Three men associated with Anonymous Australia facing jail time: Part 1
Three men affiliated with Anonymous Australia are facing jail time: one for incitement, and two for serious hacking charges that could send each man to prison for many years. DataBreaches.net started looking into all three cases and how the men’s paths crossed. In this post, we provide some background and details on one of the cases. Future posts will look at the other two cases in more depth.
You might be tempted to describe 21-year-old Mathew Hutchison as a “hacktivist,” which is how an Australian magistrate actually described him early in his case. But Hutchison didn’t hack anything at all, a point he hopes the magistrate remembers when he sentences Hutchison for inciting others to engage in attacks on government web sites. He also hopes the magistrate understands that his actions were an attempt to protect Australian businesses and not-for-profits.
And it may just have been Hutchison’s very bad luck that he had discussed his plans with two men whom Australian law enforcement were looking at for other crimes. It may also have been their very bad luck, too.
Crossing An Unclear Line For Moral Reasons
Hutchison ran afoul of Australian law in November, 2013. At the time, some Indonesian nationals were attacking numerous Australian sites in revenge for revelations that the government had been spying on Indonesia. The Indonesian Security Down Team (ISDT), as they called themselves, reportedly attacked over 170 not-for-profits and businesses.
Their attacks on those sites troubled Hutchison. “Indonesian hackers were protesting in the wrong way,” Hutchison tells DataBreaches.net. “If a government causes a problem – protest against them, not their people. Personally I don’t think going after small businesses and charities was the right thing to do…”
So Hutchison, known online as “rax,” “@dickfacerax” (on Twitter), and “raxstorm” in chat rooms, decided he would try to protect “the innocents” by redirecting the Indonesian attackers to the proper source of their outrage: the Australian government. In a chat room on AnonOps.com, he told his plan to “@Absantos” and “Lorax,” and asked them what Australian government sites would be appropriate targets for the angry Indonesians. Hutchison then wrote and uploaded a video message to YouTube on November 6, telling the Indonesians:
We all bound together in an effort to bring down our tyrant governments to shape our world as a better place.
We bid you, as a fellow brother to focus on your main target – governments and spy agencies and leave the innocent bystanders out of this.
The video also extended an invitation to the Indonesian hackers to join the #OpAustralia IRC channel on AnonOps.com.
The next night, a self-described leader of the Indonesian hackers, “xCrotZ,” showed up in the chat room. As this fragment from a chat log suggests, Hutchison reiterated that the Indonesian hackers should be focusing on .gov.au sites and “not some random puppy dog store.”
Any honeymoon was very short. Within days, attacks on “innocents” resumed, and Hutchison posted a second video, again urging the Indonesian hackers to confine their attacks to relevant Australian agencies. The video and the text beneath it identified specific government sites, and carried a warning:
Below will be a list of websites that have been associated with the government spying and they should be your main targets.
We have been patient with you, Anonymous Indonesia. There will be no more warnings if you choose to attack again.
Had Hutchison simply said, “Look, we understand you’re angry, and if you’re bound and determined to attack sites, then at least attack the ones responsible for your outrage,” it’s not clear whether he could have been charged with anything at all. But Hutchison provided – and encouraged them to attack – specific targets. And that seems to have crossed a legal line as far as prosecutors were concerned.
Hutchison’s video not only seems to have gone too far from a legal standpoint, but it also went too far as some of members of Anonymous were concerned, because he seemed to be threatening cyberwar with the Indonesian faction of Anonymous. In response to their concerns, Hutchison wrote and posted a third video to walk back the threat, assuring the Indonesians that Anonymous Australia was not looking for a cyberwar with them.
For what some might consider his well-intentioned but misguided efforts to protect charities and businesses by launching an operation in the name of Anonymous Australia, Hutchison is now reportedly facing five years in jail. But before he would even be raided, Absantos and Lorax – the two men with whom he had discussed his plan – would be raided and charged with hacking.
Run-up to a Raid
The Australian Federal Police’s official statement of facts in Hutchison’s case, obtained by DataBreaches.net, suggests that the AFP could have been aware of Hutchison’s activities as early as November 7, 2013:
19. On Thursday 7 November 2013, ‘xCrotZ’ posted the IRC conversation he had with the Accused and ‘Absantos’ on the ISDT Twitter page. The Twitter page included directions to attack the ASIO website and the webserver IP address of 18.104.22.168.
