Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

NBN provider one of many cyber breaches

Platform Networks detected breach of its systems as early as December 2010

Police have flagged more arrests over one of Australia's biggest online hacking attacks, which they say could escalate to companies overseas.

But the company targeted by the attack warned it could have been much worse if the National Broadband Network (NBN) provider had failed to detect the man who had accessed the company's computer systems for months.

Platform Networks managing director, David Hooton, said it detected a breach of its systems back in December.

"We believe that as a result of our actions in this instance we have assisted the AFP [Australian Federal Police] in securing a fairly large number of other organisations that may or may not have been affected," Hooton said.

"We are not being individually singled out in this. We just happen to be one of the affected organisations in the entire thing."

David Cecil, an unemployed truck driver, who allegedly gave himself the online nickname Evil, has been charged with the nation's biggest hacking attack, police say.

In Orange Local Court on Wednesday, it was alleged the 25-year-old Cowra man had control of Platform Networks' entire system for six weeks.

Cecil was charged with one count of an unauthorised change of data and 49 counts of accessing restricted data over his alleged incursions into Platform Networks.

It is alleged he is a self-taught hacker who acted alone, spending up to 20 hours a day on his home computer.

Operation Damara kicked off in January when AFP officers began looking at hacking crimes of Sydney University's website and several Melbourne businesses.

AFP High Tech Crime Operations manager, Grant Edwards, said Damara was far from over.

"It is likely that further charges will follow and there is the potential that others will also be arrested," Edwards told reporters in Canberra on Wednesday.

"And the operation actually now relates to a number of unauthorised accesses and modifications to a number of companies both within Australia and overseas."

Hooton said Platform detected the original breach within 48 hours, duplicated the affected systems and then quarantined or "isoantibodies" them so the hacker did not know the AFP was monitoring their activity.

"From our perspective at the moment, we don't believe there's been any serious actual compromise of information," he said. Hooton declined to comment as to why someone would target Platform.

A spokesperson for NBN Co Limited, the company tasked with rolling out the national broadband network, said Platform Networks was not yet offering services over the NBN.

"The national broadband network was not affected by this incident," the spokesman said in a statement.

RMIT University lecturer of information security, Dr Asha Rao, said people with no technical experience needed only a computer and the devotion to wreak havoc.

"All the tools are available. It's just a Doodle search away," Dr Rao said.

"It's not hard, it just takes a lot of time. You need to basically not have a life."

Companies deploy layer upon layer of security with the hope of catching hackers before they get well inside the systems, she said.

But there is only one way to completely protect personal or company computing systems.

"You can never make your computer 100 per cent secure, that's not possible," Dr Rao said.

"It's like a car. If you wanted a fully secure car, it would have to be built like a tank and go at five kilometres an hour.

"We don't want that, we don't want a computer that is very slow.

"And they say a fully secure computer is one which is not connected to the internet and is switched off."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Australian Federal Police, etwork, Federal Police, MIT, Orange, RMIT

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Australian Federal Police (AFP), gaming, hacker, hacking, National Broadband Network (NBN), nbn co, Operation Damara, platform networks
Latest Blog Posts
Whitepapers
  • Why Two Thirds of Enterprise Architecture Projects Fail
    This is the conclusion of a study for the R otterdam U niversity carried out by J onathan B roer in the summer of 2008, ordered by BPM and E A software vendor IDS S cheer. B roer questioned 161 respondents from 89 organizations representing a range of industries about their vision and implementation of the enterprise architecture concept.
    Learn more »
  • Lost USB keys have 66% chance of malware
    Sophos studied 50 USB keys bought at RailCorp's 2011 Lost Property auction in Sydney. The study revealed that two-thirds were infected by malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues. Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.
    Learn more »
  • Best Practices for Secure Enterprise Content Mobility
    To secure mobile devices while enabling employees to share data securely, organisations need a comprehensive and flexible solution for secure enterprise content mobility. A secure enterprise content mobility solution complements Mobile Device Management (MDM) solutions and enables mobile workers to easily share data with other authorised users, while ensuring that data is always secure and IT operations are always compliant. Read this whitepaper to learn: How the popularity of Bring Your Own Device (BYOD) is creating new security challenges; Why MDM is useful, but not sufficient; How enterprise content mobility provides an essential layer of security and control for organisations with mobile users.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments