Distribute.IT has claimed that the 25-year-old man arrested in Cowra yesterday for allegedly hacking wholesale internet provider Platform Networks is believed to be the perpetrator behind the disastrous attack on Distribute.IT in June that led to the loss of data for over 4000 customers.
The police started an investigation after the University of Sydney website was hacked in January, the first in a series of hacks that it believes to have traced back to the same man — an unemployed truck driver called David Cecil who the Australian Federal Police (AFP) alleges taught himself the skills required.
After tapping into the University of Sydney systems, the man also allegedly used a mixture of brute force attacks and social engineering to compromise the systems of Platform Networks, which has been one of the providers to sign up to provide internet services over the National Broadband Network (NBN).
However, it appears that the hacker did not stop with those intrusions. On 11 June, wholesale registrar Distribute.IT lost mass amounts of customer data and websites after data, sites and emails were deleted from four of its servers. The company has now alleged that the 25-year-old man, under the alias of "Evil", was responsible for this attack.
"Australian Federal Police have arrested a 25-year-old man from regional NSW who operated under the name 'Evil' and successfully hacked into Distribute.IT's systems, which not only disrupted the business operations of thousands of SMEs but resulted in the loss of 4000 websites from four servers deemed 'unrecoverable' by previous Distribute.IT management," Distribute.IT said in a statement.
Following the attack, Distribute.IT was acquired by Netregistry, which is now working to recover the data and assisting the AFP with its investigation.
"The Netregistry Group assisted police in their investigation into the hacker's operation in an attempt to bring justice to the thousands of small businesses who have been crippled by this recent hacking attack," the company said. "However, we call on 'Evil' to apologise to all the businesses he ruined as a result of the targeted hacking attack."
The AFP yesterday charged the man with one count of unauthorised modification of data to cause impairment, and 48 counts of unauthorised access to, or modification of, restricted data. Today he was reportedly denied bail and is scheduled to appear in the Orange local court again on Friday.
The AFP alleged that the man acted out of ego, with an aim to deface websites, and it believes that no private customer data has been breached at this stage.
"We'll allege that he's motivated by ego ... proving his skills after complaining that he couldn't get work in the IT industry," Grant Edwards, AFP manager of high tech crime, told a press conference in Canberra this morning. "It is likely that further charges will follow, and there is a potential that others will be arrested in regard to the activities under the auspice of Operation Damara."
The AFP obtained a warrant to monitor the accused's internet activities, following a tip-off from Platform Networks. Although "Evil" may have potentially compromised the company's systems and the websites it hosted for customers, AFP cybercrime coordinator Brad Marden said that because Platform Networks had off-site backups in place, the service would only be down for a few minutes if the hacker brought down those systems.
"Fortunately, Platform Networks did have those security measures in place, with a good backup regime and a good log-in regime so they could detect this intrusion and put mitigating strategies in place to ensure that damage did not occur," he said.
Platform Networks is one of over a dozen internet service providers to sign up to offer services on the NBN in mainland roll-out sites. Although the AFP initially said the hacking activities "could have potentially caused considerable damage to Australia's national infrastructure", the police clarified in the press conference this morning that the network was not in danger as part of this attack.
NBN Co also confirmed this morning that its network was not compromised in the attack.
"NBN Co has evaluated its systems and controls and can confirm the National Broadband Network was not affected by this incident," the NBN Co said. "The company said to have been involved is not yet offering services over the NBN."