Then, in April 2014, and for reasons that are still unclear to DataBreaches.net, Absantos (@Op_Australia on Twitter) tweeted a link to a dox file about Hutchison and named him in the tweet. With so much information now readily available about “raxstorm’s” true identity – and the fact that he uploaded the videos from his home computer without any attempt to mask his IP – it was an easy task for the AFP to find Hutchison.
But the AFP weren’t ready to bust him just yet, it seems.
Absantos is Raided and Charged
The AFP raided Absantos’s premises, seized his devices, and arrested him on May 21, 2014. He was charged with both unauthorized modification of data to Netspeed ISP and unauthorized access to, and modification of, restricted data belonging to the ACT Long Service Leave Board. The charges seem to have nothing to do with the Indonesian situation or with Hutchison, and Absantos was not charged with “incitement” as Hutchison would be.
In February, 2015, Absantos returned to court to learn that the charges had been revised and expanded. According to FreeAnons.org, the charges against him now included:
- 6 x Unauthorised modification of data to cause impairment,contrary to Section 477.2 of the Criminal Code Act 1995 (Cth)
- 30 x Unauthorised access to, or modification of restricted data,contrary to Section 478.1 of the Criminal Code Act 1995 (Cth)
- 331 x Attempted unauthorised access to, or modification of restricted data, contrary to Section 478.1 of the Criminal Code Act 1995 (Cth) with 11.1
- 27 x Unauthorised access of data with intent to commit serious offence being unauthorised modification of data to cause impairment, contrary to Section 477.1 of the Criminal Code Act 1995 (Cth) with 477.2; and
- Attempted to gain access without permission to a further 37 servers belonging to 7 organisations across the world using the heartbleed vulnerability.
Absantos had a scheduled court date last week in Sydney, but the hearing was delayed until next month.
Lorax Gets Raided and Charged
Lorax, whose real name is Adam John Bennett, was also raided at the same time as Absantos. His devices were also seized, and he, too, was charged in May, 2014. One of the original charges related to attacking Indonesian government web servers, but that charge was later dropped. The prosecution keeps changing the charges against Bennett. Violet Blue and TechDirt covered the prosecution’s delays and ever-shifting charges in their reporting last month.
As a result of his arrest, Bennett lost his job as a popular radio host (LoraxLive). Like Absantos, Bennett has been severely limited in terms of what he can do on the Internet.
Bennett has a tremendous amount of support online and is highly respected in some circles for his hactivism and his involvement in his community as a life-saver. As with the Aaron Swartz case in the U.S., there are those in Australia who firmly believe that the prosecution is over-charging Bennett to punish him for political activism and for embarrassing the government.
For the last 11 months, as conditions of bail, neither Lorax nor Absantos have been allowed online for anything other than very limited purposes. DataBreaches.net’s attempts to obtain statements from them must be relayed through an intermediary, as they cannot directly receive or send e-mail.
And Then There Were Three
On June 25, 2014 – one month after raiding and charging both Absantos and Lorax – the AFP raided Hutchison’s residence and interviewed him. From the transcript of the recorded interview obtained by DataBreaches.net, it appears that the AFP came prepared with screen caps taken from Hutchison’s videos and one or more chat logs they had already obtained. They also came with LA orders requiring Hutchison to provide passwords to all of his accounts and/or devices.
From the outset of the interview, the agent made it clear that not only were they there to talk to Hutchison about his conduct, but they were very interested in what he knew about Lorax and Absantos. Other than acknowledging that he had consulted with them about what would be suitable targets to redirect the Indonesians to, Hutchison generally denied any involvement of the two in his actions. His denials were somewhat refuted by chat logs the AFP had showing one of the two men discussing an IP address and using UDP packets with one of the Indonesians. Hutchison was never told how and where the AFP had obtained that chat log.
Problematically for him and others, Hutchison’s own tower had some chat logs that he had unintentionally saved, he says. The majority of the chat logs had been overwritten during an OS re-install in early May, he tells DataBreaches.net, but the AFP likely now has chats from the remainder of May and June. Hutchison says he does not know what, if anything, AFP was able to recover from any earlier files, but notes that since that initial interview in June, 2014, the AFP did not come back to him with any queries about any chat logs.
