Media Release: AFP arrests Cowra man after landmark hacking investigation

Release Date: Wednesday, July 27 2011, 06:00 AM

The AFP has arrested a 25-year-old Cowra man on 49 hacking charges after a six month investigation into his online activities.

Police will allege in court that the man’s hacking activity could have potentially caused considerable damage to Australia’s national infrastructure.
In June 2011, AFP investigators found a compromise to Platform Networks, a wholesale internet provider in Sydney that is one of the contracted providers of the National Broadband Network (NBN) release.

Platform Networks cooperated fully with the AFP during the investigation, working with officers to monitor the alleged offender’s illegal activities inside their network. 

“While Platform Networks had strong cyber security measures in place, even the best security systems are only as strong as the weakest link – it only takes one user with a weak password to put an entire network at risk,” AFP National Manager for High Tech Crime Operations Neil Gaughan said.

“The facts of this investigation are interesting. The 25-year-old Cowra man arrested is an unemployed truck driver who is completely self-taught in terms of his IT skills. The AFP will allege this man was motivated by ego in his illegal hacking, proving his skills after complaining he could not get work in the IT sector. He is known to use the online nickname ‘Evil’. 

“In the experience of cyber crime investigators, internet hackers often do not have any IT qualifications at all.

“The AFP will allege in court that this person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies.”

The AFP has charged the man with the following offences: 

  • one count of unauthorised modification of data to cause impairment, contrary to Section 477.2 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of 10 years in jail.
  • 48 counts of unauthorised access to, or modification of restricted data, contrary to Section 478.1 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of two years in jail.

It is likely further charges will follow.

AFP officers believe hundreds of other Australian and international servers might have been compromised.

“In many of these cases, simple IT safety precautions could have prevented cyber attacks,” Assistant Commissioner Gaughan said.

“The Australian public should take this as a reminder that cyber safety is of crucial importance in the online environment.”

The AFP advises Australian individuals and businesses to:

  • Provide employee awareness and education programs
  • Monitor content going into and out of networks
  • Implement acceptable use policies for wireless technology, information technology and mobile devices
  • Complete background checks on staff
  • Conduct mandatory reporting of misuse and abuse of computer equipment
  • Complete a set of written standard operating procedures for technology
  • Manage account and password policies

The alleged offender is expected to front Orange Local Court on Wednesday, 27 July 2011.

Media enquiries
AFP National Media Team
Phone: (02) 6131 6333