Did Australian Police raid a script kiddie?

Did Australian Police raid a script kiddie?

Summary: The footage Four Corners displayed of a suspected Melbourne fraudster's house and technology during a police raid last week hardly fits the profile of a master fraudster.

TOPICS: Security

news editor
Renai LeMay

commentary If you believed the hype generated by Four Corners' expose on Australia's cybercrime underworld on Monday night, Australian police forces scored a major victory last week.

In a pre-dawn raid, the high-tech crime units of the Australian Federal Police and Victoria Police seized a number of computers and other evidence from the house of an alleged would-be internet fraudster who dubbed himself Prelude Si (after the Honda car).

Four Corners told us that the operation involved 12 police officers on the ground, with some being flown in from other states, and more working behind the scenes. It was the culmination of six weeks' worth of investigation, and "hundreds of man hours" had been expended in the chase.

The manager of the AFP's high-tech crime operation, Neil Gaughan, certainly looked pleased as he explained the individual concerned had boasted online that local fraudsters could rip off credit cards like crazy and never have to fear a police raid.

Gaughan described this as "like showing a red flag to a bull".

But was the sting itself all it was cracked up to be?

The atmosphere was certainly fraught with suspense ... but the footage Four Corners displayed of the individuals' house and technology hardly fitted the profile of a master fraudster. And the behaviour of the officers themselves was puzzling.

The audience was told the police found two laptops inside the raided premises, along with "13 other storage devices".

But delving a bit deeper, it's clear the individual concerned was not exactly operating with the latest equipment. A vintage 2004/2005 Dell laptop was one device seized, while another appeared to be an Apple MacBook Pro from around 2005. An iMac is also displayed, which appeared to be the suspect's main desktop machine.

At least two of the other storage devices were described as iPods and visible in the shot. It's hard to know exactly what the other 11 "storage devices" were used for, but one thing is clear; credit card data doesn't take up much storage space. Was it his MP3 and DivX collection?

It certainly wasn't the sort of kitted out den — with bits of Wintel hardware scattered everywhere, even Linux machines and servers permanently running — you'd expect to see a serious internet criminal using. We couldn't even spy much networking equipment apart from a wireless phone.

There were also beer bottles scattered around the room, cheap PC speakers, a burnt CD. The entire premise appeared to be more the sort of room that you would expect a university student to live in, rather than an internet criminal who had been able to successfully pull off credit card fraud.

Also puzzling was the way the police immediately started accessing the individual's MacBook, literally searching for saved passwords, presumably in plain text. "That's gold," said the officer being filmed. "Opened up saved passwords ... got a huge list there."

Another shot showed a screen full of BitTorrent addresses; puzzling when you consider much of the report had focused on illegal web forum activity and transactions between individual users.

In general, it didn't exactly sound like the individual concerned had gone to great lengths to conceal or protect his allegedly illegal activity.

With powerful encryption software freely available in 2009, even included as an easy option in the Mac OS X, Windows and Linux operating systems, any serious fraudster would be expected to take basic steps such as encrypting their data and securing their PCs from casual access to protect themselves from just such a police raid. This one didn't, as far as we know.

Then there's the fact that the individual involved is, to our knowledge, completely still free and at large in Melbourne. Four Corners noted that the suspect had not been arrested, and the AFP was still examining the evidence it had captured. So how serious could this sting have been?

But the thing that really started ZDNet.com.au staff talking was the hilarious online banner created by Prelude Si, complete with an actual picture of the car he took his handle from. The same page says he's "mainly worried about identity theft. Old ladies buying houses and shit".

Prelude Si's logo (Credit: Four Corners)

If you pull all of this circumstantial speculation together about Prelude Si, especially the flashy online advertisement, you have to wonder about the real nature of this target the AFP and Victoria Police raided.

Was it in fact, an unsophisticated, juvenile fraudster they pinned? In short, a script kiddie, rather than a burgeoning criminal mastermind?

