentioned were approached for comment and all of the information in this article is compiled from publicly and widely available information.

Possible High Court showdown over Barbaro

Posted on by

A full bench Federal Court has set the stage for a showdown over whether regulatory or disciplinary bodies can submit on the appropriateness of a particular sentence.

In Barbaro v The Queen [2014] HCA 2 the Court reached the view that in criminal proceedings the prosecution should not nominate the specific sentencing result or the range within which it should fall.

Whilst binding on criminal proceedings, it was a point of contention whether this applied to quasi-criminal proceedings such as disciplinary or administrative matters. Director, Fair Work Building Industry Inspectorate v Construction, Forestry, Mining and Energy Union [2015] FCAFC 59, or as the much less clunky “the CFMEU case” found that many matters are often mistakenly classified as “civil”, because it is apparent they are not “criminal”.

The Court found that in reality, civil should be viewed as proceedings between private parties and any matters involving the state were bound by similar procedural rules. Citing Legal Services Commissioner v Nomikos [2014] VCAT 305 with approval:

‘Pecuniary penalties are sought by the State against its citizens, acting in and on behalf of the public interest (rather than as a litigant in its own interests). In investigating conduct that can result in a pecuniary penalty, State enforcement bodies are armed with intrusive investigative powers to identify and establish breach.  For the enforcement bodies in question, those powers are the same as, or may in some ways be more profound than, the powers they use in criminal investigations.

The various deals that are often struck between defendants and disciplinary bodies such as ASIC, ATO, AFMA, Legal Services Commissioner etc. are in fact a matter for the Court and it is inappropriate for a state body to comment on the appropriate penalty.

There are converse public policy considerations that point to the benefit of regulatory bodies being able to save time and money by facilitating cheap pleas of guilty, with a real benefit for the defendant, but the obvious flip side is that the Legislature have in fact already accounted for discounts for early pleas and other such items.

In a trifecta for Victoria, CFMEU relies on the Barbaro HC decision in contradiction of Matthew’s v R [2014] VSCA 291 in relation to non-criminal submissions.

It appears inevitable that the decision will go to the High Court and regulators and disciplinarians should be well aware of the possible implications.