Saving chat logs was only one of Hutchison’s OpSec failures. If AFP had been prepared to interview a proficient hacker, they would have quickly discovered that no sophisticated knowledge was necessary to interview him. Calling Hutchison a “skid” would have exaggerated his skills. Not only did he not know what Port 443 was used for (as this chat log illustrates), but his answers to interviewers suggest he was just an immature kid trying to impress others without really knowing very much about hacking at all. He admitted to the AFP interviewer that he did not how to do a defacement, was just “talking big” and acting smart” when he mentioned “firing a test botnet” or mentioning maybe he would “snoop around the AFP and ASIO,” and he said he wished he knew how to do DDoS attacks. When interviewers asked him if Lorax and/or Absantos ever provided him with any help or instruction, he said no, that he had been trying to learn on his own and had not asked for any instruction. Maybe he should have.
While someone could certainly lie about not having skills to escape possible charges, there’s a ring of truth to Hutchison’s statements. There were no firewalls on his computers, he didn’t use strong passwords or passphrases, he posted a link to his own web site (Silmerian.com) in a chat channel, and as noted earlier, he knowingly uploaded the videos to YouTube from his home computer without any attempt at all to mask his IP. His statements to the AFP about his lack of skills were also frustratingly consistent with the difficulty DataBreaches.net experienced in trying to get him to deploy encryption for communications with this site.
Between his own OpSec failures and being “doxed” in April, 2014 by irate members of Anonymous, Hutchison was a sitting duck for the AFP. But the AFP didn’t seem as interested in duck-hunting as they were in their bigger game: Lorax and Absantos. At one point, the AFP interviewer tried a standard ploy and asked Hutchison, “Would it surprise you if I told you that Lorax subsequently admitted to doing the meatspin himself, doing the hack and the redirection?” Hutchison answered, “Yeah, it probably wouldn’t surprise me, but like I said, I wouldn’t know if it was him or, you know, some Indonesian guy doing it.”
Hutchison tells DataBreaches.net that he has no knowledge of anything the two other men may have done, and “I won’t be helping them [the prosecution] in ANY way. I can’t give evidence against him and I’m not going to be tricked into doing so.”
Despite his refusal to testify about the other two men, even when it was suggested he might receive a more lenient sentence if he cooperated, Hutchison has been attacked by members of Australia, banned from all chat rooms other than the #FreeAnons channel, and gets into frequent nasty exchanges on Twitter.
With no evidence that Hutchison had actually done anything other than try to redirect the Indonesian hackers by urging them to attack government sites, all the prosecutors could charge Hutchison with was an “incitement” charge.
Hutchison was originally charged under Australian law with two counts relating to “urging unknown person to commit an offence of causing an unauthorised impairment of electronic communication to or from a computer.” One of those two charges against Hutchison was eventually dropped and the other amended. But prosecutors added a charge of possession of a prohibited weapon after AFP found a laser pointer in his home during execution of the the search warrant. Apparently, the type of laser pointer he ordered online to use as a light saber (toy) is illegal in Australia.
In April, Hutchison pleaded guilty to the amended charges. He tells DataBreaches.net that even though he admitted to AFP that at the time, he knew what he was doing was wrong, he still felt like it was the right thing to do and so he did it.
Not surprisingly, the prosecution has taken an emotional toll on him, Hutchison tells DataBreaches.net. “I got worse and worse and instead of being the bubbly guy everyone knew, I just became an empty shell of myself. It sucked. It still does because a lot of bridges were burned and I’m trying to get them back.”
Hutchison says he’s grateful to his employer for not firing him as a result of the charges, and he’s grateful to his family for their support. He says he’s sad that most of his friends drifted away or may be afraid to be associated with him, but he’s grateful for one friend who’s stood by him.
Although he has fears for his future – that he may always be known as “the Melbourne hacker” even though he never hacked anything – he says that, “all I can do is just move forward and hope for the best.” His goal is to return to school to continue studying IT, a program that he had started, but dropped out of due to personal commitments.
Hutchison returns to court on June 4, when he will find out how long he may have to wait before pursuing his goal of becoming the “guy who fixes things.”
While he waits, Lorax also waits – to learn what prosecutors will charge him with and what, if any, evidence against him the AFP might have recovered from Hutchison’s hard drives.
CORRECTION: A previous version of this story suggested that one of the men may have fled to Europe. That was a different Australian youth who had also been charged with hacking. DataBreaches.net apologizes for the error.