Now there's no doubt that even if the individual concerned was a low-level member of the cybercrime community rather than an elite hacker, the AFP and Victoria Police are still doing great work shutting his little operation down; if he is proven to be guilty.

The AFP also appears to be collaborating well with local authorities in various jurisdictions around the nation to actively seek out those committing identity fraud online; witness the recent arrest in Adelaide of a 20-year-old who allegedly developed some very malicious software and quite the botnet.

We don't yet know — although ZDNet.com.au has sent questions to various police forces about the matter — whether this was the same individual operating the r00t-y0u.org forum that police previously infiltrated, an operation that appears to have been instrumental in the Prelude Si bust.

But despite their successes, it's also important for police to correctly portray the magnitude of these crimes when discussing them as publicly as they did on Monday night.

The Melbourne raid pales in comparison with some of the international cybercrime work currently going on; the most high-profile of which is the ongoing trials of the so-called TJX hack in the US. The ringleader of the hack, Albert Gonzalez, allegedly stole hundreds of millions of credit cards, and lived the high life until he was caught, reportedly spending $75,000 on a birthday party.

From the looks of it, our Melbourne man was no Alberto Gonzalez, and I have no doubt many in the computer security community would be wondering what all the fuss was about.

If the police force's intent was to educate the public about the threat of electronic crime, they certainly succeeded. But PR campaigns aside, shutting down online fraud forums and low-level hackers should be par for the course for e-crime units in 2009.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Keystone cops

    I would suggest that they consider putting some of these script kiddies on their payroll. Hillarious, that the the AFP think they are ahead of the game.
  • Crooks will be quaking

    The whole show was testament as to how far behind the game the cops are. Apart from the ridiculous bust shown (no arrests here, we're still thinking about ti"!) - (gawd they flew officers in)! - there were all sorts of other problems, like the whinge as to the penalty imposed by a magistrate - last I heard it was the prosecutions job and duty to ensure the court is apprised of and has the necessary evidence to be in a position to impose and appropriate penalty.
    As to the Feds "shock" at the range of goods and services available on the hackers forum - what?, didn't they know about this stuff? How long have they been doing this detective work?
  • Policing operation or media stunt?

    If this report is correct, and the police were accessing the machines on the spot, this would invalidate the data on these machines as evidence. The correct protocol would be to seal the machines in the plastic evidence bags they are famous for, and send them away for forensic analysis. I can't believe the police would be so negligent if the real purpose was to bring a criminal to court. This sounds like a stunt for the media.
  • Protocol

    We've had a couple of comments to this effect, and we'll be following it up.

    If the examining of the machines on the premise of the suspect really does invalidate the data collected as evidence, then it would raise serious questions about why the AFP and Victoria Police conducted the raid in the first place.

    Any lawyers out there that would like to comment on this one?


    Renai LeMay
    News Editor
  • Examining machines

    I would think that you would have to disable the screen saver/screen locking program before doing anything ?
  • Not sure... but

    The first thing they are meant to do is make a forensic backup of the disk. Thats before its even booted up to check anything.

    As far as I am aware it doesn't 'invalidate' it, it just makes it damn difficult to prove anything conclusively.

    Then again, Im not a lawyer and that guy was an idiot for not using encryption. I dont think there is a law here yet that compels you to give over encryption keys like there is in the US, and the UK.
  • interview without lawyer?

    I also note that they appeared to be conducting an interview with the guy without a lawyer present whilst the ABC are recording it and it didn't look like they were recording it beyond writing things down - why? Surely you would be doing that at the station if you have enough evidence to "go through the front door"?
  • ethical hackers

    Hacking is an acquired skill-set its a thing you develop, thinking some-one with a bunch of degrees has these skills is nonsense, America and some EU country's have come to realise this and ethical hackers are now highly sort after in these country,s . The main reason is security i doubt Australia will follow as we have a 1950,s bureaucratic mentality were the right paperwork trumps real-world skills every time ..