Distribute.IT claims 'Evil' behind hack

Distribute.IT claims 'Evil' behind hack

Summary: Distribute.IT has claimed that the 25-year-old man arrested in Cowra yesterday for allegedly hacking wholesale internet provider Platform Networks is believed to be the perpetrator behind the disastrous attack on Distribute.IT in June that led to the loss of data for over 4000 customers.

SHARE:
TOPICS: Security
11

Distribute.IT has claimed that the 25-year-old man arrested in Cowra yesterday for allegedly hacking wholesale internet provider Platform Networks is believed to be the perpetrator behind the disastrous attack on Distribute.IT in June that led to the loss of data for over 4000 customers.

The police started an investigation after the University of Sydney website was hacked in January, the first in a series of hacks that it believes to have traced back to the same man — an unemployed truck driver called David Cecil who the Australian Federal Police (AFP) alleges taught himself the skills required.

After tapping into the University of Sydney systems, the man also allegedly used a mixture of brute force attacks and social engineering to compromise the systems of Platform Networks, which has been one of the providers to sign up to provide internet services over the National Broadband Network (NBN).

However, it appears that the hacker did not stop with those intrusions. On 11 June, wholesale registrar Distribute.IT lost mass amounts of customer data and websites after data, sites and emails were deleted from four of its servers. The company has now alleged that the 25-year-old man, under the alias of "Evil", was responsible for this attack.

"Australian Federal Police have arrested a 25-year-old man from regional NSW who operated under the name 'Evil' and successfully hacked into Distribute.IT's systems, which not only disrupted the business operations of thousands of SMEs but resulted in the loss of 4000 websites from four servers deemed 'unrecoverable' by previous Distribute.IT management," Distribute.IT said in a statement.

Following the attack, Distribute.IT was acquired by Netregistry, which is now working to recover the data and assisting the AFP with its investigation.

"The Netregistry Group assisted police in their investigation into the hacker's operation in an attempt to bring justice to the thousands of small businesses who have been crippled by this recent hacking attack," the company said. "However, we call on 'Evil' to apologise to all the businesses he ruined as a result of the targeted hacking attack."

The AFP yesterday charged the man with one count of unauthorised modification of data to cause impairment, and 48 counts of unauthorised access to, or modification of, restricted data. Today he was reportedly denied bail and is scheduled to appear in the Orange local court again on Friday.

The AFP alleged that the man acted out of ego, with an aim to deface websites, and it believes that no private customer data has been breached at this stage.

"We'll allege that he's motivated by ego ... proving his skills after complaining that he couldn't get work in the IT industry," Grant Edwards, AFP manager of high tech crime, told a press conference in Canberra this morning. "It is likely that further charges will follow, and there is a potential that others will be arrested in regard to the activities under the auspice of Operation Damara."

The AFP obtained a warrant to monitor the accused's internet activities, following a tip-off from Platform Networks. Although "Evil" may have potentially compromised the company's systems and the websites it hosted for customers, AFP cybercrime coordinator Brad Marden said that because Platform Networks had off-site backups in place, the service would only be down for a few minutes if the hacker brought down those systems.

"Fortunately, Platform Networks did have those security measures in place, with a good backup regime and a good log-in regime so they could detect this intrusion and put mitigating strategies in place to ensure that damage did not occur," he said.

Platform Networks is one of over a dozen internet service providers to sign up to offer services on the NBN in mainland roll-out sites. Although the AFP initially said the hacking activities "could have potentially caused considerable damage to Australia's national infrastructure", the police clarified in the press conference this morning that the network was not in danger as part of this attack.

NBN Co also confirmed this morning that its network was not compromised in the attack.

"NBN Co has evaluated its systems and controls and can confirm the National Broadband Network was not affected by this incident," the NBN Co said. "The company said to have been involved is not yet offering services over the NBN."

