AN UNEMPLOYED truck driver with the online moniker ”Evil” hacked into one of the national broadband network’s service providers and had control of its entire system for at least six weeks, police allege.
In the first solo hacking case of its kind in Australia, federal police yesterday arrested 25-year-old David Cecil at his home in the NSW central west town of Cowra.
Police quiz David Cecil in his home. Photo: Australian Federal Police
He hasa been charged with 50 offences over alleged incursions into Platform Networks, one of the first 12 service providers selected for the contentious $36 billion NBN trials.
Police allege Mr Cecil, whose IT skills are self-taught, was acting alone and spent up to 20 hours a day on his home computer.
”He had basically taken over their system,” the federal police Assistant Commissioner, Neil Gaughan, alleged.
Police in the suspect’s house yesterday. Photo: Australian Federal Police
”If he wished to, he could have actually taken down the whole [of Platform's] network.”
Mr Gaughan said it did not appear Mr Cecil had access to any commercial-in-confidence information, but it will be alleged he had been ”mapping the whole background of the IT system”.
While some known hacking groups overseas had ultimately used their access to extort money, Mr Cecil’s sole motivation appeared to be bragging rights, police allege. He had unsuccessfully applied for jobs in the information technology industry, Mr Gaughan said.
”He’s basically saying: ‘You don’t need formal qualifications,”’ Mr Gaughan said. ”He’s sitting at his desk 20 hours a day from what we can gather.”
Mr Cecil was also known to boast about his hacking successes on chat sites, police will allege.
Police began investigating hacking attacks in January this year when the University of Sydney’s website was breached and its home page vandalised. Some ”high-level” corporate web pages were also accessed.
The investigation covered the permanent loss of 4080 Australian websites following a break-in at the domain registrar and web host company Distribute.IT. Four servers were ”unrecoverable” following the incident.
Mr Cecil used computer programs to randomly generate passwords and ‘’social engineering” – making phone calls to gain security information – to access Platform Network’s system, the federal police allege.
Police said Platform’s security and back-up systems were strong enough to withstand an attack and that the broadband network was not under threat at any time.
Platform, which has about 200 wholesale customers, took preventative measures to defend their system. ”We do whatever we need to do to make sure that our customers are protected,” the managing director, David Hooton, said.
But Mr Gaughan warned learning how to hack was ”fairly easy” and all companies were now open to the threats it poses.
”I think recent events have shown that any company is susceptible to hacking,” he said. ”If we are having people getting into organisations such as the CIA, every organisation is potentially a target. These systems are only as good as the weakest link.”
Mr Cecil was last night charged with 49 counts of unauthorised access to restricted data and one count of unauthorised modification of data. He is due to face Orange Local Court today.
A spokesman for NBN Co Limited, the company rolling out the National Broadband Network, said: “NBN Co has evaluated its systems and controls and can confirm the National Broadband Network was not affected by this incident.
“The company said to have been involved has not yet connected any services to the NBN.
“NBN Co works closely with appropriate law enforcement and government agencies to ensure the security and protection of the National Broadband Network. We welcome the AFP’s ongoing efforts in fighting cybercrime.”
LikeTags: Evil the Hacker