(Carousel image credit: crime scene image by Yumi Kimura, CC BY-SA 2.0)

Topic: Security

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • The AFP should be charging distribute.it with malice for being so stupid not to have backups at all yet alone offsite backups. Any monkey can break in and cause problems - it is the operator who should have the appropriate procedures to identify and deal with such incidents. Clearly Distribute.IT didn't have this. Morons.
    kphlier
  • I call bullshit. Sounds like bandwaggoning onto the first person they can blame personally. Also, echo above - when did prosecuting people become the norm rather than good security and disaster recovery management.
    Camm-a0c75
  • He was angry he couldnt get a job in IT!? Surely with his skills he could be hired as a security consultant?
    plebfark
  • Blame the victim much? People who break into an organisation - cyber or bricks - and destroy stuff that belongs to other people are criminals, pure and simple. And you clearly have no clue as to what went on, or the round the clock shifts that DIT went through to try to recover those files, or the damage those crims did targeting the backup systems first. That company took eleven years to build, and a couple of malicious fools destroyed it in two minutes. Personally I hope the perps rot in jail.
    NefariousWheel
    • Not likely. The Aus IT security industry is very hard to break into, you either need a defence force / high level govt sys admin background or to be an experienced / highly qualified academic to get anywhere.

      The chances of any decent security company hiring a 25yo script kiddie with 0 quals are less then none, he has nothing but his word to back him up that he is good (his chances will probably be better now!) and no reputation in the industry. People like this are a complete wild card, there is a 50/50 chance they are going to be good at their jobs or they are going to 'ethically' hack your customers, not report the faults and then make a return visit in their own time.
      dilberto
    • Comment system here sucks, that was meant for the comment above.

      I work in IT, we test our backups on a fortnightly basis. If we didn't we would get raped by our security auditors, why didn't they test theirs?
      dilberto
      • @Aussec, I believe, with no knowledge or insight whatsoever other than rumours, that the hacker had enough time and insight to systematically destroy the backups, then the live system. If backups are automated and there's no air gaps, then a person with intent and enough time can destroy everything. eg. identify the backup jobs, find where they're being sent, own those servers too. It's intriguing someone wanted to be that malicious though.
        jeromy-6e440
  • If your going to build an IT company nefarious, you should be basing yourself on best practices - which includes good security and disaster recovery management. Sure, the guy should be prosecuted - but good security and backups would of avoided the scale of the damage that was caused.
    Camm-a0c75
  • So first it was a disgruntled ex-employee, then it was LulzSec and now its some random bloke living in the bush with a stick up his butt. From what I can tell, he didn't actually do any permanent damage to the systems he has admitted to gaining access to.

    Just fess up and accept you ran a poor business on the technical side and probably deserved to go down for it. If anything AFP should be chasing these guys for running poor security and backups rather than the single individuals.

    Who would you blame: A bank that stored their money in plain site anyone could access, or the opportunist who grabbed some?
    IzzehO
    • the idiot who put his money in this bank
      viet-2c36a
  • I understand all this -- I've been in IT for 40 years, a sysadmin for over 10. I've even invented bits of the ITIL. Old hand here. I know about the need for backups and risk mitigation and how they're structured from small systems to large geographically virtual tape libraries and block-replicated distributed hosting farms. I'm an architect, and a realist. At the small scale, say just a few terabytes, it's easy to say it should have all had off-site backup, tested procedures, audited etc. and I'm not going to say you're wrong, you're all describing good practice. I also know it gets harder, though, the higher you go, and if you have enough storage online it gets bl**dy difficult to work an architecture to back it all up using conventional methods, and the higher end stuff is complex and expensive. So I'm willing to give DIT the benefit of doubt, whether they're best-practice compliant or not.

    But what I'd like to know is -- if someone threw a molotov cocktail through an open ventilator shaft, would you heap blame the victim for leaving their ventilator shaft vulnerable, or the guy who just wanted to do some damage? For fun?

    Do we always have to blame the victim? Are you willing to let Evil off the hook by calling him a mere "opportunist"? Jeez, he threw a bomb and it exploded and thousands of people got hurt.

    I wasn't involved with Distribute IT, but I have a friend who was badly hurt by the hack. I just don't like seeing vicious attacks on good people, and I don't like kicking someone when they're down. It's un-Australian.
    NefariousWheel